From: russell@coker.com.au (Russell Coker)
Date: Thu, 20 Apr 2017 12:32:35 +1000
Subject: [refpolicy] [PATCH] xdm_sigchld()
Message-ID: <20170420023235.cojblhiwufsuoffi@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
This patch is needed by my other patches. Please include it now so the other
patches can apply and not conflict with each other.
Index: refpolicy-2.20170417/policy/modules/services/xserver.if
===================================================================
--- refpolicy-2.20170417.orig/policy/modules/services/xserver.if
+++ refpolicy-2.20170417/policy/modules/services/xserver.if
@@ -1561,3 +1561,21 @@ interface(`xserver_unconfined',`
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
+
+########################################
+##
+## Allow domain to send sigchld to xdm_t
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`xdm_sigchld',`
+ gen_require(`
+ type xdm_t;
+ ')
+
+ allow $1 xdm_t:process sigchld;
+')