From: russell@coker.com.au (Russell Coker)
Date: Thu, 20 Apr 2017 12:32:35 +1000
Subject: [refpolicy] [PATCH] xdm_sigchld()
Message-ID: <20170420023235.cojblhiwufsuoffi@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch is needed by my other patches.  Please include it now so the other
patches can apply and not conflict with each other.


Index: refpolicy-2.20170417/policy/modules/services/xserver.if
===================================================================
--- refpolicy-2.20170417.orig/policy/modules/services/xserver.if
+++ refpolicy-2.20170417/policy/modules/services/xserver.if
@@ -1561,3 +1561,21 @@ interface(`xserver_unconfined',`
 	typeattribute $1 x_domain;
 	typeattribute $1 xserver_unconfined_type;
 ')
+
+########################################
+## <summary>
+##	Allow domain to send sigchld to xdm_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xdm_sigchld',`
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:process sigchld;
+')