From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 20 Apr 2017 18:59:13 +0200 (CEST) Subject: [refpolicy] [PATCH v2 1/2] xserver: manage the console device (named pipe) (was: [PATCH 1/2] xserver: console device is chr_file and not fifo_file) In-Reply-To: <1286385009.201283.1492706606464@pim.register.it> References: <744918107.204924.1492702640247@pim.register.it> <201704210240.43722.russell@coker.com.au> <1286385009.201283.1492706606464@pim.register.it> Message-ID: <133543476.201931.1492707553614@pim.register.it> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Introduce a new xserver interface to manage the xconsole named pipe. Thanks to Russell Coker for pointing out a wrong file type in the previous version of this patch. Signed-off-by: Guido Trentalancia --- policy/modules/services/xserver.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) --- a/policy/modules/services/xserver.if 2017-03-29 17:57:54.554386420 +0200 +++ b/policy/modules/services/xserver.if 2017-04-20 18:51:53.959794517 +0200 @@ -698,6 +698,25 @@ interface(`xserver_rw_console',` allow $1 xconsole_device_t:fifo_file rw_fifo_file_perms; ') +####################################### +## +## Manage the X windows console +## device. +## +## +## +## Domain allowed access. +## +## +# +interface(`xserver_manage_console',` + gen_require(` + type xconsole_device_t; + ') + + allow $1 xconsole_device_t:fifo_file manage_fifo_file_perms; +') + ######################################## ## ## Create the X windows console named pipes.