From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 20 Apr 2017 19:31:48 -0400
Subject: [refpolicy] [PATCH] xdm_sigchld()
In-Reply-To: <20170420023235.cojblhiwufsuoffi@athena.coker.com.au>
References: <20170420023235.cojblhiwufsuoffi@athena.coker.com.au>
Message-ID: <72c141a1-4f7c-6593-f776-5d91d61051ec@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/19/2017 10:32 PM, Russell Coker via refpolicy wrote:
> This patch is needed by my other patches.  Please include it now so the other
> patches can apply and not conflict with each other.
>
>
> Index: refpolicy-2.20170417/policy/modules/services/xserver.if
> ===================================================================
> --- refpolicy-2.20170417.orig/policy/modules/services/xserver.if
> +++ refpolicy-2.20170417/policy/modules/services/xserver.if
> @@ -1561,3 +1561,21 @@ interface(`xserver_unconfined',`
>  	typeattribute $1 x_domain;
>  	typeattribute $1 xserver_unconfined_type;
>  ')
> +
> +########################################
> +## <summary>
> +##	Allow domain to send sigchld to xdm_t
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xdm_sigchld',`
> +	gen_require(`
> +		type xdm_t;
> +	')
> +
> +	allow $1 xdm_t:process sigchld;
> +')

I merged this, but moved it and renamed it to xserver_sigchld_xdm.


-- 
Chris PeBenito