From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 20 Apr 2017 19:31:48 -0400
Subject: [refpolicy] [PATCH] xdm_sigchld()
In-Reply-To: <20170420023235.cojblhiwufsuoffi@athena.coker.com.au>
References: <20170420023235.cojblhiwufsuoffi@athena.coker.com.au>
Message-ID: <72c141a1-4f7c-6593-f776-5d91d61051ec@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On 04/19/2017 10:32 PM, Russell Coker via refpolicy wrote:
> This patch is needed by my other patches. Please include it now so the other
> patches can apply and not conflict with each other.
>
>
> Index: refpolicy-2.20170417/policy/modules/services/xserver.if
> ===================================================================
> --- refpolicy-2.20170417.orig/policy/modules/services/xserver.if
> +++ refpolicy-2.20170417/policy/modules/services/xserver.if
> @@ -1561,3 +1561,21 @@ interface(`xserver_unconfined',`
> typeattribute $1 x_domain;
> typeattribute $1 xserver_unconfined_type;
> ')
> +
> +########################################
> +##
> +## Allow domain to send sigchld to xdm_t
> +##
> +##
> +##
> +## Domain allowed access.
> +##
> +##
> +#
> +interface(`xdm_sigchld',`
> + gen_require(`
> + type xdm_t;
> + ')
> +
> + allow $1 xdm_t:process sigchld;
> +')
I merged this, but moved it and renamed it to xserver_sigchld_xdm.
--
Chris PeBenito