From: aranea@aixah.de (Luis Ressel) Date: Tue, 14 Nov 2017 03:03:53 +0100 Subject: [refpolicy] [PATCH] xserver: Allow xdm_t to map usr_t files Message-ID: <20171114020353.29087-1-aranea@aixah.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This is required for gtk-based login managers to access gtk's icon cache. IIRC, past discussion on the ML came to the conclusion that adding a new domain for this would be overkill. --- policy/modules/services/xserver.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 36478b640..52eb67e8f 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -450,6 +450,7 @@ files_read_etc_runtime_files(xdm_t) files_exec_etc_files(xdm_t) files_list_mnt(xdm_t) # Read /usr/share/terminfo/l/linux and /usr/share/icons/default/index.theme... +files_map_usr_files(xdm_t) files_read_usr_files(xdm_t) # Poweroff wants to create the /poweroff file when run from xdm files_create_boot_flag(xdm_t) -- 2.15.0