From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 14 Nov 2017 18:32:11 -0500
Subject: [refpolicy] [PATCH] xserver: Allow xdm_t to map usr_t files
In-Reply-To: <20171114020353.29087-1-aranea@aixah.de>
References: <20171114020353.29087-1-aranea@aixah.de>
Message-ID: <6cf5e319-7b3c-31aa-96b5-07fe148e71fe@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/13/2017 09:03 PM, Luis Ressel via refpolicy wrote:
> This is required for gtk-based login managers to access gtk's icon
> cache. IIRC, past discussion on the ML came to the conclusion that
> adding a new domain for this would be overkill.
> ---
>   policy/modules/services/xserver.te | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 36478b640..52eb67e8f 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -450,6 +450,7 @@ files_read_etc_runtime_files(xdm_t)
>   files_exec_etc_files(xdm_t)
>   files_list_mnt(xdm_t)
>   # Read /usr/share/terminfo/l/linux and /usr/share/icons/default/index.theme...
> +files_map_usr_files(xdm_t)
>   files_read_usr_files(xdm_t)
>   # Poweroff wants to create the /poweroff file when run from xdm
>   files_create_boot_flag(xdm_t)

Merged.

-- 
Chris PeBenito