This patch is needed by my other patches. Please include it now so the other
patches can apply and not conflict with each other.
Index: refpolicy-2.20170417/policy/modules/services/xserver.if
===================================================================
--- refpolicy-2.20170417.orig/policy/modules/services/xserver.if
+++ refpolicy-2.20170417/policy/modules/services/xserver.if
@@ -1561,3 +1561,21 @@ interface(`xserver_unconfined',`
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
+
+########################################
+## <summary>
+## Allow domain to send sigchld to xdm_t
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdm_sigchld',`
+ gen_require(`
+ type xdm_t;
+ ')
+
+ allow $1 xdm_t:process sigchld;
+')
On 04/19/2017 10:32 PM, Russell Coker via refpolicy wrote:
> This patch is needed by my other patches. Please include it now so the other
> patches can apply and not conflict with each other.
>
>
> Index: refpolicy-2.20170417/policy/modules/services/xserver.if
> ===================================================================
> --- refpolicy-2.20170417.orig/policy/modules/services/xserver.if
> +++ refpolicy-2.20170417/policy/modules/services/xserver.if
> @@ -1561,3 +1561,21 @@ interface(`xserver_unconfined',`
> typeattribute $1 x_domain;
> typeattribute $1 xserver_unconfined_type;
> ')
> +
> +########################################
> +## <summary>
> +## Allow domain to send sigchld to xdm_t
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xdm_sigchld',`
> + gen_require(`
> + type xdm_t;
> + ')
> +
> + allow $1 xdm_t:process sigchld;
> +')
I merged this, but moved it and renamed it to xserver_sigchld_xdm.
--
Chris PeBenito