From fb4f17e4b02a167e32123395588df355f63493d9 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Thu, 7 Jan 2016 16:46:49 +0100
Subject: [PATCH] Label Xorg server binary correctly on Debian

On Debian, /usr/bin/Xorg is only a shell script which executes
/usr/lib/xorg/Xorg.wrap, which is a SUID binary wrapper around
/usr/lib/xorg/Xorg.
---
 policy/modules/services/xserver.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 397993fb4..f80e919ce 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -70,6 +70,8 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 /usr/bin/Xorg		--	gen_context(system_u:object_r:xserver_exec_t,s0)
 
 /usr/lib/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
+/usr/lib/xorg/Xorg		--	gen_context(system_u:object_r:xserver_exec_t,s0)
+/usr/lib/xorg/Xorg\.wrap	--	gen_context(system_u:object_r:xserver_exec_t,s0)
 /usr/lib/xorg-server/Xorg	--	gen_context(system_u:object_r:xserver_exec_t,s0)
 /usr/lib/xorg-server/Xorg\.wrap	--	gen_context(system_u:object_r:xserver_exec_t,s0)