From 32b6f152a24777c2f5f1e439899976be692c9532 Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Tue, 24 Dec 2019 18:10:37 +0800 Subject: [PATCH] xserver: ICEauthority can be in /run/user Signed-off-by: Jason Zaman --- policy/modules/services/xserver.fc | 2 ++ policy/modules/services/xserver.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index fa8db862e..df06151e1 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -143,6 +143,8 @@ ifndef(`distro_debian',` /run/xauth(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0) /run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0) +/run/user/%{USERID}/ICEauthority.* -- gen_context(system_u:object_r:iceauth_home_t,s0) + ifdef(`distro_suse',` /var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0) ') diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index f016d4295..499f03a69 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -117,6 +117,7 @@ userdom_user_application_domain(iceauth_t, iceauth_exec_t) type iceauth_home_t; userdom_user_home_content(iceauth_home_t) +userdom_user_runtime_content(iceauth_home_t) type xauth_t; type xauth_exec_t; @@ -211,6 +212,7 @@ optional_policy(` allow iceauth_t iceauth_home_t:file manage_file_perms; userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file) +userdom_user_runtime_filetrans(iceauth_t, iceauth_home_t, file) allow xdm_t iceauth_home_t:file read_file_perms;