From 7b40532b40c07d0dc9795b9a651420433e159f36 Mon Sep 17 00:00:00 2001
From: Sven Vermeulen <sven.vermeulen@siphos.be>
Date: Sun, 6 Feb 2011 16:14:46 +0100
Subject: [PATCH] Allow xfce (and most likely other DEs) to properly work with
 the authorization information

On my system, I use XFCE and start X from the commandline (using "startx")
rather than through a graphical DM. During the start-up, XFCE4 creates
temporary ICE files in /tmp (like /tmp/.xfsm-ICE-ABCDEF) which are later
read in by iceauth and at some point X.

I'm not that good at the entire ICE stuff, but without this, I was unable to
shut down my session ("log off").

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/xserver.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index edc58df52..303c3e0a4 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -234,9 +234,11 @@ userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file)
 
 allow xdm_t iceauth_home_t:file read_file_perms;
 
+files_search_tmp(iceauth_t)
 fs_search_auto_mountpoints(iceauth_t)
 
 userdom_use_user_terminals(iceauth_t)
+userdom_read_user_tmp_files(iceauth_t)
 
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_files(iceauth_t)
@@ -726,6 +728,7 @@ seutil_read_default_contexts(xserver_t)
 userdom_search_user_home_dirs(xserver_t)
 userdom_use_user_ttys(xserver_t)
 userdom_setattr_user_ttys(xserver_t)
+userdom_read_user_tmp_files(xserver_t)
 userdom_rw_user_tmpfs_files(xserver_t)
 
 xserver_use_user_fonts(xserver_t)