This patch removes every macro and interface that was deprecated in 20190201.
Some of them date back to 2016 or 2017. I chose 20190201 as that is the one
that is in the previous release of Debian. For any distribution I don't
think it makes sense to carry interfaces that were deprecated in version N
to version N+1.
One thing that particularly annoys me is when audit2allow -R gives deprecated
interfaces in it's output. Removing some of these should reduce the
incidence of that.
I believe this is worthy of merging.
Signed-off-by: Russell Coker <russell@coker.com.au>
This patch is the one I described as "another chromium patch" on the 10th of
April last year, but with the issues addressed, and the
chromium_t:file manage_file_perms removed as requested.
I believe it's ready for inclusion.
Signed-off-by: Russell Coker <russell@coker.com.au>
xdg rules are normally set in xserver. But, if a modular policy is being
used and the xserver module is not present, the required rules for users
to be able to access xdg content are never created and thus these files
and directories cannot be interacted with by users. This change adds a
new template that can be called to grant these privileges to userdomain
types as necessary.
Signed-off-by: Kenton Groombridge <me@concord.sh>
- selinuxutil.te: ignore gen_require usage for bool secure_mode
- corenetwork.te: ignore gen_require usage for type unlabeled_t
- files.if: drop unneeded required types in interface
- rpm.if: drop unneeded required type in interface
- xserver.if: ignore interface xserver_restricted_role calling template xserver_common_x_domain_template
- domain.te: add require block with explicit declaration for used type unlabeled_t from module kernel
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Rename interfaces to bring consistency with previous pid->runtime type
renaming. See PR #106 or 69a403cd original type renaming.
Interfaces that are still in use were renamed with a compatibility
interface. Unused interfaces were fully deprecated for removal.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
Applications can optionally map fonts and fontconfig caches into memory.
miscfiles_read_fonts() already grants those perms, but it seems
xserver_use_user_fonts() was forgotten.
With the introduction of the freedesktop XDG location support in the
policy, end users need to be allowed to manage these locations from their
main user domain.
The necessary privileges are added to the xserver_role() interface, which is
in use by the unconfined user domain as well as the main other user domains
(like user, sysadm and staff).
The necessary file transitions for the directories are added as well.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
The interface xserver_manage_xdm_spool_files() uses the undeclared type
xdm_spool_t. Removed statements referring to this type and marked the
interface as deprecated because it is now empty.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Do not audit ioctl operation attempts whenever write
operations on the xserver log should not be audited.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Remove complement (~) and wildcard (*) in allow rules so that there are no
unintentional additions when new permissions are declared.
This patch does not add or remove permissions from any rules.
This patch fixes the xserver module so that the hidden .ICEauthority
file is created with the proper context (file transition).
It also optimizes a similar interface used for xauth home files.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
I believe that I have addressed all the issues Chris raised, so here's a newer
version of the patch which applies to today's git version.
Description: systemd-resolved, sessions, and tmpfiles patches
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-03-26
The following patch (split in two parts, one for base and
another one for contrib) introduces a new file context for
the X session log files and two new interface to manage
them (instead of allowing to manage the whole user home
content files).
It is required after the recent confinement of graphical
desktop components (e.g. wm, xscreensaver).
The second version of the patch correctly uses file type
transitions and uses more tight permissions.
The third version simply moves some interface calls.
The fourth version introduces the new template for
username-dependent file contexts.
The fifth version moves other interface calls thanks to
further revisions from Christopher PeBenito (the corresponding
contrib policy part remains unchanged at version 4).
This sixth version, adds the missing diff relative to the
xserver.te policy file to declare the new xsession_log_t type.
The corresponding base policy patch is at version 4.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Enable dbus messaging between the X Display Manager (XDM) and
the rtkit daemon.
Also, let the rtkit daemon set the priority of the X Display
Manager (XDM).
This patch (along with parts 3/5 and 4/5) might be needed when
running gdm.
I do apologize for the broken interface in the previous version
of this patch.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
This is a patch that I have created and tested to support Apache
OpenOffice with its own module (base policy part, 1/2).
The file contexts (and initial tests) are based on the default
installation path for version 4 of the office suite.
Since the second version it includes revisions from Dominick Grift.
Since the third version it should correctly manage files in home
directories and allow some other major functionality.
The fourth version of the patch introduces a boolean to enable or
disable software updates from the network (application and/or
extensions).
The fifth version of the patch adds the ability to connect to the
X display manager (XDM) using Unix domain sockets (interface
xserver_stream_connect_xdm()). Also the fifth version splits the
whole patch into separate base policy / contrib policy patches as
required.
The sixth version of this patch removes obsolete executable
permission from the unconfined module.
The seventh, eighth and nineth versions brings no changes in the base
part of the patch.
All released versions are safe to apply, each new version just
brings improved application functionality and better integration
with other desktop applications.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Remove unneeded permissions to read user content from the
xserver module (xserver and xdm domains).
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
- add systemd service macro sets
- add some documentation
- add some recursion to some macro sets (ipv perm, object class sets)
- deprecate domain_trans and domain_auto_trans
- remove unpriv_socket_class_set
- updated the file contexts for the Xsession script;
- created an interface for chatting over dbus with
xdm (currently used by the userdomain module in
the common user template);
- added permission to chat over dbus with colord.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Allow xserver_restricted_role domains to call/start Xorg (using startx), fixes
15-second lag/timeout (needs siginh permission as provided by
xserver_domtrans).
Apparently, the 15-second lag (or some other behavior) was already detected
in the past, giving rise to the SIGINH permission in the xserver_domtrans()
interface.
However, domains that are given the xserver_(restricted_)role do not call
the xserver_domtrans but rather the "standard" domtrans_pattern.
The new patch suggests to use xserver_domtrans in the
xserver_restricted_role, which automatically includes the siginh permission
then.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
The motivation for this was xdm_t objects not getting cleaned up,
so the user session tried to interact with them. But since the
default user type is unconfined this problem has gone away for now.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Russell Coker
0xC0ncord
Jason Zaman
bauen1
Christian Göttsche
Chris PeBenito
Daniel Burgener
Guido Trentalancia
Luis Ressel
Jason Zaman
Sven Vermeulen
James Carter
David Sugar
Guido Trentalancia via refpolicy
Guido Trentalancia
Chris PeBenito
Dominick Grift
Dominick Grift
Eamon Walsh