0735f2ca4a
Module version bump for misc fixes from Sven Vermeulen.
2014-12-02 10:29:59 -05:00
6624f9cf7a
Drop RHEL4 and RHEL5 support.
2014-09-24 13:10:37 -04:00
d580aae38f
Module version bump for shutdown transitions from Luis Ressel.
2014-06-09 08:21:33 -04:00
c55cd63011
Allow xdm_t to transition to shutdown_t domain
...
Several DMs offer the possibility to shutdown the system. I personally
don't think a bool is neccessary for this permission, but I wouldn't
oppose one either.
2014-06-09 08:15:57 -04:00
e71df879e5
Module version bump for rcs2log and xserver updates from Sven Vermeulen.
2014-06-02 15:14:50 -04:00
97c3e208f8
xserver_t needs to ender dirs labeled xdm_var_run_t
...
The LightDM application stores its xauth file in a subdirectory
(/var/run/lightdm/root) which is labeled as xdm_var_run_t. As a result,
X11 (xserver_t) needs search rights to this location.
With this setup, X is run as follows:
/usr/bin/X :0 -auth /var/run/lightdm/root/:0
Changes since v1:
- Use read_files_pattern instead of separate allow rules
Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-06-02 11:05:01 -04:00
37cea01bfa
Module version bump for gnome keyring fix from Laurent Bigonville.
2014-04-15 14:51:53 -04:00
adfe24f6ce
Allow the xdm_t domain to enter all the gkeyringd ones
...
During the opening of the session, the pam_gnome_keyring module is
starting the daemon in the gkeyringd user domain, allow xdm_t to
transition to it.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742966
2014-04-15 09:29:51 -04:00
10ff4d0fa3
Bump module versions for release.
2014-03-11 08:16:57 -04:00
bf6d35851e
Module version bump for xserver change from Dominick Grift.
2014-01-08 13:58:51 -05:00
33b64cffb1
xserver: These are no longer needed
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2014-01-06 10:23:13 -05:00
1a01976fc4
Module version bump for first batch of patches from Dominick Grift.
2013-12-02 14:22:29 -05:00
04ac9311b9
xserver: already allowed by auth_login_pgm_domain(xdm_t)
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-12-02 08:43:33 -05:00
15f32f59fe
Module version bump for xserver console and fc fixes from Dominick Grift.
2013-09-27 15:08:12 -04:00
57f62fe531
xserver: associate xconsole_device_t (/dev/xconsole) to device_t (devtmpfs)
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-27 14:44:46 -04:00
360438c194
Module version bump for xdm dbus access from Dominick Grift.
2013-09-26 11:09:28 -04:00
2aad2492e9
xdm: is a system bus client and acquires service on the system bus xdm: dbus chat with accounts-daemon
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-26 10:51:02 -04:00
77f13c4993
Module version bump for slim fc entries from Sven Vermeulen.
2013-09-26 10:48:55 -04:00
7174140178
Module version bump for xserver and selinuxutil updates from Dominick Grift.
2013-09-26 08:32:33 -04:00
d174521a64
Bump module versions for release.
2013-04-24 16:14:52 -04:00
79f71729e3
Module version bump from Debian changes from Laurent Bigonville.
2012-12-07 00:46:27 -05:00
51b1bd56c4
Module version bump for xserver interfaces from Dominick Grift.
2012-10-19 08:58:54 -04:00
5b58ce70fd
Module version bump for Debian file context updates from Laurent Bigonville.
2012-09-17 11:08:42 -04:00
2b70efd2f6
Module version bump for fc substitutions optimizations from Sven Vermeulen.
2012-08-15 11:00:55 -04:00
3516535aa6
Bump module versions for release.
2012-07-25 14:33:06 -04:00
8e00a439ef
Module verion bump for simplify file contexts based on file context path substitutions, from Sven Vermeulen.
2012-05-10 10:36:06 -04:00
a9cd7ff45f
Module version bump for patches from Sven Vermeulen.
...
* Dontaudit in xserver
* Create user keys in sudo
2012-05-04 08:43:27 -04:00
a5fc78b88a
Move domain call in xserver.
2012-05-04 08:35:24 -04:00
d5a23304c3
Adding dontaudits for xserver
...
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-05-04 08:34:32 -04:00
f65edd8280
Bump module versions for release.
2012-02-15 14:32:45 -05:00
64a0271ffd
Module version bump and changelog for slim and lxdm file contexts to xserver, from Sven Vermeulen.
2011-12-13 11:17:23 -05:00
3cbb3701cd
Module version bumps for debian fc patch from Russell Coker.
2011-11-16 15:31:48 -05:00
ba817fccd9
Add userdom interfaces for user application domains, user tmp files, and user tmpfs files.
2011-10-28 08:49:19 -04:00
e2fa4f2e8c
Add user application, tmp and tmpfs file interfaces.
2011-10-28 08:48:10 -04:00
aa4dad379b
Module version bump for release.
2011-07-26 08:11:01 -04:00
d23f88c874
Module version bump for xauth patch from Guido Trentalancia.
2011-03-16 08:48:08 -04:00
db9cae615c
Rearrange lines for xauth change.
2011-03-16 08:47:40 -04:00
848bc57cff
xauth label and module request
...
When starting the X server from the console (using the startx script
that is being shipped with package xinit from X.Org), a few more
permissions are needed from the reference policy.
The label is for a file created by the startx script (from X.Org) and
the module being requested is ipv6 (which can be disabled by other
means).
2011-03-16 08:41:35 -04:00
bdc7622e86
Remove redundant system dbus permissions with cpufreqselector and incorrect xdm dbus permission.
2011-03-16 08:20:28 -04:00
e2a8fd2b59
Module version bump for xserver patch from Sven Vermeulen.
2011-03-03 09:53:41 -05:00
dc24f36872
Module version bump and changelog for cpufreqselector dbus patch from Guido Trentalancia.
2011-02-22 11:36:15 -05:00
616a0d5337
Whitespace fixes in cpufreqselector and xserver.
2011-02-22 11:23:42 -05:00
f8b9fb9391
patch to make cpufreqselector usable with dbus
...
This patch adds a new interface to the cpufreqselector module
to allow dbus chat. It then uses such interface to allow dbus chat
with system_dbusd_t and xdm_t. This patch also adds some other
permissions needed to run cpufreqselector.
2011-02-22 11:23:10 -05:00
0737bf0d71
Module version bump and changelog for Xserver update for startx from Sven Vermeulen.
2011-02-18 08:54:18 -05:00
ada6113ad8
Remove redundant files_search_tmp() call from iceauth.
2011-02-18 08:47:15 -05:00
7b40532b40
Allow xfce (and most likely other DEs) to properly work with the authorization information
...
On my system, I use XFCE and start X from the commandline (using "startx")
rather than through a graphical DM. During the start-up, XFCE4 creates
temporary ICE files in /tmp (like /tmp/.xfsm-ICE-ABCDEF) which are later
read in by iceauth and at some point X.
I'm not that good at the entire ICE stuff, but without this, I was unable to
shut down my session ("log off").
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-02-18 08:46:04 -05:00
2a8d412ba6
Module version bump and changelog for XServer keyboard event patch from Sven Vermeulen.
2011-02-14 09:13:44 -05:00
8452a744c8
Allow xserver to process keyboard events
...
On an Xorg 1.9 system with evdev driver (for keyboard InputClass), the
xserver_t domain needs to be able to read from the proper device nodes as
well as query the udev_tbl_t directory and udev itself.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-02-14 09:01:55 -05:00
826d014241
Bump module versions for release.
2010-12-13 09:12:22 -05:00
785ee7988c
Module version bump and changelog entry for conditional mmap_zero patch.
2010-09-01 10:08:09 -04:00
Chris PeBenito
Luis Ressel
Sven Vermeulen
Laurent Bigonville
Dominick Grift
Dominick Grift
Guido Trentalancia
Chris PeBenito