Nicolas Iooss 59e00c5580 Label Xorg server binary correctly on Arch Linux ... On Arch Linux, /usr/bin/Xorg is only a shell script which executes /usr/lib/xorg-server/Xorg.wrap, which is a SUID binary wrapper around /usr/lib/xorg-server/Xorg. Even though Xorg.wrap is not a full X server, it reads X11 configuration files, uses the DRM interface to detect KMS, etc. (cf. http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/xorg-wrapper.c?id=xorg-server-1.18.0 for more details). Therefore label it as xserver_exec_t. This makes the following AVC appear: denied { execute_no_trans } for pid=927 comm="X" path="/usr/lib/xorg-server/Xorg.wrap" dev="dm-0" ino=3152592 scontext=system_u:system_r:xserver_t tcontext=system_u:object_r:xserver_exec_t tclass=file Allow /usr/bin/Xorg to execute Xorg.wrap with a can_exec statement.		2016-01-05 13:22:52 -05:00
..
admin	Bump module versions for release.	2015-12-08 09:53:02 -05:00
apps	Move modules to contrib submodule.	2011-09-09 10:10:03 -04:00
contrib@35cd3decfd	Update contrib.	2015-12-14 10:40:04 -05:00
kernel	Module version bump for vm overcommit sysctl interfaces from Laurent Bigonville.	2015-12-14 10:04:14 -05:00
roles	Bump module versions for release.	2015-12-08 09:53:02 -05:00
services	Label Xorg server binary correctly on Arch Linux	2016-01-05 13:22:52 -05:00
system	Module version bumps for 2 patches from Dominick Grift.	2015-12-10 15:46:13 -05:00