xauth label and module request

When starting the X server from the console (using the startx script that is being shipped with package xinit from X.Org), a few more permissions are needed from the reference policy. The label is for a file created by the startx script (from X.Org) and the module being requested is ipv6 (which can be disabled by other means).
2011-02-28 20:38:01 +01:00 · 2011-02-28 20:38:01 +01:00 · 848bc57cff
commit 848bc57cff
parent 79c8dfe162
2 changed files with 3 additions and 0 deletions
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@ -8,6 +8,7 @@ HOME_DIR/\.fonts\.cache-.* --	gen_context(system_u:object_r:user_fonts_cache_t,s
 HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
 HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
+HOME_DIR/\.serverauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)

 #
 # /dev
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@ -270,6 +270,8 @@ domain_use_interactive_fds(xauth_t)
 files_read_etc_files(xauth_t)
 files_search_pids(xauth_t)

+kernel_request_load_module(xauth_t)
+
 fs_getattr_xattr_fs(xauth_t)
 fs_search_auto_mountpoints(xauth_t)