From be5a1e168e65447437bf58b1e8645480ae7759d1 Mon Sep 17 00:00:00 2001
From: Dave Sugar <dsugar100@gmail.com>
Date: Wed, 19 Jul 2023 23:36:27 -0400
Subject: [PATCH] Allow iceauth write to xsession log

node=localhost type=AVC msg=audit(1689822970.302:4180): avc:  denied  { write } for  pid=2610 comm="iceauth" path="/home/toor/.xsession-errors" dev="dm-9" ino=129541 scontext=toor_u:staff_r:iceauth_t:s0 tcontext=system_u:object_r:xsession_log_t:s0 tclass=file permissive=1

Signed-off-by: Dave Sugar <dsugar100@gmail.com>
---
 policy/modules/services/xserver.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 8a3c658a8..aa2545e3c 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -228,6 +228,8 @@ fs_search_auto_mountpoints(iceauth_t)
 userdom_use_user_terminals(iceauth_t)
 userdom_read_user_tmp_files(iceauth_t)
 
+xserver_write_inherited_xsession_log(iceauth_t)
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_files(iceauth_t)
 ')