RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

new sddm V2 

This patch addresses all previous issues and I think it's ready to merge.

Signed-off-by: Russell Coker <russell@coker.com.au>
This commit is contained in:
Russell Coker 2022-03-27 23:15:11 +11:00 committed by Chris PeBenito
parent 42e57f4d1e
commit 6e5a6bffdb
7 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/appconfig-mcs/seusers
View File

@ -1,2 +1,3 @@
root:root:s0-mcs_systemhigh
__default__:user_u:s0
sddm:xdm:s0

1
config/appconfig-mcs/xdm_default_contexts Normal file
View File

@ -0,0 +1 @@
system_r:xdm_t:s0 system_r:xdm_t:s0

1
config/appconfig-mls/seusers
View File

@ -1,2 +1,3 @@
root:root:s0-mls_systemhigh
__default__:user_u:s0
sddm:xdm:s0

1
config/appconfig-mls/xdm_default_contexts Normal file
View File

@ -0,0 +1 @@
system_r:xdm_t:s0 system_r:xdm_t:s0

1
config/appconfig-standard/seusers
View File

@ -1,2 +1,3 @@
root:root
__default__:user_u
sddm:xdm:s0

1
config/appconfig-standard/xdm_default_contexts Normal file
View File

@ -0,0 +1 @@
system_r:xdm_t system_r:xdm_t

11
policy/modules/services/xserver.te
View File

@ -62,6 +62,10 @@ gen_tunable(xserver_object_manager, false)
## </desc>
gen_tunable(xserver_allow_dri, false)
# for sddm to use pam for greeter
role xdm_r;
allow system_r xdm_r;
attribute x_domain;
# X Events
@ -145,6 +149,7 @@ fs_associate_tmpfs(xconsole_device_t)
files_associate_tmp(xconsole_device_t)
type xdm_t;
role xdm_r types xdm_t;
type xdm_exec_t;
auth_login_pgm_domain(xdm_t)
init_domain(xdm_t, xdm_exec_t)
@ -843,6 +848,9 @@ manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
# for sddm to use pam for greeter, sddm greeter needs execmod
allow xdm_t xdm_tmpfs_t:file execmod;
# Run Xorg.wrap
can_exec(xserver_t, xserver_exec_t)
@ -1009,3 +1017,6 @@ allow xserver_unconfined_type { x_domain xserver_t }:x_keyboard { getattr setatt
allow xserver_unconfined_type xextension_type:x_extension { query use };
allow xserver_unconfined_type { x_domain xserver_t }:x_resource { read write };
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } { send receive };
# for sddm to use pam for greeter
gen_user(xdm,, xdm_r, s0, s0)