nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xserver: ICEauthority can be in /run/user

Browse Source 
Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2019-12-24 18:10:37 +08:00 committed by Chris PeBenito
parent bcab64fba4
commit 32b6f152a2
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/xserver.fc
View File

@ -143,6 +143,8 @@ ifndef(`distro_debian',`
/run/xauth(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
/run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
/run/user/%{USERID}/ICEauthority.* -- gen_context(system_u:object_r:iceauth_home_t,s0)
ifdef(`distro_suse',`
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
')

2
policy/modules/services/xserver.te
View File

@ -117,6 +117,7 @@ userdom_user_application_domain(iceauth_t, iceauth_exec_t)
type iceauth_home_t;
userdom_user_home_content(iceauth_home_t)
userdom_user_runtime_content(iceauth_home_t)
type xauth_t;
type xauth_exec_t;
@ -211,6 +212,7 @@ optional_policy(`
allow iceauth_t iceauth_home_t:file manage_file_perms;
userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file)
userdom_user_runtime_filetrans(iceauth_t, iceauth_home_t, file)
allow xdm_t iceauth_home_t:file read_file_perms;