From 5fe6fbca5494489fe9bd5999614c8d33169a6054 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 2 Jan 2017 13:11:31 -0500 Subject: [PATCH] xserver: Update from Russell Coker for boinc. --- policy/modules/contrib | 2 +- policy/modules/services/xserver.if | 18 ++++++++++++++++++ policy/modules/services/xserver.te | 2 +- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/policy/modules/contrib b/policy/modules/contrib index e19d86553..f43561b5c 160000 --- a/policy/modules/contrib +++ b/policy/modules/contrib @@ -1 +1 @@ -Subproject commit e19d865537cac2d890eec74f016f23759e059d4e +Subproject commit f43561b5cc2d0714abc0b79fd4410d5a2f7210f7 diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 59d5821e4..a054c9c29 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1234,6 +1234,24 @@ interface(`xserver_dontaudit_getattr_xdm_tmp_sockets',` dontaudit $1 xdm_tmp_t:sock_file getattr; ') +######################################## +## +## list xdm_tmp_t directories +## +## +## +## Domain to allow +## +## +# +interface(`xserver_list_xdm_tmp',` + gen_require(` + type xdm_tmp_t; + ') + + allow $1 xdm_tmp_t:dir list_dir_perms; +') + ######################################## ## ## Execute the X server in the X server domain. diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 35b0e3697..40852e05a 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,4 +1,4 @@ -policy_module(xserver, 3.12.7) +policy_module(xserver, 3.12.8) gen_require(` class x_drawable all_x_drawable_perms;