nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xserver_t needs to ender dirs labeled xdm_var_run_t 

The LightDM application stores its xauth file in a subdirectory
(/var/run/lightdm/root) which is labeled as xdm_var_run_t. As a result,
X11 (xserver_t) needs search rights to this location.

With this setup, X is run as follows:
  /usr/bin/X :0 -auth /var/run/lightdm/root/:0

Changes since v1:
- Use read_files_pattern instead of separate allow rules

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2014-05-28 17:25:49 +02:00 committed by Chris PeBenito
parent 9fca2d697b
commit 97c3e208f8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/xserver.te
View File

@ -820,7 +820,7 @@ allow xserver_t xdm_t:shm rw_shm_perms;
allow xserver_t xdm_var_lib_t:file { getattr read }; allow xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xserver_t xdm_var_lib_t:dir search; dontaudit xserver_t xdm_var_lib_t:dir search;
allow xserver_t xdm_var_run_t:file read_file_perms; read_files_pattern(xserver_t, xdm_var_run_t, xdm_var_run_t)
# Label pid and temporary files with derived types. # Label pid and temporary files with derived types.
manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t) manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)