Index: refpolicy/policy/modules/services/xserver.fc
===================================================================
--- refpolicy.orig/policy/modules/services/xserver.fc	2018-06-25 01:11:14.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.fc	2018-11-27 15:03:58.228581598 +0100
@@ -76,6 +76,9 @@ HOME_DIR/\.Xauthority.*	--	gen_context(s
 /usr/bin/xauth		--	gen_context(system_u:object_r:xauth_exec_t,s0)
 /usr/bin/Xorg		--	gen_context(system_u:object_r:xserver_exec_t,s0)
 
+#/usr/lib/gdm/.* 	-- 	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/X11/display-manager	--	gen_context(system_u:object_r:xdm_exec_t,s0)
+
 /usr/lib/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
 /usr/lib/xorg/Xorg		--	gen_context(system_u:object_r:xserver_exec_t,s0)
 /usr/lib/xorg/Xorg\.wrap	--	gen_context(system_u:object_r:xserver_exec_t,s0)
Index: refpolicy/policy/modules/services/xserver.te
===================================================================
--- refpolicy.orig/policy/modules/services/xserver.te	2018-07-01 17:02:32.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.te	2018-11-27 15:03:58.228581598 +0100
@@ -893,6 +893,17 @@ corenet_tcp_bind_vnc_port(xserver_t)
 
 init_use_fds(xserver_t)
 
+ifndef(`distro_suse',`
+	# this is a neverallow, maybe dontaudit it
+	#allow xdm_t proc_kcore_t:file getattr;
+	allow xdm_t var_run_t:lnk_file create;
+	allow xdm_t var_lib_t:lnk_file read;
+
+	dev_getattr_all_blk_files( xdm_t )
+	dev_getattr_all_chr_files( xdm_t )
+	logging_r_xconsole(xdm_t)
+')
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(xserver_t)
 	fs_manage_nfs_files(xserver_t)