rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
deab87434d
selinux-policy/suse_modifications_xserver.patch
Vítězslav Čížek deab87434d Accepting request 714653 from home:jsegitz:branches:security:SELinux 
- Update to refpolicy 20190609. New modules for stubby and several
  systemd updates, including initial support for systemd --user
  sessions.
  Refreshed
  * label_var_run_rsyslog.patch
  * suse_modifications_cron.patch
  * suse_modifications_logging.patch
  * suse_modifications_ntp.patch
  * suse_modifications_usermanage.patch
  * suse_modifications_xserver.patch
  * sysconfig_network_scripts.patch

OBS-URL: https://build.opensuse.org/request/show/714653
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=72
2019-07-16 12:19:29 +00:00

37 lines
1.6 KiB
Diff
Raw Blame History

Index: refpolicy/policy/modules/services/xserver.fc
===================================================================
--- refpolicy.orig/policy/modules/services/xserver.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.fc 2019-07-11 14:31:20.989630792 +0200
@@ -77,6 +77,9 @@ HOME_DIR/\.Xauthority.* -- gen_context(s
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
+#/usr/lib/gdm/.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/X11/display-manager -- gen_context(system_u:object_r:xdm_exec_t,s0)
+
/usr/lib/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
/usr/lib/xorg/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
/usr/lib/xorg/Xorg\.wrap -- gen_context(system_u:object_r:xserver_exec_t,s0)
Index: refpolicy/policy/modules/services/xserver.te
===================================================================
--- refpolicy.orig/policy/modules/services/xserver.te 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.te 2019-07-11 14:31:20.989630792 +0200
@@ -912,6 +912,17 @@ corenet_tcp_bind_vnc_port(xserver_t)
init_use_fds(xserver_t)
+ifndef(`distro_suse',`
+ # this is a neverallow, maybe dontaudit it
+ #allow xdm_t proc_kcore_t:file getattr;
+ allow xdm_t var_run_t:lnk_file create;
+ allow xdm_t var_lib_t:lnk_file read;
+
+ dev_getattr_all_blk_files( xdm_t )
+ dev_getattr_all_chr_files( xdm_t )
+ logging_r_xconsole(xdm_t)
+')
+
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
View Git Blame Copy Permalink