On 05/15/2010 01:25 PM, Dominick Grift wrote:
> Here are two xdm fixes that i had to apply:
>
> Allow xdm_t to read gconf_etc_t else gconf sanity check failes and gnome power manager fails.
>
> Signed-off-by: Dominick Grift <domg472@xxxxxxxxx>
> ---------------------- policy/modules/services/xserver.te ---------------------
> index 65d2018..18aa8ef 100644
> @@ -722,6 +722,7 @@
> optional_policy(`
> gnome_manage_gconf_home_files(xdm_t)
> gnome_read_config(xdm_t)
> + gnome_read_gconf_config(xdm_t)
> gnome_append_gconf_home_files(xdm_t)
> ')
Actually looking at the above i am having some suspiscion:
1. gnome_append_gconf_home_files(xdm_t) seems redundant since xdm_t is
already allowed to manage gconf home files here:
gnome_manage_gconf_home_files(xdm_t)
2. I strongly suspect that this: gnome_read_config(xdm_t) is wrong and
that it should be removed.
These issues were introduced in 3.7.19-15:
- gnome_read_gconf_config(xdm_t)
+ gnome_manage_gconf_home_files(xdm_t)
The first should not have been removed.
The second makes gnome_append_gconf_home_files(xdm_t) redundant.
> xdm_t read xdm_etc_t link files.
>
> Signed-off-by: Dominick Grift <domg472@xxxxxxxxx>
> ---------------------- policy/modules/services/xserver.te ---------------------
> index 168e133..dd29803 100644
> @@ -409,6 +409,7 @@
>
> allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
>
> +allow xdm_t xdm_etc_t:lnk_file read_lnk_file_perms;
> read_files_pattern(xdm_t, xdm_etc_t, xdm_etc_t)
>
> manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
>
>
>
>
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
