Re: xdm fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/15/2010 07:50 AM, Dominick Grift wrote:
> On 05/15/2010 01:25 PM, Dominick Grift wrote:
>> Here are two xdm fixes that i had to apply:
>>
>> Allow xdm_t to read gconf_etc_t else gconf sanity check failes and gnome power manager fails.
>>
>> Signed-off-by: Dominick Grift <domg472@xxxxxxxxx>
>> ---------------------- policy/modules/services/xserver.te ---------------------
>> index 65d2018..18aa8ef 100644
>> @@ -722,6 +722,7 @@
>>  optional_policy(`
>>  	gnome_manage_gconf_home_files(xdm_t)
>>  	gnome_read_config(xdm_t)
>> +	gnome_read_gconf_config(xdm_t)
>>  	gnome_append_gconf_home_files(xdm_t)
>>  ')
> 
> 
> Actually looking at the above i am having some suspiscion:
> 
> 1. gnome_append_gconf_home_files(xdm_t) seems redundant since xdm_t is
> already allowed to manage gconf home files here:
> gnome_manage_gconf_home_files(xdm_t)
> 
> 2. I strongly suspect that this: gnome_read_config(xdm_t) is wrong and
> that it should be removed.
> 
> These issues were introduced in 3.7.19-15:
> 
> -	gnome_read_gconf_config(xdm_t)
> +	gnome_manage_gconf_home_files(xdm_t)
> 
> The first should not have been removed.
> The second makes gnome_append_gconf_home_files(xdm_t) redundant.
> 
>> xdm_t read xdm_etc_t link files.
>>
>> Signed-off-by: Dominick Grift <domg472@xxxxxxxxx>
>> ---------------------- policy/modules/services/xserver.te ---------------------
>> index 168e133..dd29803 100644
>> @@ -409,6 +409,7 @@
>>  
>>  allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
>>  
>> +allow xdm_t xdm_etc_t:lnk_file read_lnk_file_perms;
>>  read_files_pattern(xdm_t, xdm_etc_t, xdm_etc_t)
>>  
>>  manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
>>
>>
>>
>>
> 
> 
> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I am nervous about changing this in F13.  I will make this change in F14
though.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEUEARECAAYFAkvxTY8ACgkQrlYvE4MpobM1gwCgl9xXzljX8MGfK0FvM9w1C8yf
YXQAmNPMROaRKmbIpzUl9nUaf/ecJw4=
=pmB4
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux