Can this get merged? On 4/12/19 3:39 PM, Sugar, David wrote: > type=AVC msg=audit(1554917007.995:194): avc: denied { execute } for pid=7647 comm="lightdm" name="plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1 > type=AVC msg=audit(1554917007.995:194): avc: denied { read open } for pid=7647 comm="lightdm" path="/usr/bin/plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1 > type=AVC msg=audit(1554917007.995:194): avc: denied { execute_no_trans } for pid=7647 comm="lightdm" path="/usr/bin/plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1 > type=AVC msg=audit(1554917007.995:194): avc: denied { map } for pid=7647 comm="plymouth" path="/usr/bin/plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1 > > Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx> > --- > policy/modules/services/xserver.te | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te > index a2b08a89..38c28678 100644 > --- a/policy/modules/services/xserver.te > +++ b/policy/modules/services/xserver.te > @@ -615,6 +615,10 @@ optional_policy(` > mta_dontaudit_getattr_spool_files(xdm_t) > ') > > +optional_policy(` > + plymouthd_domtrans_plymouth(xdm_t) > +') > + > optional_policy(` > resmgr_stream_connect(xdm_t) > ') >