From: Jason Zaman <perfinion@xxxxxxxxxx>
Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx>
---
policy/modules/services/xserver.fc | 2 ++
policy/modules/services/xserver.te | 2 ++
2 files changed, 4 insertions(+)
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index fa8db862..df06151e 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -143,6 +143,8 @@ ifndef(`distro_debian',`
/run/xauth(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
/run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
+/run/user/%{USERID}/ICEauthority.* -- gen_context(system_u:object_r:iceauth_home_t,s0)
+
ifdef(`distro_suse',`
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index f016d429..499f03a6 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -117,6 +117,7 @@ userdom_user_application_domain(iceauth_t, iceauth_exec_t)
type iceauth_home_t;
userdom_user_home_content(iceauth_home_t)
+userdom_user_runtime_content(iceauth_home_t)
type xauth_t;
type xauth_exec_t;
@@ -211,6 +212,7 @@ optional_policy(`
allow iceauth_t iceauth_home_t:file manage_file_perms;
userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file)
+userdom_user_runtime_filetrans(iceauth_t, iceauth_home_t, file)
allow xdm_t iceauth_home_t:file read_file_perms;
--
2.24.1
