On 1/12/21 5:32 AM, Russell Coker wrote:
More little strict patches, much of which are needed for KDE.
Signed-off-by: Russell Coker <russell@xxxxxxxxxxxx>
Index: refpolicy-2.20201210/policy/modules/system/userdomain.if
===================================================================
--- refpolicy-2.20201210.orig/policy/modules/system/userdomain.if
+++ refpolicy-2.20201210/policy/modules/system/userdomain.if
@@ -115,12 +115,16 @@ template(`userdom_base_user_template',`
libs_exec_ld_so($1_t)
+ logging_send_syslog_msg($1_t)
+
miscfiles_read_localization($1_t)
miscfiles_read_generic_certs($1_t)
miscfiles_watch_fonts_dirs($1_t)
sysnet_read_config($1_t)
+ userdom_write_all_user_runtime_named_sockets($1_t)
+
# kdeinit wants systemd status
init_get_system_status($1_t)
This template is supposed to be the bare minimum to have a user. I don't think
these rules fit this design.
--
Chris PeBenito
