Re: [PATCH] sddm role

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, 17 February 2022 02:40:59 AEDT Chris PeBenito wrote:
> On 2/16/2022 08:12, Russell Coker wrote:
> > This patch adds a role for the xdm program.  It's needed by sddm because
> > it uses PAM to run it's own worker process and thus needs to do all the
> > checks for a valid session for it's own UID.
> 
> IMO this is a bug in the code.

Maybe, but I think we have to deal with this.

> > Index: refpolicy-2.20220216/config/appconfig-mcs/seusers
> > ===================================================================
> > --- refpolicy-2.20220216.orig/config/appconfig-mcs/seusers
> > +++ refpolicy-2.20220216/config/appconfig-mcs/seusers
> > @@ -1,2 +1,3 @@
> > root:unconfined_u:s0-mcs_systemhigh
> > __default__:unconfined_u:s0-mcs_systemhigh
> > +sddm:xdm:s0
> 
> Did you try sddm:system_u instead?  That seems like it could make the
> change a bit simpler, since we won't need the additional xdm_r.

That works I'll send an updated patch.

> Also, config changes should be reflected in the appconfig-standard and
> appconfig-mls configs, in addition to -mcs.

OK I'll do that in the next patch too.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux