On Thursday, 17 February 2022 02:40:59 AEDT Chris PeBenito wrote: > On 2/16/2022 08:12, Russell Coker wrote: > > This patch adds a role for the xdm program. It's needed by sddm because > > it uses PAM to run it's own worker process and thus needs to do all the > > checks for a valid session for it's own UID. > > IMO this is a bug in the code. Maybe, but I think we have to deal with this. > > Index: refpolicy-2.20220216/config/appconfig-mcs/seusers > > =================================================================== > > --- refpolicy-2.20220216.orig/config/appconfig-mcs/seusers > > +++ refpolicy-2.20220216/config/appconfig-mcs/seusers > > @@ -1,2 +1,3 @@ > > root:unconfined_u:s0-mcs_systemhigh > > __default__:unconfined_u:s0-mcs_systemhigh > > +sddm:xdm:s0 > > Did you try sddm:system_u instead? That seems like it could make the > change a bit simpler, since we won't need the additional xdm_r. That works I'll send an updated patch. > Also, config changes should be reflected in the appconfig-standard and > appconfig-mls configs, in addition to -mcs. OK I'll do that in the next patch too. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/