On Friday, 18 February 2022 00:48:44 AEDT Chris PeBenito wrote: > > +# for sddm to use pam for greeter, sddm greeter needs execmod > > +allow xdm_t xdm_tmpfs_t:file execmod; > > + > > # Run Xorg.wrap > > can_exec(xserver_t, xserver_exec_t) > > > > Index: refpolicy-2.20220217/config/appconfig-mcs/seusers > > =================================================================== > > --- refpolicy-2.20220217.orig/config/appconfig-mcs/seusers > > +++ refpolicy-2.20220217/config/appconfig-mcs/seusers > > @@ -1,2 +1,3 @@ > > root:unconfined_u:s0-mcs_systemhigh > > __default__:unconfined_u:s0-mcs_systemhigh > > +sddm:xdm:s0 > > Did sddm:system_u fail? Yes, there's several programs that end up in the wrong domains (or try to) if you do that. > If we must have a new seuser, please place it in > the xserver module. The build system supports declaring users in modules. OK, that's in the next version. > The changes for seusers changes for standard and mls are missing. OK, done that too. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/