Re: [PATCH] new sddm pam patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday, 18 February 2022 00:48:44 AEDT Chris PeBenito wrote:
> > +# for sddm to use pam for greeter, sddm greeter needs execmod
> > +allow xdm_t xdm_tmpfs_t:file execmod;
> > +
> > # Run Xorg.wrap
> > can_exec(xserver_t, xserver_exec_t)
> > 
> > Index: refpolicy-2.20220217/config/appconfig-mcs/seusers
> > ===================================================================
> > --- refpolicy-2.20220217.orig/config/appconfig-mcs/seusers
> > +++ refpolicy-2.20220217/config/appconfig-mcs/seusers
> > @@ -1,2 +1,3 @@
> > root:unconfined_u:s0-mcs_systemhigh
> > __default__:unconfined_u:s0-mcs_systemhigh
> > +sddm:xdm:s0
> 
> Did sddm:system_u fail?

Yes, there's several programs that end up in the wrong domains (or try to) if 
you do that.

> If we must have a new seuser, please place it in
> the xserver module.  The build system supports declaring users in modules.

OK, that's in the next version.

> The changes for seusers changes for standard and mls are missing.

OK, done that too.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux