[PATCH] new sddm V2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This patch addresses all previous issues and I think it's ready to merge.

Signed-off-by: Russell Coker <russell@xxxxxxxxxxxx>

Index: refpolicy-2.20220326/policy/modules/services/xserver.te
===================================================================
--- refpolicy-2.20220326.orig/policy/modules/services/xserver.te
+++ refpolicy-2.20220326/policy/modules/services/xserver.te
@@ -62,6 +62,10 @@ gen_tunable(xserver_object_manager, fals
 ## </desc>
 gen_tunable(xserver_allow_dri, false)
 
+# for sddm to use pam for greeter
+role xdm_r;
+allow system_r xdm_r;
+
 attribute x_domain;
 
 # X Events
@@ -145,6 +149,7 @@ fs_associate_tmpfs(xconsole_device_t)
 files_associate_tmp(xconsole_device_t)
 
 type xdm_t;
+role xdm_r types xdm_t;
 type xdm_exec_t;
 auth_login_pgm_domain(xdm_t)
 init_domain(xdm_t, xdm_exec_t)
@@ -843,6 +848,9 @@ manage_files_pattern(xserver_t, xdm_tmp_
 manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 
+# for sddm to use pam for greeter, sddm greeter needs execmod
+allow xdm_t xdm_tmpfs_t:file execmod;
+
 # Run Xorg.wrap
 can_exec(xserver_t, xserver_exec_t)
 
@@ -1009,3 +1017,6 @@ allow xserver_unconfined_type { x_domain
 allow xserver_unconfined_type xextension_type:x_extension { query use };
 allow xserver_unconfined_type { x_domain xserver_t }:x_resource { read write };
 allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } { send receive };
+
+# for sddm to use pam for greeter
+gen_user(xdm,, xdm_r, s0, s0)
Index: refpolicy-2.20220326/config/appconfig-mcs/seusers
===================================================================
--- refpolicy-2.20220326.orig/config/appconfig-mcs/seusers
+++ refpolicy-2.20220326/config/appconfig-mcs/seusers
@@ -1,2 +1,3 @@
 root:unconfined_u:s0-mcs_systemhigh
 __default__:unconfined_u:s0-mcs_systemhigh
+sddm:xdm:s0
Index: refpolicy-2.20220326/config/appconfig-mcs/xdm_default_contexts
===================================================================
--- /dev/null
+++ refpolicy-2.20220326/config/appconfig-mcs/xdm_default_contexts
@@ -0,0 +1 @@
+system_r:xdm_t:s0		system_r:xdm_t:s0
Index: refpolicy-2.20220326/config/appconfig-mls/xdm_default_contexts
===================================================================
--- /dev/null
+++ refpolicy-2.20220326/config/appconfig-mls/xdm_default_contexts
@@ -0,0 +1 @@
+system_r:xdm_t:s0		system_r:xdm_t:s0
Index: refpolicy-2.20220326/config/appconfig-standard/xdm_default_contexts
===================================================================
--- /dev/null
+++ refpolicy-2.20220326/config/appconfig-standard/xdm_default_contexts
@@ -0,0 +1 @@
+system_r:xdm_t		system_r:xdm_t
Index: refpolicy-2.20220326/config/appconfig-mls/seusers
===================================================================
--- refpolicy-2.20220326.orig/config/appconfig-mls/seusers
+++ refpolicy-2.20220326/config/appconfig-mls/seusers
@@ -1,2 +1,3 @@
 root:root:s0-mls_systemhigh
 __default__:user_u:s0
+sddm:xdm:s0
Index: refpolicy-2.20220326/config/appconfig-standard/seusers
===================================================================
--- refpolicy-2.20220326.orig/config/appconfig-standard/seusers
+++ refpolicy-2.20220326/config/appconfig-standard/seusers
@@ -1,2 +1,3 @@
 root:root
 __default__:user_u
+sddm:xdm:s0
[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux