commit: b07ec91c10381d6464c06a8ded9c800ea91f5d22
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Thu Dec 1 15:00:38 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Dec 6 12:39:33 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b07ec91c
xserver: remove unneeded user content permissions
Remove unneeded permissions to read user content from the
xserver module.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/services/xserver.te | 6 ------
1 file changed, 6 deletions(-)
diff --git a/policy/modules/services/xserver.te
b/policy/modules/services/xserver.te
index 9cb5f74..12f05b0 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -843,12 +843,6 @@ corenet_tcp_bind_vnc_port(xserver_t)
init_use_fds(xserver_t)
-# FIXME: After per user fonts are properly working
-# xserver_t may no longer have any reason
-# to read ROLE_home_t - examine this in more detail
-# (xauth?)
-userdom_read_user_home_content_files(xserver_t)
-
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
