commit: e4cb86ffdac851ff96281ca1e185f2efff824b11 Author: Luis Ressel <aranea <AT> aixah <DOT> de> AuthorDate: Tue Nov 14 02:03:53 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Wed Nov 15 01:11:07 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e4cb86ff
xserver: Allow xdm_t to map usr_t files This is required for gtk-based login managers to access gtk's icon cache. IIRC, past discussion on the ML came to the conclusion that adding a new domain for this would be overkill. policy/modules/services/xserver.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 60570875..7e5a97d3 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -450,6 +450,7 @@ files_read_etc_runtime_files(xdm_t) files_exec_etc_files(xdm_t) files_list_mnt(xdm_t) # Read /usr/share/terminfo/l/linux and /usr/share/icons/default/index.theme... +files_map_usr_files(xdm_t) files_read_usr_files(xdm_t) # Poweroff wants to create the /poweroff file when run from xdm files_create_boot_flag(xdm_t)