commit: e7cfba2e5b61f61a7512eea93d319b6566dd081f
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 13 20:01:30 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 13 20:01:30 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e7cfba2e
Fix bug #516512 - Support non-root X11 which uses ~/.local/share/xorg
---
policy/modules/services/xserver.fc | 2 ++
policy/modules/services/xserver.te | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/policy/modules/services/xserver.fc
b/policy/modules/services/xserver.fc
index 9c8ebf8..c37e7c8 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -120,6 +120,8 @@ ifdef(`distro_suse',`
')
ifdef(`distro_gentoo',`
+HOME_DIR/\.local/share/xorg(/.*)?
gen_context(system_u:object_r:xserver_xdg_data_home_t,s0)
+
/etc/lightdm/Xsession --
gen_context(system_u:object_r:xsession_exec_t,s0)
/var/cache/lightdm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --git a/policy/modules/services/xserver.te
b/policy/modules/services/xserver.te
index 7119319..3eb114f 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1026,5 +1026,13 @@ ifdef(`distro_gentoo',`
# xserver_t policy
#
+ type xserver_xdg_data_home_t;
+ xdg_data_home_content(xserver_xdg_data_home_t)
+
+ # Mark data in ~/.local/share as xserver_t XDG data, see bug #516512
+ manage_dirs_pattern(xserver_t, xserver_xdg_data_home_t,
xserver_xdg_data_home_t)
+ allow xserver_t xserver_xdg_data_home_t:file manage_file_perms;
+ xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir)
+
userdom_read_user_tmp_files(xserver_t)
')
