commit: 715c4095e06198adb8aaaafe11cf332292d8e7ea
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 13 19:57:16 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 13 19:57:16 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=715c4095
Moving Gentoo specifics downward
---
policy/modules/services/xserver.te | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/policy/modules/services/xserver.te
b/policy/modules/services/xserver.te
index f2cc9b3..7119319 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -230,14 +230,11 @@ userdom_user_home_dir_filetrans(iceauth_t,
iceauth_home_t, file)
allow xdm_t iceauth_home_t:file read_file_perms;
-files_search_tmp(iceauth_t)
fs_search_auto_mountpoints(iceauth_t)
userdom_use_user_terminals(iceauth_t)
userdom_read_user_tmp_files(iceauth_t)
-getty_use_fds(iceauth_t)
-
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files(iceauth_t)
')
@@ -281,7 +278,6 @@ auth_use_nsswitch(xauth_t)
userdom_use_user_terminals(xauth_t)
userdom_read_user_tmp_files(xauth_t)
-userdom_read_user_tmp_files(xserver_t)
xserver_rw_xdm_tmp_files(xauth_t)
@@ -1014,3 +1010,21 @@ allow xserver_unconfined_type { x_domain xserver_t
}:x_keyboard *;
allow xserver_unconfined_type xextension_type:x_extension *;
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
+
+ifdef(`distro_gentoo',`
+ ########################################
+ #
+ # iceauth_t policy
+ #
+
+ files_search_tmp(iceauth_t)
+
+ getty_use_fds(iceauth_t)
+
+ ########################################
+ #
+ # xserver_t policy
+ #
+
+ userdom_read_user_tmp_files(xserver_t)
+')
