, ...

Jason Zaman Sat, 03 Sep 2022 12:54:16 -0700

commit:     a9fe3da3996138ab9d9a7b634bdf072d84c95187
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  3 19:42:40 2022 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Sep  3 19:42:40 2022 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a9fe3da3


xserver: Revert the rest of the sddm changes

Tried a partial revert in order to match upstream but validation still
fails so fully revert again.

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 config/appconfig-mcs/xdm_default_contexts      |  1 -
 config/appconfig-mls/xdm_default_contexts      |  1 -
 config/appconfig-standard/xdm_default_contexts |  1 -
 policy/modules/services/xserver.te             | 11 -----------
 4 files changed, 14 deletions(-)

diff --git a/config/appconfig-mcs/xdm_default_contexts 
b/config/appconfig-mcs/xdm_default_contexts
deleted file mode 100644
index 08c88c0f..00000000
--- a/config/appconfig-mcs/xdm_default_contexts
+++ /dev/null
@@ -1 +0,0 @@
-system_r:xdm_t:s0              system_r:xdm_t:s0

diff --git a/config/appconfig-mls/xdm_default_contexts 
b/config/appconfig-mls/xdm_default_contexts
deleted file mode 100644
index 08c88c0f..00000000
--- a/config/appconfig-mls/xdm_default_contexts
+++ /dev/null
@@ -1 +0,0 @@
-system_r:xdm_t:s0              system_r:xdm_t:s0

diff --git a/config/appconfig-standard/xdm_default_contexts 
b/config/appconfig-standard/xdm_default_contexts
deleted file mode 100644
index af1cb2e7..00000000
--- a/config/appconfig-standard/xdm_default_contexts
+++ /dev/null
@@ -1 +0,0 @@
-system_r:xdm_t         system_r:xdm_t

diff --git a/policy/modules/services/xserver.te 
b/policy/modules/services/xserver.te
index 24cea45b..347e96c2 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -62,10 +62,6 @@ gen_tunable(xserver_object_manager, false)
 ## </desc>
 gen_tunable(xserver_allow_dri, false)
 
-# for sddm to use pam for greeter
-role xdm_r;
-allow system_r xdm_r;
-
 attribute x_domain;
 
 # X Events
@@ -149,7 +145,6 @@ fs_associate_tmpfs(xconsole_device_t)
 files_associate_tmp(xconsole_device_t)
 
 type xdm_t;
-role xdm_r types xdm_t;
 type xdm_exec_t;
 auth_login_pgm_domain(xdm_t)
 init_domain(xdm_t, xdm_exec_t)
@@ -848,9 +843,6 @@ manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 
-# for sddm to use pam for greeter, sddm greeter needs execmod
-allow xdm_t xdm_tmpfs_t:file execmod;
-
 # Run Xorg.wrap
 can_exec(xserver_t, xserver_exec_t)
 
@@ -1054,6 +1046,3 @@ ifdef(`distro_gentoo',`
                cgmanager_stream_connect(xdm_t)
        ')
 ')
-
-# for sddm to use pam for greeter
-gen_user(xdm,, xdm_r, s0, s0)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, config/appconfig-mls/, config/appconfig-mcs/, ...

Reply via email to