From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8C4C3138A2F for ; Wed, 13 Aug 2014 20:02:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B25B6E0C43; Wed, 13 Aug 2014 20:02:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1A4C6E0C3A for ; Wed, 13 Aug 2014 20:02:08 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 472CE3405B2 for ; Wed, 13 Aug 2014 20:02:07 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id DB7321881C for ; Wed, 13 Aug 2014 20:02:05 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1407960090.e7cfba2e5b61f61a7512eea93d319b6566dd081f.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/services/xserver.fc policy/modules/services/xserver.te X-VCS-Directories: policy/modules/services/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: e7cfba2e5b61f61a7512eea93d319b6566dd081f X-VCS-Branch: master Date: Wed, 13 Aug 2014 20:02:05 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 119cb9a9-c1d2-43a0-9559-c828c8afc75b X-Archives-Hash: e201d75cf26212fbdff2e3497f3fe26e commit: e7cfba2e5b61f61a7512eea93d319b6566dd081f Author: Sven Vermeulen siphos be> AuthorDate: Wed Aug 13 20:01:30 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Aug 13 20:01:30 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e7cfba2e Fix bug #516512 - Support non-root X11 which uses ~/.local/share/xorg --- policy/modules/services/xserver.fc | 2 ++ policy/modules/services/xserver.te | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index 9c8ebf8..c37e7c8 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -120,6 +120,8 @@ ifdef(`distro_suse',` ') ifdef(`distro_gentoo',` +HOME_DIR/\.local/share/xorg(/.*)? gen_context(system_u:object_r:xserver_xdg_data_home_t,s0) + /etc/lightdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) /var/cache/lightdm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 7119319..3eb114f 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1026,5 +1026,13 @@ ifdef(`distro_gentoo',` # xserver_t policy # + type xserver_xdg_data_home_t; + xdg_data_home_content(xserver_xdg_data_home_t) + + # Mark data in ~/.local/share as xserver_t XDG data, see bug #516512 + manage_dirs_pattern(xserver_t, xserver_xdg_data_home_t, xserver_xdg_data_home_t) + allow xserver_t xserver_xdg_data_home_t:file manage_file_perms; + xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir) + userdom_read_user_tmp_files(xserver_t) ')