From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-922886-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 42CE3139087 for <garchives@archives.gentoo.org>; Fri, 13 Jan 2017 18:43:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A2F0FE0C74; Fri, 13 Jan 2017 18:43:12 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8246FE0C72 for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jan 2017 18:43:12 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0ED73341616 for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jan 2017 18:43:11 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6ED1D2622 for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jan 2017 18:43:09 +0000 (UTC) From: "Sven Vermeulen" <swift@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org> Message-ID: <1484332716.5f795b817282c2043871c0b527f8406cb5f86db8.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/services/xserver.if policy/modules/services/xserver.te X-VCS-Directories: policy/modules/services/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 5f795b817282c2043871c0b527f8406cb5f86db8 X-VCS-Branch: master Date: Fri, 13 Jan 2017 18:43:09 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: d5f304a6-5136-4dc4-942a-5c48a0c8ab83 X-Archives-Hash: 7e54a4c3e68738e81df56564e461842e commit: 5f795b817282c2043871c0b527f8406cb5f86db8 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Mon Jan 2 18:11:31 2017 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Jan 13 18:38:36 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5f795b81 xserver: Update from Russell Coker for boinc. policy/modules/services/xserver.if | 18 ++++++++++++++++++ policy/modules/services/xserver.te | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 59d5821..a054c9c 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1236,6 +1236,24 @@ interface(`xserver_dontaudit_getattr_xdm_tmp_sockets',` ######################################## ## <summary> +## list xdm_tmp_t directories +## </summary> +## <param name="domain"> +## <summary> +## Domain to allow +## </summary> +## </param> +# +interface(`xserver_list_xdm_tmp',` + gen_require(` + type xdm_tmp_t; + ') + + allow $1 xdm_tmp_t:dir list_dir_perms; +') + +######################################## +## <summary> ## Execute the X server in the X server domain. ## </summary> ## <param name="domain"> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 00fad47..33f0487 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,4 +1,4 @@ -policy_module(xserver, 3.12.7) +policy_module(xserver, 3.12.8) gen_require(` class x_drawable all_x_drawable_perms;