[selinux-policy: 2979/3172] Tunable, optional, if(n)def block go below.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:25:11 UTC 2010
commit 60d27bf8abb33abb9217a0932075fae64c530a5c
Author: Dominick Grift <domg472 at gmail.com>
Date: Wed Sep 15 21:48:12 2010 +0200
Tunable, optional, if(n)def block go below.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
policy/modules/services/xserver.if | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
---
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 4bc9fff..fa4c4b5 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -59,10 +59,6 @@ interface(`xserver_restricted_role',`
domtrans_pattern($2, iceauth_exec_t, iceauth_t)
-ifdef(`hide_broken_symptoms', `
- dontaudit iceauth_t $2:socket_class_set { read write };
-')
-
allow $2 iceauth_home_t:file read_file_perms;
domtrans_pattern($2, xauth_exec_t, xauth_t)
@@ -100,9 +96,6 @@ ifdef(`hide_broken_symptoms', `
dev_write_misc($2)
# open office is looking for the following
dev_getattr_agp_dev($2)
- tunable_policy(`user_direct_dri',`
- dev_rw_dri($2)
- ')
# GNOME checks for usb and other devices:
dev_rw_usbfs($2)
@@ -121,11 +114,19 @@ ifdef(`hide_broken_symptoms', `
# Needed for escd, remove if we get escd policy
xserver_manage_xdm_tmp_files($2)
+ ifdef(`hide_broken_symptoms', `
+ dontaudit iceauth_t $2:socket_class_set { read write };
+ ')
+
# Client write xserver shm
tunable_policy(`allow_write_xshm',`
allow $2 xserver_t:shm rw_shm_perms;
allow $2 xserver_tmpfs_t:file rw_file_perms;
')
+
+ tunable_policy(`user_direct_dri',`
+ dev_rw_dri($2)
+ ')
')
########################################
@@ -513,15 +514,15 @@ template(`xserver_user_x_domain_template',`
xserver_object_types_template($1)
xserver_common_x_domain_template($1,$2)
- tunable_policy(`user_direct_dri',`
- dev_rw_dri($2)
- ')
-
# Client write xserver shm
tunable_policy(`allow_write_xshm',`
allow $2 xserver_t:shm rw_shm_perms;
allow $2 xserver_tmpfs_t:file rw_file_perms;
')
+
+ tunable_policy(`user_direct_dri',`
+ dev_rw_dri($2)
+ ')
')
########################################
@@ -582,6 +583,7 @@ interface(`xserver_domtrans_xauth',`
')
domtrans_pattern($1, xauth_exec_t, xauth_t)
+
ifdef(`hide_broken_symptoms', `
dontaudit xauth_t $1:socket_class_set { read write };
')
More information about the scm-commits
mailing list