1
/usr/bin/gnome-keyring-daemon (xdm_t) wants to chat with /usr/lib/libgconf2-4/gconfd-2 (unconfined_t):
2
interface=org.freedesktop.DBus, dest=org.freedesktop.DBus, member=Hello
3
/usr/lib/indicator-applet/indicator-applet (unconfined_t) wants to send to /usr/sbin/gdm (xdm_t):
4
interface=org.freedesktop.DBus.Properties, dest=:1.19, member=Get
5
/usr/lib/indicator-applet/indicator-applet (unconfined_t) wants to chat with /usr/X11R6/bin/X (xserver_t):
6
interface=org.freedesktop.DBus.Properties, dest=:1.13, member=Get
7
/usr/bin/gnome-keyring-daemon (xdm_t) wants acquire_svc for unconfined_t:
8
service=org.gnome.keyring
9
i think the target is unconfined_t because the user bus is running as unconfined_t.
11
policy/modules/services/xserver.fc | 19 +++++++++++++------
12
policy/modules/services/xserver.te | 4 ++++
13
2 files changed, 17 insertions(+), 6 deletions(-)
15
Index: b/policy/modules/services/xserver.fc
16
===================================================================
17
--- a/policy/modules/services/xserver.fc
18
+++ b/policy/modules/services/xserver.fc
19
@@ -9,6 +9,14 @@ HOME_DIR/\.ICEauthority.* -- gen_context
20
HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)
21
HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
23
+/root/\.fonts\.conf -- gen_context(unconfined_u:object_r:user_fonts_config_t,s0)
24
+/root/\.fonts(/.*)? gen_context(unconfined_u:object_r:user_fonts_t,s0)
25
+/root/\.fonts/auto(/.*)? gen_context(unconfined_u:object_r:user_fonts_cache_t,s0)
26
+/root/\.fonts\.cache-.* -- gen_context(unconfined_u:object_r:user_fonts_cache_t,s0)
27
+/root/\.ICEauthority.* -- gen_context(unconfined_u:object_r:iceauth_home_t,s0)
28
+/root/\.xauth.* -- gen_context(unconfined_u:object_r:xauth_home_t,s0)
29
+/root/\.Xauthority.* -- gen_context(unconfined_u:object_r:xauth_home_t,s0)
34
@@ -20,10 +28,10 @@ HOME_DIR/\.Xauthority.* -- gen_context(s
36
/etc/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
38
-/etc/kde3?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0)
39
-/etc/kde3?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0)
40
-/etc/kde3?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
41
-/etc/kde3?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)
42
+/etc/kde[34]?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0)
43
+/etc/kde[34]?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0)
44
+/etc/kde[34]?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
45
+/etc/kde[34]?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)
47
/etc/X11/[wx]dm/Xreset.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
48
/etc/X11/[wxg]dm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
49
@@ -32,10 +40,9 @@ HOME_DIR/\.Xauthority.* -- gen_context(s
50
/etc/X11/wdm/Xstartup.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
51
/etc/X11/Xsession[^/]* -- gen_context(system_u:object_r:xsession_exec_t,s0)
53
-ifdef(`distro_redhat',`
54
/etc/gdm/PostSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
55
/etc/gdm/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
57
+/etc/gdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
61
Index: b/policy/modules/services/xserver.te
62
===================================================================
63
--- a/policy/modules/services/xserver.te
64
+++ b/policy/modules/services/xserver.te
65
@@ -467,6 +467,7 @@ sysnet_read_config(xdm_t)
67
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
68
userdom_create_all_users_keys(xdm_t)
69
+userdom_dbus_chat_all_users(xdm_t)
71
userdom_read_user_home_content_files(xdm_t)
72
# Search /proc for any user domain processes.
73
@@ -552,6 +553,7 @@ optional_policy(`
75
unconfined_domain(xdm_t)
76
unconfined_domtrans(xdm_t)
77
+ unconfined_dbus_connect(xdm_t)
79
ifndef(`distro_redhat',`
80
allow xdm_t self:process { execheap execmem };
81
@@ -726,6 +728,7 @@ modutils_domtrans_insmod(xserver_t)
83
seutil_read_default_contexts(xserver_t)
85
+userdom_dbus_chat_all_users(xserver_t)
86
userdom_search_user_home_dirs(xserver_t)
87
userdom_use_user_ttys(xserver_t)
88
userdom_setattr_user_ttys(xserver_t)
89
@@ -845,6 +848,7 @@ tunable_policy(`use_samba_home_dirs',`
91
dbus_system_bus_client(xserver_t)
92
hal_dbus_chat(xserver_t)
93
+ hal_dbus_chat(xdm_t)