~ubuntu-branches/ubuntu/natty/refpolicy-ubuntu/natty

Viewing changes to debian/patches/xserver.patch

Committer: Bazaar Package Importer
Author(s): Marshall Miller
Date: 2009-03-24 02:17:01 UTC
Revision ID: james.westby@ubuntu.com-20090324021701-s6sji7jtsi2s6u6h

Tags: 0.2.20090324-0ubuntu1

* Updated to upstream trunk r2936
* Forced symlink creation in /etc/selinux.d/refpolicy
* Enabled alsa module
* Enabled fstools module
* Package renamed to refpolicy-ubuntu to avoid conflict with debian package
(LP: #352801).

files added:
debian

debian/README.Debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/dirs

debian/patches

debian/patches/avahi.patch

debian/patches/bluetooth.patch

debian/patches/capabilities.patch

debian/patches/conf.patch

debian/patches/consolekit.patch

debian/patches/corecommands.patch

debian/patches/cron.patch

debian/patches/cups.patch

debian/patches/dbus.patch

debian/patches/dhcp.patch

debian/patches/fstools.patch

debian/patches/hal.patch

debian/patches/init.patch

debian/patches/kernel.patch

debian/patches/libraries.patch

debian/patches/locallogin.patch

debian/patches/mount.patch

debian/patches/networkmanager.patch

debian/patches/old

debian/patches/old/conf.patch

debian/patches/old/cups.patch

debian/patches/old/dhcp.patch

debian/patches/old/files.patch

debian/patches/old/init.patch

debian/patches/old/lpd.patch

debian/patches/old/ssh.patch

debian/patches/old/sysnetwork.patch

debian/patches/old/unconfined.patch

debian/patches/old/users.patch

debian/patches/old/xserver.patch

debian/patches/polkit.patch

debian/patches/search_dir_open.patch

debian/patches/series

debian/patches/ssh.patch

debian/patches/sysnetwork.patch

debian/patches/udev.patch

debian/patches/unconfined.patch

debian/patches/userdomain.patch

debian/patches/usermanage.patch

debian/patches/users.patch

debian/patches/xserver.patch

debian/rules

debian/selinux-policy-ubuntu-dev.install

debian/selinux-policy-ubuntu-doc.install

debian/selinux-policy-ubuntu.install

debian/selinux-policy-ubuntu.postinst

debian/selinux-policy-ubuntu.postrm

Show diffs side-by-side

added added

removed removed

debian/patches/xserver.patch

/usr/bin/gnome-keyring-daemon (xdm_t) wants to chat with /usr/lib/libgconf2-4/gconfd-2 (unconfined_t):

interface=org.freedesktop.DBus, dest=org.freedesktop.DBus, member=Hello

/usr/lib/indicator-applet/indicator-applet (unconfined_t) wants to send to /usr/sbin/gdm (xdm_t):

interface=org.freedesktop.DBus.Properties, dest=:1.19, member=Get

/usr/lib/indicator-applet/indicator-applet (unconfined_t) wants to chat with /usr/X11R6/bin/X (xserver_t):

interface=org.freedesktop.DBus.Properties, dest=:1.13, member=Get

/usr/bin/gnome-keyring-daemon (xdm_t) wants acquire_svc for unconfined_t:

service=org.gnome.keyring

i think the target is unconfined_t because the user bus is running as unconfined_t.

---

policy/modules/services/xserver.fc | 19 +++++++++++++------

policy/modules/services/xserver.te | 4 ++++

2 files changed, 17 insertions(+), 6 deletions(-)

Index: b/policy/modules/services/xserver.fc

===================================================================

--- a/policy/modules/services/xserver.fc

+++ b/policy/modules/services/xserver.fc

@@ -9,6 +9,14 @@ HOME_DIR/\.ICEauthority.* -- gen_context

HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)

HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)

+/root/\.fonts\.conf -- gen_context(unconfined_u:object_r:user_fonts_config_t,s0)

+/root/\.fonts(/.*)? gen_context(unconfined_u:object_r:user_fonts_t,s0)

+/root/\.fonts/auto(/.*)? gen_context(unconfined_u:object_r:user_fonts_cache_t,s0)

+/root/\.fonts\.cache-.* -- gen_context(unconfined_u:object_r:user_fonts_cache_t,s0)

+/root/\.ICEauthority.* -- gen_context(unconfined_u:object_r:iceauth_home_t,s0)

+/root/\.xauth.* -- gen_context(unconfined_u:object_r:xauth_home_t,s0)

+/root/\.Xauthority.* -- gen_context(unconfined_u:object_r:xauth_home_t,s0)

# /dev

@@ -20,10 +28,10 @@ HOME_DIR/\.Xauthority.* -- gen_context(s

/etc/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)

-/etc/kde3?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0)

-/etc/kde3?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0)

-/etc/kde3?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)

-/etc/kde3?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)

+/etc/kde[34]?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0)

+/etc/kde[34]?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0)

+/etc/kde[34]?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)

+/etc/kde[34]?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)

/etc/X11/[wx]dm/Xreset.* -- gen_context(system_u:object_r:xsession_exec_t,s0)

/etc/X11/[wxg]dm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)

@@ -32,10 +40,9 @@ HOME_DIR/\.Xauthority.* -- gen_context(s

/etc/X11/wdm/Xstartup.* -- gen_context(system_u:object_r:xsession_exec_t,s0)

/etc/X11/Xsession[^/]* -- gen_context(system_u:object_r:xsession_exec_t,s0)

-ifdef(`distro_redhat',`

/etc/gdm/PostSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0)

/etc/gdm/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0)

-')

+/etc/gdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)

# /opt

Index: b/policy/modules/services/xserver.te

===================================================================

--- a/policy/modules/services/xserver.te

+++ b/policy/modules/services/xserver.te

@@ -467,6 +467,7 @@ sysnet_read_config(xdm_t)

userdom_dontaudit_use_unpriv_user_fds(xdm_t)

userdom_create_all_users_keys(xdm_t)

+userdom_dbus_chat_all_users(xdm_t)

# for .dmrc

userdom_read_user_home_content_files(xdm_t)

# Search /proc for any user domain processes.

@@ -552,6 +553,7 @@ optional_policy(`

optional_policy(`

unconfined_domain(xdm_t)

unconfined_domtrans(xdm_t)

+ unconfined_dbus_connect(xdm_t)

ifndef(`distro_redhat',`

allow xdm_t self:process { execheap execmem };

@@ -726,6 +728,7 @@ modutils_domtrans_insmod(xserver_t)

# read x_contexts

seutil_read_default_contexts(xserver_t)

+userdom_dbus_chat_all_users(xserver_t)

userdom_search_user_home_dirs(xserver_t)

userdom_use_user_ttys(xserver_t)

userdom_setattr_user_ttys(xserver_t)

@@ -845,6 +848,7 @@ tunable_policy(`use_samba_home_dirs',`

optional_policy(`

dbus_system_bus_client(xserver_t)

hal_dbus_chat(xserver_t)

+ hal_dbus_chat(xdm_t)

optional_policy(`

Older »