diff --git a/Changelog b/Changelog index d093f8b..20385a5 100644 --- a/Changelog +++ b/Changelog @@ -16,6 +16,7 @@ modemmanager(Dan Walsh) nslcd (Dan Walsh) shorewall (Dan Walsh) + xscreensaver (Corentin Labbe) * Thu Jul 30 2009 Chris PeBenito - 2.20090730 - Gentoo fixes for init scripts and system startup. diff --git a/policy/modules/apps/xscreensaver.fc b/policy/modules/apps/xscreensaver.fc index 64cd5fc..29396da 100644 --- a/policy/modules/apps/xscreensaver.fc +++ b/policy/modules/apps/xscreensaver.fc @@ -1 +1 @@ -/usr/bin/xscreensaver -- gen_context(system_u:object_r:xscreensaver_exec_t,s0) +/usr/bin/xscreensaver -- gen_context(system_u:object_r:xscreensaver_exec_t,s0) diff --git a/policy/modules/apps/xscreensaver.if b/policy/modules/apps/xscreensaver.if index 5a1c63c..1067bd1 100644 --- a/policy/modules/apps/xscreensaver.if +++ b/policy/modules/apps/xscreensaver.if @@ -1,4 +1,4 @@ -## xscreensaver policy interface +## X Screensaver ######################################## ## @@ -24,11 +24,7 @@ interface(`xscreensaver_role',` domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t) - allow xscreensaver_t $2:fd use; - # Allow the user domain to signal/ps. ps_process_pattern($2, xscreensaver_t) allow $2 xscreensaver_t:process signal_perms; - allow xscreensaver_t $2:process sigchld; - ') diff --git a/policy/modules/apps/xscreensaver.te b/policy/modules/apps/xscreensaver.te index f4f8b00..60df06e 100644 --- a/policy/modules/apps/xscreensaver.te +++ b/policy/modules/apps/xscreensaver.te @@ -1,3 +1,4 @@ + policy_module(xscreensaver, 1.0.0) ######################################## @@ -8,6 +9,7 @@ policy_module(xscreensaver, 1.0.0) type xscreensaver_t; type xscreensaver_exec_t; application_domain(xscreensaver_t, xscreensaver_exec_t) +ubac_constrained(xscreensaver_t) type xscreensaver_tmpfs_t; files_tmpfs_file(xscreensaver_tmpfs_t) @@ -17,36 +19,27 @@ ubac_constrained(xscreensaver_tmpfs_t) # # Local policy # -auth_use_nsswitch(xscreensaver_t) - -logging_send_audit_msgs(xscreensaver_t) -logging_send_syslog_msg(xscreensaver_t) -miscfiles_read_localization(xscreensaver_t) allow xscreensaver_t self:fifo_file rw_fifo_file_perms; allow xscreensaver_t self:process signal; -#access to .icons and ~/.xscreensaver -userdom_read_user_home_content_files(xscreensaver_t) - -userdom_use_user_ptys(xscreensaver_t) +kernel_read_system_state(xscreensaver_t) files_read_usr_files(xscreensaver_t) +auth_use_nsswitch(xscreensaver_t) auth_domtrans_chk_passwd(xscreensaver_t) #/var/run/utmp init_read_utmp(xscreensaver_t) -######################################## -# -# X Serveur and co -# -xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) +logging_send_audit_msgs(xscreensaver_t) +logging_send_syslog_msg(xscreensaver_t) -######################################## -# -# process, kernel and /proc /dev /sys -# +miscfiles_read_localization(xscreensaver_t) -kernel_read_system_state(xscreensaver_t) +userdom_use_user_ptys(xscreensaver_t) +#access to .icons and ~/.xscreensaver +userdom_read_user_home_content_files(xscreensaver_t) + +xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)