diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te index 2b56ed7..ade4fca 100644 --- a/policy/modules/admin/firstboot.te +++ b/policy/modules/admin/firstboot.te @@ -1,5 +1,5 @@ -policy_module(firstboot, 1.7.1) +policy_module(firstboot, 1.7.2) gen_require(` class passwd rootok; @@ -118,6 +118,10 @@ optional_policy(` usermanage_domtrans_admin_passwd(firstboot_t) ') +optional_policy(` + xserver_rw_xdm_xserver_shm(firstboot_t) +') + ifdef(`TODO',` allow firstboot_t proc_t:file write; diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 8300c4e..18fa881 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1674,6 +1674,24 @@ interface(`xserver_stream_connect_xdm_xserver',` ######################################## ## +## xdm xserver RW shared memory socket. +## +## +## +## Domain allowed access. +## +## +# +interface(`xserver_rw_xdm_xserver_shm',` + gen_require(` + type xdm_xserver_t; + ') + + allow $1 xdm_xserver_t:shm rw_shm_perms; +') + +######################################## +## ## Interface to provide X object permissions on a given X server to ## an X client domain. Gives the domain complete control over the ## display. diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 01757d4..f71f5c6 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,5 +1,5 @@ -policy_module(xserver, 2.1.0) +policy_module(xserver, 2.1.1) ######################################## #