diff options
| author | Chris PeBenito <cpebenito@tresys.com> | 2009-09-15 09:18:07 -0400 |
|---|---|---|
| committer | Chris PeBenito <cpebenito@tresys.com> | 2009-09-15 09:41:42 -0400 |
| commit | 1d3b9e384c06cc2e57579b61c968bd75a411baeb (patch) | |
| tree | 33cba07a1cfa8dc860abe3401385642b70059899 | |
| parent | 31f9c109c1e9579d11421a03fdb96179bd52924e (diff) | |
clean up xscreensaver.
| -rw-r--r-- | Changelog | 1 | ||||
| -rw-r--r-- | policy/modules/apps/xscreensaver.fc | 2 | ||||
| -rw-r--r-- | policy/modules/apps/xscreensaver.if | 6 | ||||
| -rw-r--r-- | policy/modules/apps/xscreensaver.te | 31 |
4 files changed, 15 insertions, 25 deletions
@@ -16,6 +16,7 @@ modemmanager(Dan Walsh) nslcd (Dan Walsh) shorewall (Dan Walsh) + xscreensaver (Corentin Labbe) * Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730 - Gentoo fixes for init scripts and system startup. diff --git a/policy/modules/apps/xscreensaver.fc b/policy/modules/apps/xscreensaver.fc index 64cd5fc2..29396daa 100644 --- a/policy/modules/apps/xscreensaver.fc +++ b/policy/modules/apps/xscreensaver.fc @@ -1 +1 @@ -/usr/bin/xscreensaver -- gen_context(system_u:object_r:xscreensaver_exec_t,s0) +/usr/bin/xscreensaver -- gen_context(system_u:object_r:xscreensaver_exec_t,s0) diff --git a/policy/modules/apps/xscreensaver.if b/policy/modules/apps/xscreensaver.if index 5a1c63c7..1067bd1f 100644 --- a/policy/modules/apps/xscreensaver.if +++ b/policy/modules/apps/xscreensaver.if @@ -1,4 +1,4 @@ -## <summary>xscreensaver policy interface</summary> +## <summary>X Screensaver</summary> ######################################## ## <summary> @@ -24,11 +24,7 @@ interface(`xscreensaver_role',` domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t) - allow xscreensaver_t $2:fd use; - # Allow the user domain to signal/ps. ps_process_pattern($2, xscreensaver_t) allow $2 xscreensaver_t:process signal_perms; - allow xscreensaver_t $2:process sigchld; - ') diff --git a/policy/modules/apps/xscreensaver.te b/policy/modules/apps/xscreensaver.te index f4f8b005..60df06ed 100644 --- a/policy/modules/apps/xscreensaver.te +++ b/policy/modules/apps/xscreensaver.te @@ -1,3 +1,4 @@ + policy_module(xscreensaver, 1.0.0) ######################################## @@ -8,6 +9,7 @@ policy_module(xscreensaver, 1.0.0) type xscreensaver_t; type xscreensaver_exec_t; application_domain(xscreensaver_t, xscreensaver_exec_t) +ubac_constrained(xscreensaver_t) type xscreensaver_tmpfs_t; files_tmpfs_file(xscreensaver_tmpfs_t) @@ -17,36 +19,27 @@ ubac_constrained(xscreensaver_tmpfs_t) # # Local policy # -auth_use_nsswitch(xscreensaver_t) - -logging_send_audit_msgs(xscreensaver_t) -logging_send_syslog_msg(xscreensaver_t) -miscfiles_read_localization(xscreensaver_t) allow xscreensaver_t self:fifo_file rw_fifo_file_perms; allow xscreensaver_t self:process signal; -#access to .icons and ~/.xscreensaver -userdom_read_user_home_content_files(xscreensaver_t) - -userdom_use_user_ptys(xscreensaver_t) +kernel_read_system_state(xscreensaver_t) files_read_usr_files(xscreensaver_t) +auth_use_nsswitch(xscreensaver_t) auth_domtrans_chk_passwd(xscreensaver_t) #/var/run/utmp init_read_utmp(xscreensaver_t) -######################################## -# -# X Serveur and co -# -xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) +logging_send_audit_msgs(xscreensaver_t) +logging_send_syslog_msg(xscreensaver_t) -######################################## -# -# process, kernel and /proc /dev /sys -# +miscfiles_read_localization(xscreensaver_t) -kernel_read_system_state(xscreensaver_t) +userdom_use_user_ptys(xscreensaver_t) +#access to .icons and ~/.xscreensaver +userdom_read_user_home_content_files(xscreensaver_t) + +xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) |