commit: 02533322fa1a4030098ff54a3480b2fa7d362a8c
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Dec 18 22:42:39 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan 1 16:26:28 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=02533322
rtkit: enable dbus chat with xdm
Enable dbus messaging between the X Display Manager (XDM) and
the rtkit daemon.
Also, let the rtkit daemon set the priority of the X Display
Manager (XDM).
This patch (along with parts 3/5 and 4/5) might be needed when
running gdm.
I do apologize for the broken interface in the previous version
of this patch.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/services/xserver.if | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/policy/modules/services/xserver.if
b/policy/modules/services/xserver.if
index 3b55a08..bebc419 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -162,7 +162,6 @@ interface(`xserver_role',`
manage_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
-
')
#######################################
@@ -1350,3 +1349,22 @@ interface(`xserver_unconfined',`
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
+
+########################################
+## <summary>
+## Set the priority of the X Display
+## Manager (XDM).
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_setsched_xdm',`
+ gen_require(`
+ type xdm_t;
+ ')
+
+ allow $1 xdm_t:process setsched;
+')
