metalefty/xrdp-next
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add vsock items to SELinux policy (thanks to mm19827 of gmail.com).

Browse Source
This commit is contained in:
Bojan Smojver 2020-01-13 07:28:49 +11:00
parent fb8dad37fc
commit d012f391c4
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
xrdp.spec
View File

@ -13,7 +13,7 @@ Summary: Open source remote desktop protocol (RDP) server
Name: xrdp
Epoch: 1
Version: 0.9.12
Release: 2%{?dist}
Release: 3%{?dist}
License: ASL 2.0
URL: http://www.xrdp.org/
Source0: https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xrdp-%{version}.tar.gz
@ -269,6 +269,9 @@ fi
%{_datadir}/selinux/*/%{name}.pp
%changelog
* Mon Jan 13 2020 Bojan Smojver <bojan@rexurive.com> - 1:0.9.12-3
- Add vsock items to SELinux policy (thanks to mm19827 of gmail.com)
* Sun Jan 12 2020 Bojan Smojver <bojan@rexurive.com> - 1:0.9.12-2
- Enable vsock (bug #1787953)

5
xrdp.te
View File

@ -1,8 +1,9 @@
module xrdp 1.0.1;
module xrdp 1.0.2;
require {
type unconfined_service_t;
type unconfined_t;
type unlabeled_t;
type xserver_exec_t;
type xserver_t;
type oddjob_t;
@ -10,11 +11,13 @@ require {
class process transition;
class file entrypoint;
class process2 nnp_transition;
class vsock_socket { getattr read write };
}
#============= unconfined_service_t ==============
allow unconfined_service_t unconfined_t:process transition;
allow unconfined_service_t oddjob_mkhomedir_exec_t:file entrypoint;
allow unconfined_service_t unlabeled_t:vsock_socket { getattr read write };
#============= unconfined_t ==============
allow unconfined_t xserver_exec_t:file entrypoint;