diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te index 2b56ed7d..ade4fca7 100644 --- a/policy/modules/admin/firstboot.te +++ b/policy/modules/admin/firstboot.te @@ -1,5 +1,5 @@ -policy_module(firstboot, 1.7.1) +policy_module(firstboot, 1.7.2) gen_require(` class passwd rootok; @@ -118,6 +118,10 @@ optional_policy(` usermanage_domtrans_admin_passwd(firstboot_t) ') +optional_policy(` + xserver_rw_xdm_xserver_shm(firstboot_t) +') + ifdef(`TODO',` allow firstboot_t proc_t:file write; diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 8300c4ec..18fa8813 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1672,6 +1672,24 @@ interface(`xserver_stream_connect_xdm_xserver',` stream_connect_pattern($1, xdm_xserver_tmp_t, xdm_xserver_tmp_t, xdm_xserver_t) ') +######################################## +## <summary> +## xdm xserver RW shared memory socket. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_rw_xdm_xserver_shm',` + gen_require(` + type xdm_xserver_t; + ') + + allow $1 xdm_xserver_t:shm rw_shm_perms; +') + ######################################## ## <summary> ## Interface to provide X object permissions on a given X server to diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 01757d42..f71f5c67 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,5 +1,5 @@ -policy_module(xserver, 2.1.0) +policy_module(xserver, 2.1.1) ######################################## #