Non-drawing X client support for consolekit.
This commit is contained in:
parent
1322a1af4d
commit
6246e7d30a
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(consolekit, 1.5.0)
|
policy_module(consolekit, 1.5.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -108,6 +108,7 @@ optional_policy(`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
xserver_read_xdm_pid(consolekit_t)
|
xserver_read_xdm_pid(consolekit_t)
|
||||||
xserver_read_user_xauth(consolekit_t)
|
xserver_read_user_xauth(consolekit_t)
|
||||||
|
xserver_non_drawing_client(consolekit_t)
|
||||||
corenet_tcp_connect_xserver_port(consolekit_t)
|
corenet_tcp_connect_xserver_port(consolekit_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -232,6 +232,37 @@ interface(`xserver_rw_session',`
|
|||||||
allow $1 xserver_tmpfs_t:file rw_file_perms;
|
allow $1 xserver_tmpfs_t:file rw_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Create non-drawing client sessions on an X server.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`xserver_non_drawing_client',`
|
||||||
|
gen_require(`
|
||||||
|
class x_drawable { getattr get_property };
|
||||||
|
class x_extension { query use };
|
||||||
|
class x_gc { create setattr };
|
||||||
|
class x_property read;
|
||||||
|
|
||||||
|
type xserver_t, xdm_var_run_t;
|
||||||
|
type xextension_t, xproperty_t, root_xdrawable_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 self:x_gc { create setattr };
|
||||||
|
|
||||||
|
allow $1 xdm_var_run_t:dir search;
|
||||||
|
allow $1 xserver_t:unix_stream_socket connectto;
|
||||||
|
|
||||||
|
allow $1 xextension_t:x_extension { query use };
|
||||||
|
allow $1 root_xdrawable_t:x_drawable { getattr get_property };
|
||||||
|
allow $1 xproperty_t:x_property read;
|
||||||
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create full client sessions
|
## Create full client sessions
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(xserver, 3.3.1)
|
policy_module(xserver, 3.3.2)
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
class x_drawable all_x_drawable_perms;
|
class x_drawable all_x_drawable_perms;
|
||||||
|
Loading…
Reference in New Issue
Block a user