rpms/tigervnc
6
0
Fork 0
Code Issues Pull Requests Releases Activity
8e02c2f3a3
tigervnc/tigervnc-add-selinux-policy-rules-allowing-access-to-proc-sys-fs-nr-open.patch
Jan Grulich 8df6b161fe 1.15.0 
Resolves: RHEL-78617

Add SELinux policy rules allowing to access /proc/sys/fs/nr_open
Resolves: RHEL-77973

Add SELinux policy rules allowing to create directories under /root
Resolves: RHEL-77975

Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor
Resolves: RHEL-80208

Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText()
Resolves: RHEL-80189

Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms()
Resolves: RHEL-80194

Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey()
Resolves: RHEL-80196

Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient()
Resolves: RHEL-80197

Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow()
Resolves: RHEL-80206

Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents()
Resolves: RHEL-80205

Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger()
Resolves: RHEL-80209
2025-03-07 15:00:55 +01:00

28 lines
1.0 KiB
Diff
Raw Blame History

From 313200978926cc7b7521c0d645918391b7609681 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 27 Feb 2025 13:49:02 +0100
Subject: [PATCH] Add SELinux policy rules allowing to access
/proc/sys/fs/nr_open
This is needed when the nofile limit is set to unlimited, otherwise we
will fail to start a VNC session.
---
unix/vncserver/selinux/vncsession.te | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index d92f1bd..2ce4fc8 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -37,6 +37,10 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
+# Allow access to /proc/sys/fs/nr_open
+# Needed when the nofile limit is set to unlimited.
+kernel_read_fs_sysctls(vnc_session_t)
+
# Allowed to create ~/.local
optional_policy(`
gnome_filetrans_home_content(vnc_session_t)
Reference in New Issue View Git Blame Copy Permalink