* [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent
@ 2018-06-24 9:56 Jason Zaman
2018-06-24 9:56 ` [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir Jason Zaman
` (4 more replies)
0 siblings, 5 replies; 10+ messages in thread
From: Jason Zaman @ 2018-06-24 9:56 UTC (permalink / raw)
To: refpolicy
---
policy/modules/system/xdg.if | 47 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 46 insertions(+), 1 deletion(-)
diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
index 9b4e0083..f1439e2c 100644
--- a/policy/modules/system/xdg.if
+++ b/policy/modules/system/xdg.if
@@ -63,7 +63,6 @@ interface(`xdg_data_content',`
userdom_user_home_content($1)
')
-
########################################
## <summary>
## Read the xdg cache home files
@@ -80,7 +79,9 @@ interface(`xdg_read_cache_files',`
')
read_files_pattern($1, xdg_cache_t, xdg_cache_t)
+ allow $1 xdg_cache_t:file map;
list_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+ read_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
@@ -101,6 +102,9 @@ interface(`xdg_read_all_cache_files',`
')
read_files_pattern($1, xdg_cache_type, xdg_cache_type)
+ allow $1 xdg_cache_type:file map;
+ list_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
+ read_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
@@ -209,6 +213,7 @@ interface(`xdg_manage_cache',`
manage_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
manage_files_pattern($1, xdg_cache_t, xdg_cache_t)
+ allow $1 xdg_cache_t:file map;
manage_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
@@ -233,6 +238,7 @@ interface(`xdg_manage_all_cache',`
manage_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
manage_files_pattern($1, xdg_cache_type, xdg_cache_type)
+ allow $1 xdg_cache_type:file map;
manage_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
@@ -324,7 +330,9 @@ interface(`xdg_read_config_files',`
')
read_files_pattern($1, xdg_config_t, xdg_config_t)
+ allow $1 xdg_config_t:file map;
list_dirs_pattern($1, xdg_config_t, xdg_config_t)
+ read_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
@@ -345,6 +353,9 @@ interface(`xdg_read_all_config_files',`
')
read_files_pattern($1, xdg_config_type, xdg_config_type)
+ allow $1 xdg_config_type:file map;
+ list_dirs_pattern($1, xdg_config_type, xdg_config_type)
+ read_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
@@ -454,6 +465,7 @@ interface(`xdg_manage_config',`
manage_dirs_pattern($1, xdg_config_t, xdg_config_t)
manage_files_pattern($1, xdg_config_t, xdg_config_t)
+ allow $1 xdg_config_t:file map;
manage_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
manage_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
manage_sock_files_pattern($1, xdg_config_t, xdg_config_t)
@@ -478,6 +490,7 @@ interface(`xdg_manage_all_config',`
manage_dirs_pattern($1, xdg_config_type, xdg_config_type)
manage_files_pattern($1, xdg_config_type, xdg_config_type)
+ allow $1 xdg_config_type:file map;
manage_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
manage_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
manage_sock_files_pattern($1, xdg_config_type, xdg_config_type)
@@ -549,7 +562,9 @@ interface(`xdg_read_data_files',`
')
read_files_pattern($1, xdg_data_t, xdg_data_t)
+ allow $1 xdg_data_t:file map;
list_dirs_pattern($1, xdg_data_t, xdg_data_t)
+ read_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
@@ -570,6 +585,9 @@ interface(`xdg_read_all_data_files',`
')
read_files_pattern($1, xdg_data_type, xdg_data_type)
+ allow $1 xdg_data_type:file map;
+ list_dirs_pattern($1, xdg_data_type, xdg_data_type)
+ read_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
@@ -678,6 +696,7 @@ interface(`xdg_manage_data',`
manage_dirs_pattern($1, xdg_data_t, xdg_data_t)
manage_files_pattern($1, xdg_data_t, xdg_data_t)
+ allow $1 xdg_data_t:file map;
manage_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
manage_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
manage_sock_files_pattern($1, xdg_data_t, xdg_data_t)
@@ -702,6 +721,7 @@ interface(`xdg_manage_all_data',`
manage_dirs_pattern($1, xdg_data_type, xdg_data_type)
manage_files_pattern($1, xdg_data_type, xdg_data_type)
+ allow $1 xdg_data_type:file map;
manage_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
manage_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
manage_sock_files_pattern($1, xdg_data_type, xdg_data_type)
@@ -803,6 +823,8 @@ interface(`xdg_manage_documents',`
manage_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
manage_files_pattern($1, xdg_documents_t, xdg_documents_t)
+ allow $1 xdg_documents_t:file map;
+ manage_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
')
########################################
@@ -843,6 +865,9 @@ interface(`xdg_read_downloads',`
')
read_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ allow $1 xdg_downloads_t:file map;
+ list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
@@ -863,6 +888,9 @@ interface(`xdg_create_downloads',`
')
create_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ allow $1 xdg_downloads_t:file map;
+ create_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ create_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
@@ -883,6 +911,9 @@ interface(`xdg_write_downloads',`
')
write_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ allow $1 xdg_downloads_t:file map;
+ list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
@@ -933,6 +964,8 @@ interface(`xdg_manage_downloads',`
manage_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
manage_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+ allow $1 xdg_downloads_t:file map;
+ manage_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
')
########################################
@@ -973,7 +1006,9 @@ interface(`xdg_read_pictures',`
')
read_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+ allow $1 xdg_pictures_t:file map;
list_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
+ read_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
userdom_search_user_home_dirs($1)
')
@@ -1024,6 +1059,8 @@ interface(`xdg_manage_pictures',`
manage_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
manage_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+ allow $1 xdg_pictures_t:file map;
+ manage_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
')
########################################
@@ -1064,7 +1101,9 @@ interface(`xdg_read_music',`
')
read_files_pattern($1, xdg_music_t, xdg_music_t)
+ allow $1 xdg_music_t:file map;
list_dirs_pattern($1, xdg_music_t, xdg_music_t)
+ read_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
userdom_search_user_home_dirs($1)
')
@@ -1115,6 +1154,8 @@ interface(`xdg_manage_music',`
manage_dirs_pattern($1, xdg_music_t, xdg_music_t)
manage_files_pattern($1, xdg_music_t, xdg_music_t)
+ allow $1 xdg_music_t:file map;
+ manage_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
')
########################################
@@ -1155,7 +1196,9 @@ interface(`xdg_read_videos',`
')
read_files_pattern($1, xdg_videos_t, xdg_videos_t)
+ allow $1 xdg_videos_t:file map;
list_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
+ read_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
userdom_search_user_home_dirs($1)
')
@@ -1206,6 +1249,8 @@ interface(`xdg_manage_videos',`
manage_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
manage_files_pattern($1, xdg_videos_t, xdg_videos_t)
+ allow $1 xdg_videos_t:file map;
+ manage_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
')
########################################
--
2.16.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir
2018-06-24 9:56 [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Jason Zaman
@ 2018-06-24 9:56 ` Jason Zaman
2018-06-25 0:32 ` Chris PeBenito
2018-06-24 9:56 ` [refpolicy] [PATCH 3/5] xdg: Introduce xdg_search_cache_dirs Jason Zaman
` (3 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Jason Zaman @ 2018-06-24 9:56 UTC (permalink / raw)
To: refpolicy
SELinux 2.8 is stricter with duplicate filetrans and these rules cause
problems if a domain needs more than one xdg dir.
Domains should call xdg_generic_user_home_dir_filetrans_data directly if
needed.
---
policy/modules/system/xdg.if | 4 ----
1 file changed, 4 deletions(-)
diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
index f1439e2c..1bff4ae0 100644
--- a/policy/modules/system/xdg.if
+++ b/policy/modules/system/xdg.if
@@ -146,7 +146,6 @@ interface(`xdg_cache_filetrans',`
filetrans_pattern($1, xdg_cache_t, $2, $3, $4)
xdg_create_cache_dirs($1)
- xdg_generic_user_home_dir_filetrans_cache($1, dir, ".cache")
')
########################################
@@ -397,8 +396,6 @@ interface(`xdg_config_filetrans',`
filetrans_pattern($1, xdg_config_t, $2, $3, $4)
xdg_create_config_dirs($1)
- xdg_generic_user_home_dir_filetrans_config($1, dir, ".config")
-
')
########################################
@@ -629,7 +626,6 @@ interface(`xdg_data_filetrans',`
filetrans_pattern($1, xdg_data_t, $2, $3, $4)
xdg_create_data_dirs($1)
- xdg_generic_user_home_dir_filetrans_data($1, dir, ".local")
')
########################################
--
2.16.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 3/5] xdg: Introduce xdg_search_cache_dirs
2018-06-24 9:56 [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Jason Zaman
2018-06-24 9:56 ` [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir Jason Zaman
@ 2018-06-24 9:56 ` Jason Zaman
2018-06-25 0:33 ` Chris PeBenito
2018-06-24 9:56 ` [refpolicy] [PATCH 4/5] xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/ Jason Zaman
` (2 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Jason Zaman @ 2018-06-24 9:56 UTC (permalink / raw)
To: refpolicy
---
policy/modules/system/xdg.if | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
index 1bff4ae0..11fc4306 100644
--- a/policy/modules/system/xdg.if
+++ b/policy/modules/system/xdg.if
@@ -63,6 +63,26 @@ interface(`xdg_data_content',`
userdom_user_home_content($1)
')
+########################################
+## <summary>
+## Search through the xdg cache home directories
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_search_cache_dirs',`
+ gen_require(`
+ type xdg_cache_t;
+ ')
+
+ search_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+
+ userdom_search_user_home_dirs($1)
+')
+
########################################
## <summary>
## Read the xdg cache home files
--
2.16.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 4/5] xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/
2018-06-24 9:56 [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Jason Zaman
2018-06-24 9:56 ` [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir Jason Zaman
2018-06-24 9:56 ` [refpolicy] [PATCH 3/5] xdg: Introduce xdg_search_cache_dirs Jason Zaman
@ 2018-06-24 9:56 ` Jason Zaman
2018-06-25 0:33 ` Chris PeBenito
2018-06-24 9:56 ` [refpolicy] [PATCH 5/5] apps: rw mesa_shader_cache Jason Zaman
2018-06-25 0:32 ` [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Chris PeBenito
4 siblings, 1 reply; 10+ messages in thread
From: Jason Zaman @ 2018-06-24 9:56 UTC (permalink / raw)
To: refpolicy
---
policy/modules/services/xserver.fc | 1 +
policy/modules/services/xserver.if | 37 ++++++++++++++++++++++++++++++++++---
policy/modules/services/xserver.te | 9 +++++++++
3 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 4905afd7..3a193743 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -1,6 +1,7 @@
#
# HOME_DIR
#
+HOME_DIR/\.cache/mesa_shader_cache(/.*)? gen_context(system_u:object_r:mesa_shader_cache_t,s0)
HOME_DIR/\.dmrc -- gen_context(system_u:object_r:dmrc_home_t,s0)
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 485081ee..d4c883c7 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -138,6 +138,7 @@ interface(`xserver_role',`
gen_require(`
type iceauth_home_t, xserver_t, xserver_tmpfs_t, xauth_home_t;
type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
+ type mesa_shader_cache_t;
')
xserver_restricted_role($1, $2)
@@ -167,6 +168,12 @@ interface(`xserver_role',`
relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
+ manage_dirs_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+ manage_files_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+ allow $2 mesa_shader_cache_t:file map;
+ relabel_dirs_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+ relabel_files_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+
xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority")
xserver_read_xkb_libs($2)
@@ -178,17 +185,17 @@ interface(`xserver_role',`
xdg_relabel_all_config($2)
xdg_manage_all_data($2)
xdg_relabel_all_data($2)
-
+
xdg_generic_user_home_dir_filetrans_cache($2, dir, ".cache")
xdg_generic_user_home_dir_filetrans_config($2, dir, ".config")
xdg_generic_user_home_dir_filetrans_data($2, dir, ".local")
-
+
xdg_generic_user_home_dir_filetrans_documents($2, dir, "Documents")
xdg_generic_user_home_dir_filetrans_downloads($2, dir, "Downloads")
xdg_generic_user_home_dir_filetrans_music($2, dir, "Music")
xdg_generic_user_home_dir_filetrans_pictures($2, dir, "Pictures")
xdg_generic_user_home_dir_filetrans_videos($2, dir, "Videos")
-
+
xdg_manage_documents($2)
xdg_relabel_documents($2)
xdg_manage_downloads($2)
@@ -199,6 +206,8 @@ interface(`xserver_role',`
xdg_relabel_pictures($2)
xdg_manage_videos($2)
xdg_relabel_videos($2)
+
+ xdg_cache_filetrans($2, mesa_shader_cache_t, dir, "mesa_shader_cache")
')
')
@@ -1619,3 +1628,25 @@ interface(`xserver_rw_xdm_keys',`
allow $1 xdm_t:key { read write setattr };
')
+
+########################################
+## <summary>
+## Read and write the mesa shader cache.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_rw_mesa_shader_cache',`
+ gen_require(`
+ type mesa_shader_cache_t;
+ ')
+
+ rw_dirs_pattern($1, mesa_shader_cache_t, mesa_shader_cache_t)
+ rw_files_pattern($1, mesa_shader_cache_t, mesa_shader_cache_t)
+ allow $1 mesa_shader_cache_t:file map;
+
+ xdg_search_cache_dirs($1)
+')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 73c38882..584f6a8b 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -229,6 +229,9 @@ userdom_user_home_content(xsession_log_t)
type xserver_log_t;
logging_log_file(xserver_log_t)
+type mesa_shader_cache_t;
+xdg_cache_content(mesa_shader_cache_t)
+
ifdef(`enable_mcs',`
init_ranged_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
init_ranged_daemon_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
@@ -693,6 +696,12 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
+manage_dirs_pattern(xserver_t, mesa_shader_cache_t, mesa_shader_cache_t)
+manage_files_pattern(xserver_t, mesa_shader_cache_t, mesa_shader_cache_t)
+allow xserver_t mesa_shader_cache_t:file map;
+xdg_cache_filetrans(xserver_t, mesa_shader_cache_t, dir, "mesa_shader_cache")
+xdg_generic_user_home_dir_filetrans_cache(xserver_t, dir, ".cache")
+
domtrans_pattern(xserver_t, xauth_exec_t, xauth_t)
allow xserver_t xauth_home_t:file read_file_perms;
--
2.16.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 5/5] apps: rw mesa_shader_cache
2018-06-24 9:56 [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Jason Zaman
` (2 preceding siblings ...)
2018-06-24 9:56 ` [refpolicy] [PATCH 4/5] xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/ Jason Zaman
@ 2018-06-24 9:56 ` Jason Zaman
2018-06-25 0:33 ` Chris PeBenito
2018-06-25 0:32 ` [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Chris PeBenito
4 siblings, 1 reply; 10+ messages in thread
From: Jason Zaman @ 2018-06-24 9:56 UTC (permalink / raw)
To: refpolicy
---
policy/modules/apps/games.te | 1 +
policy/modules/apps/mplayer.te | 1 +
2 files changed, 2 insertions(+)
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
index 0cdebe62..7389bd74 100644
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@@ -194,4 +194,5 @@ optional_policy(`
xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
xserver_create_xdm_tmp_sockets(games_t)
xserver_read_xdm_lib_files(games_t)
+ xserver_rw_mesa_shader_cache(games_t)
')
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index f594fff7..a6e447bd 100644
--- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te
@@ -216,6 +216,7 @@ xdg_read_music(mplayer_t)
xdg_read_videos(mplayer_t)
xserver_user_x_domain_template(mplayer, mplayer_t, mplayer_tmpfs_t)
+xserver_rw_mesa_shader_cache(mplayer_t)
ifndef(`enable_mls',`
fs_list_dos(mplayer_t)
--
2.16.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent
2018-06-24 9:56 [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Jason Zaman
` (3 preceding siblings ...)
2018-06-24 9:56 ` [refpolicy] [PATCH 5/5] apps: rw mesa_shader_cache Jason Zaman
@ 2018-06-25 0:32 ` Chris PeBenito
4 siblings, 0 replies; 10+ messages in thread
From: Chris PeBenito @ 2018-06-25 0:32 UTC (permalink / raw)
To: refpolicy
On 06/24/2018 05:56 AM, Jason Zaman wrote:
> ---
> policy/modules/system/xdg.if | 47 +++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 46 insertions(+), 1 deletion(-)
>
> diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
> index 9b4e0083..f1439e2c 100644
> --- a/policy/modules/system/xdg.if
> +++ b/policy/modules/system/xdg.if
> @@ -63,7 +63,6 @@ interface(`xdg_data_content',`
> userdom_user_home_content($1)
> ')
>
> -
> ########################################
> ## <summary>
> ## Read the xdg cache home files
> @@ -80,7 +79,9 @@ interface(`xdg_read_cache_files',`
> ')
>
> read_files_pattern($1, xdg_cache_t, xdg_cache_t)
> + allow $1 xdg_cache_t:file map;
> list_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
> + read_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -101,6 +102,9 @@ interface(`xdg_read_all_cache_files',`
> ')
>
> read_files_pattern($1, xdg_cache_type, xdg_cache_type)
> + allow $1 xdg_cache_type:file map;
> + list_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
> + read_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -209,6 +213,7 @@ interface(`xdg_manage_cache',`
>
> manage_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
> manage_files_pattern($1, xdg_cache_t, xdg_cache_t)
> + allow $1 xdg_cache_t:file map;
> manage_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
> manage_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
> manage_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
> @@ -233,6 +238,7 @@ interface(`xdg_manage_all_cache',`
>
> manage_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
> manage_files_pattern($1, xdg_cache_type, xdg_cache_type)
> + allow $1 xdg_cache_type:file map;
> manage_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
> manage_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
> manage_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
> @@ -324,7 +330,9 @@ interface(`xdg_read_config_files',`
> ')
>
> read_files_pattern($1, xdg_config_t, xdg_config_t)
> + allow $1 xdg_config_t:file map;
> list_dirs_pattern($1, xdg_config_t, xdg_config_t)
> + read_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -345,6 +353,9 @@ interface(`xdg_read_all_config_files',`
> ')
>
> read_files_pattern($1, xdg_config_type, xdg_config_type)
> + allow $1 xdg_config_type:file map;
> + list_dirs_pattern($1, xdg_config_type, xdg_config_type)
> + read_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -454,6 +465,7 @@ interface(`xdg_manage_config',`
>
> manage_dirs_pattern($1, xdg_config_t, xdg_config_t)
> manage_files_pattern($1, xdg_config_t, xdg_config_t)
> + allow $1 xdg_config_t:file map;
> manage_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
> manage_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
> manage_sock_files_pattern($1, xdg_config_t, xdg_config_t)
> @@ -478,6 +490,7 @@ interface(`xdg_manage_all_config',`
>
> manage_dirs_pattern($1, xdg_config_type, xdg_config_type)
> manage_files_pattern($1, xdg_config_type, xdg_config_type)
> + allow $1 xdg_config_type:file map;
> manage_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
> manage_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
> manage_sock_files_pattern($1, xdg_config_type, xdg_config_type)
> @@ -549,7 +562,9 @@ interface(`xdg_read_data_files',`
> ')
>
> read_files_pattern($1, xdg_data_t, xdg_data_t)
> + allow $1 xdg_data_t:file map;
> list_dirs_pattern($1, xdg_data_t, xdg_data_t)
> + read_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -570,6 +585,9 @@ interface(`xdg_read_all_data_files',`
> ')
>
> read_files_pattern($1, xdg_data_type, xdg_data_type)
> + allow $1 xdg_data_type:file map;
> + list_dirs_pattern($1, xdg_data_type, xdg_data_type)
> + read_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -678,6 +696,7 @@ interface(`xdg_manage_data',`
>
> manage_dirs_pattern($1, xdg_data_t, xdg_data_t)
> manage_files_pattern($1, xdg_data_t, xdg_data_t)
> + allow $1 xdg_data_t:file map;
> manage_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
> manage_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
> manage_sock_files_pattern($1, xdg_data_t, xdg_data_t)
> @@ -702,6 +721,7 @@ interface(`xdg_manage_all_data',`
>
> manage_dirs_pattern($1, xdg_data_type, xdg_data_type)
> manage_files_pattern($1, xdg_data_type, xdg_data_type)
> + allow $1 xdg_data_type:file map;
> manage_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
> manage_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
> manage_sock_files_pattern($1, xdg_data_type, xdg_data_type)
> @@ -803,6 +823,8 @@ interface(`xdg_manage_documents',`
>
> manage_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
> manage_files_pattern($1, xdg_documents_t, xdg_documents_t)
> + allow $1 xdg_documents_t:file map;
> + manage_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
> ')
>
> ########################################
> @@ -843,6 +865,9 @@ interface(`xdg_read_downloads',`
> ')
>
> read_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + allow $1 xdg_downloads_t:file map;
> + list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -863,6 +888,9 @@ interface(`xdg_create_downloads',`
> ')
>
> create_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + allow $1 xdg_downloads_t:file map;
> + create_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + create_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -883,6 +911,9 @@ interface(`xdg_write_downloads',`
> ')
>
> write_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + allow $1 xdg_downloads_t:file map;
> + list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -933,6 +964,8 @@ interface(`xdg_manage_downloads',`
>
> manage_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
> manage_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
> + allow $1 xdg_downloads_t:file map;
> + manage_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
> ')
>
> ########################################
> @@ -973,7 +1006,9 @@ interface(`xdg_read_pictures',`
> ')
>
> read_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
> + allow $1 xdg_pictures_t:file map;
> list_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
> + read_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -1024,6 +1059,8 @@ interface(`xdg_manage_pictures',`
>
> manage_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
> manage_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
> + allow $1 xdg_pictures_t:file map;
> + manage_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
> ')
>
> ########################################
> @@ -1064,7 +1101,9 @@ interface(`xdg_read_music',`
> ')
>
> read_files_pattern($1, xdg_music_t, xdg_music_t)
> + allow $1 xdg_music_t:file map;
> list_dirs_pattern($1, xdg_music_t, xdg_music_t)
> + read_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -1115,6 +1154,8 @@ interface(`xdg_manage_music',`
>
> manage_dirs_pattern($1, xdg_music_t, xdg_music_t)
> manage_files_pattern($1, xdg_music_t, xdg_music_t)
> + allow $1 xdg_music_t:file map;
> + manage_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
> ')
>
> ########################################
> @@ -1155,7 +1196,9 @@ interface(`xdg_read_videos',`
> ')
>
> read_files_pattern($1, xdg_videos_t, xdg_videos_t)
> + allow $1 xdg_videos_t:file map;
> list_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
> + read_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
>
> userdom_search_user_home_dirs($1)
> ')
> @@ -1206,6 +1249,8 @@ interface(`xdg_manage_videos',`
>
> manage_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
> manage_files_pattern($1, xdg_videos_t, xdg_videos_t)
> + allow $1 xdg_videos_t:file map;
> + manage_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
> ')
>
> ########################################
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir
2018-06-24 9:56 ` [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir Jason Zaman
@ 2018-06-25 0:32 ` Chris PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Chris PeBenito @ 2018-06-25 0:32 UTC (permalink / raw)
To: refpolicy
On 06/24/2018 05:56 AM, Jason Zaman wrote:
> SELinux 2.8 is stricter with duplicate filetrans and these rules cause
> problems if a domain needs more than one xdg dir.
>
> Domains should call xdg_generic_user_home_dir_filetrans_data directly if
> needed.
> ---
> policy/modules/system/xdg.if | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
> index f1439e2c..1bff4ae0 100644
> --- a/policy/modules/system/xdg.if
> +++ b/policy/modules/system/xdg.if
> @@ -146,7 +146,6 @@ interface(`xdg_cache_filetrans',`
> filetrans_pattern($1, xdg_cache_t, $2, $3, $4)
>
> xdg_create_cache_dirs($1)
> - xdg_generic_user_home_dir_filetrans_cache($1, dir, ".cache")
> ')
>
> ########################################
> @@ -397,8 +396,6 @@ interface(`xdg_config_filetrans',`
> filetrans_pattern($1, xdg_config_t, $2, $3, $4)
>
> xdg_create_config_dirs($1)
> - xdg_generic_user_home_dir_filetrans_config($1, dir, ".config")
> -
> ')
>
> ########################################
> @@ -629,7 +626,6 @@ interface(`xdg_data_filetrans',`
> filetrans_pattern($1, xdg_data_t, $2, $3, $4)
>
> xdg_create_data_dirs($1)
> - xdg_generic_user_home_dir_filetrans_data($1, dir, ".local")
> ')
>
> ########################################
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 3/5] xdg: Introduce xdg_search_cache_dirs
2018-06-24 9:56 ` [refpolicy] [PATCH 3/5] xdg: Introduce xdg_search_cache_dirs Jason Zaman
@ 2018-06-25 0:33 ` Chris PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Chris PeBenito @ 2018-06-25 0:33 UTC (permalink / raw)
To: refpolicy
On 06/24/2018 05:56 AM, Jason Zaman wrote:
> ---
> policy/modules/system/xdg.if | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
>
> diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
> index 1bff4ae0..11fc4306 100644
> --- a/policy/modules/system/xdg.if
> +++ b/policy/modules/system/xdg.if
> @@ -63,6 +63,26 @@ interface(`xdg_data_content',`
> userdom_user_home_content($1)
> ')
>
> +########################################
> +## <summary>
> +## Search through the xdg cache home directories
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xdg_search_cache_dirs',`
> + gen_require(`
> + type xdg_cache_t;
> + ')
> +
> + search_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
> +
> + userdom_search_user_home_dirs($1)
> +')
> +
> ########################################
> ## <summary>
> ## Read the xdg cache home files
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 4/5] xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/
2018-06-24 9:56 ` [refpolicy] [PATCH 4/5] xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/ Jason Zaman
@ 2018-06-25 0:33 ` Chris PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Chris PeBenito @ 2018-06-25 0:33 UTC (permalink / raw)
To: refpolicy
On 06/24/2018 05:56 AM, Jason Zaman wrote:
> ---
> policy/modules/services/xserver.fc | 1 +
> policy/modules/services/xserver.if | 37 ++++++++++++++++++++++++++++++++++---
> policy/modules/services/xserver.te | 9 +++++++++
> 3 files changed, 44 insertions(+), 3 deletions(-)
>
> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> index 4905afd7..3a193743 100644
> --- a/policy/modules/services/xserver.fc
> +++ b/policy/modules/services/xserver.fc
> @@ -1,6 +1,7 @@
> #
> # HOME_DIR
> #
> +HOME_DIR/\.cache/mesa_shader_cache(/.*)? gen_context(system_u:object_r:mesa_shader_cache_t,s0)
> HOME_DIR/\.dmrc -- gen_context(system_u:object_r:dmrc_home_t,s0)
> HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
> HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index 485081ee..d4c883c7 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -138,6 +138,7 @@ interface(`xserver_role',`
> gen_require(`
> type iceauth_home_t, xserver_t, xserver_tmpfs_t, xauth_home_t;
> type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
> + type mesa_shader_cache_t;
> ')
>
> xserver_restricted_role($1, $2)
> @@ -167,6 +168,12 @@ interface(`xserver_role',`
> relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
> relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
>
> + manage_dirs_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
> + manage_files_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
> + allow $2 mesa_shader_cache_t:file map;
> + relabel_dirs_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
> + relabel_files_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
> +
> xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority")
>
> xserver_read_xkb_libs($2)
> @@ -178,17 +185,17 @@ interface(`xserver_role',`
> xdg_relabel_all_config($2)
> xdg_manage_all_data($2)
> xdg_relabel_all_data($2)
> -
> +
> xdg_generic_user_home_dir_filetrans_cache($2, dir, ".cache")
> xdg_generic_user_home_dir_filetrans_config($2, dir, ".config")
> xdg_generic_user_home_dir_filetrans_data($2, dir, ".local")
> -
> +
> xdg_generic_user_home_dir_filetrans_documents($2, dir, "Documents")
> xdg_generic_user_home_dir_filetrans_downloads($2, dir, "Downloads")
> xdg_generic_user_home_dir_filetrans_music($2, dir, "Music")
> xdg_generic_user_home_dir_filetrans_pictures($2, dir, "Pictures")
> xdg_generic_user_home_dir_filetrans_videos($2, dir, "Videos")
> -
> +
> xdg_manage_documents($2)
> xdg_relabel_documents($2)
> xdg_manage_downloads($2)
> @@ -199,6 +206,8 @@ interface(`xserver_role',`
> xdg_relabel_pictures($2)
> xdg_manage_videos($2)
> xdg_relabel_videos($2)
> +
> + xdg_cache_filetrans($2, mesa_shader_cache_t, dir, "mesa_shader_cache")
> ')
> ')
>
> @@ -1619,3 +1628,25 @@ interface(`xserver_rw_xdm_keys',`
>
> allow $1 xdm_t:key { read write setattr };
> ')
> +
> +########################################
> +## <summary>
> +## Read and write the mesa shader cache.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_rw_mesa_shader_cache',`
> + gen_require(`
> + type mesa_shader_cache_t;
> + ')
> +
> + rw_dirs_pattern($1, mesa_shader_cache_t, mesa_shader_cache_t)
> + rw_files_pattern($1, mesa_shader_cache_t, mesa_shader_cache_t)
> + allow $1 mesa_shader_cache_t:file map;
> +
> + xdg_search_cache_dirs($1)
> +')
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 73c38882..584f6a8b 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -229,6 +229,9 @@ userdom_user_home_content(xsession_log_t)
> type xserver_log_t;
> logging_log_file(xserver_log_t)
>
> +type mesa_shader_cache_t;
> +xdg_cache_content(mesa_shader_cache_t)
> +
> ifdef(`enable_mcs',`
> init_ranged_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
> init_ranged_daemon_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
> @@ -693,6 +696,12 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
> manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
> files_search_var_lib(xserver_t)
>
> +manage_dirs_pattern(xserver_t, mesa_shader_cache_t, mesa_shader_cache_t)
> +manage_files_pattern(xserver_t, mesa_shader_cache_t, mesa_shader_cache_t)
> +allow xserver_t mesa_shader_cache_t:file map;
> +xdg_cache_filetrans(xserver_t, mesa_shader_cache_t, dir, "mesa_shader_cache")
> +xdg_generic_user_home_dir_filetrans_cache(xserver_t, dir, ".cache")
> +
> domtrans_pattern(xserver_t, xauth_exec_t, xauth_t)
> allow xserver_t xauth_home_t:file read_file_perms;
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] [PATCH 5/5] apps: rw mesa_shader_cache
2018-06-24 9:56 ` [refpolicy] [PATCH 5/5] apps: rw mesa_shader_cache Jason Zaman
@ 2018-06-25 0:33 ` Chris PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Chris PeBenito @ 2018-06-25 0:33 UTC (permalink / raw)
To: refpolicy
On 06/24/2018 05:56 AM, Jason Zaman wrote:
> ---
> policy/modules/apps/games.te | 1 +
> policy/modules/apps/mplayer.te | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
> index 0cdebe62..7389bd74 100644
> --- a/policy/modules/apps/games.te
> +++ b/policy/modules/apps/games.te
> @@ -194,4 +194,5 @@ optional_policy(`
> xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
> xserver_create_xdm_tmp_sockets(games_t)
> xserver_read_xdm_lib_files(games_t)
> + xserver_rw_mesa_shader_cache(games_t)
> ')
> diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
> index f594fff7..a6e447bd 100644
> --- a/policy/modules/apps/mplayer.te
> +++ b/policy/modules/apps/mplayer.te
> @@ -216,6 +216,7 @@ xdg_read_music(mplayer_t)
> xdg_read_videos(mplayer_t)
>
> xserver_user_x_domain_template(mplayer, mplayer_t, mplayer_tmpfs_t)
> +xserver_rw_mesa_shader_cache(mplayer_t)
>
> ifndef(`enable_mls',`
> fs_list_dos(mplayer_t)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-06-25 0:33 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-24 9:56 [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Jason Zaman
2018-06-24 9:56 ` [refpolicy] [PATCH 2/5] xdg: filetrans should not add filetrans from user_home_dir Jason Zaman
2018-06-25 0:32 ` Chris PeBenito
2018-06-24 9:56 ` [refpolicy] [PATCH 3/5] xdg: Introduce xdg_search_cache_dirs Jason Zaman
2018-06-25 0:33 ` Chris PeBenito
2018-06-24 9:56 ` [refpolicy] [PATCH 4/5] xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/ Jason Zaman
2018-06-25 0:33 ` Chris PeBenito
2018-06-24 9:56 ` [refpolicy] [PATCH 5/5] apps: rw mesa_shader_cache Jason Zaman
2018-06-25 0:33 ` Chris PeBenito
2018-06-25 0:32 ` [refpolicy] [PATCH 1/5] xdg: Add map perms, also make lnk_file, dirs consistent Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.