From mboxrd@z Thu Jan 1 00:00:00 1970 From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 17 Dec 2016 19:06:34 +0100 Subject: [refpolicy] [PATCH v3 5/5] rtkit: enable dbus chat with xdm In-Reply-To: <04980a09-63a0-14bf-36d6-1396efe2f020@ieee.org> References: <1481130053.3300.9.camel@trentalancia.net> <1481217618.20182.8.camel@trentalancia.net> <1481322107.2989.1.camel@trentalancia.net> <1481676545.17446.13.camel@trentalancia.net> <7a91e7db-5de3-9c37-549f-e6d1cd8c446b@ieee.org> <1481756950.3080.2.camel@trentalancia.net> <1481992993.5458.2.camel@trentalancia.net> <04980a09-63a0-14bf-36d6-1396efe2f020@ieee.org> Message-ID: <1481997994.13429.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Enable dbus messaging between the X Display Manager (XDM) and the rtkit daemon. Also, let the rtkit daemon set the priority of the X Display Manager (XDM). This patch (along with parts 3/5 and 4/5) might be needed when running gdm. I do apologize for the broken interface in the previous version of this patch. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/rtkit.te | 8 ++++++++ policy/modules/services/xserver.if | 20 +++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/rtkit.te refpolicy-git-07122016/policy/modules/contrib/rtkit.te --- refpolicy-git-07122016-orig/policy/modules/contrib/rtkit.te 2016-10-29 16:29:19.760327953 +0200 +++ refpolicy-git-07122016/policy/modules/contrib/rtkit.te 2016-12-13 00:51:09.312852264 +0100 @@ -42,4 +42,12 @@ optional_policy(` optional_policy(` policykit_dbus_chat(rtkit_daemon_t) ') + + optional_policy(` + xserver_dbus_chat_xdm(rtkit_daemon_t) + ') +') + +optional_policy(` + xserver_setsched_xdm(rtkit_daemon_t) ') diff -pruN refpolicy-git-07122016-orig/policy/modules/services/xserver.if refpolicy-git-07122016/policy/modules/services/xserver.if --- refpolicy-git-07122016-orig/policy/modules/services/xserver.if 2016-12-07 13:39:08.670449307 +0100 +++ refpolicy-git-07122016/policy/modules/services/xserver.if 2016-12-14 00:55:17.104267790 +0100 @@ -162,7 +162,6 @@ interface(`xserver_role',` manage_files_pattern($2, user_fonts_config_t, user_fonts_config_t) relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t) relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t) - ') ####################################### @@ -1350,3 +1349,22 @@ interface(`xserver_unconfined',` typeattribute $1 x_domain; typeattribute $1 xserver_unconfined_type; ') + +######################################## +##

+## Set the priority of the X Display +## Manager (XDM). +##

+## +##

+## Domain allowed access. +##

+## +# +interface(`xserver_setsched_xdm',` + gen_require(` + type xdm_t; + ') + + allow $1 xdm_t:process setsched; +')