All of lore.kernel.org
 help / color / mirror / Atom feed
From: guido@trentalancia.net (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH v2 2/2] contrib: support the new interface to manage X session logs
Date: Thu, 22 Dec 2016 00:05:19 +0100	[thread overview]
Message-ID: <1482361519.9387.3.camel@trentalancia.net> (raw)
In-Reply-To: <1482247816.12013.3.camel@trentalancia.net>

The following patch (split in two parts, one for base and
another one for contrib) introduces a new file context for
the X session log files and two new interfaces to manage
them (instead of allowing to manage the whole user home
content files).

It is required after the recent confinement of graphical
desktop components (e.g. wm, xscreensaver).

This second version of the patch correctly uses file type
transitions and uses more tight permissions.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/dbus.te         |    1 +
 policy/modules/contrib/gnome.te        |    5 +++++
 policy/modules/contrib/wm.te           |    1 +
 policy/modules/contrib/xscreensaver.te |    6 +++++-
 4 files changed, 12 insertions(+), 1 deletion(-)

diff -pru a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
--- a/policy/modules/contrib/dbus.te	2016-12-17 17:29:33.783306242 +0100
+++ b/policy/modules/contrib/dbus.te	2016-12-21 23:09:40.905896241 +0100
@@ -244,6 +244,7 @@ seutil_read_default_contexts(session_bus
 term_use_all_terms(session_bus_type)
 
 optional_policy(`
+	xserver_rw_xsession_log(session_bus_type)
 	xserver_use_xdm_fds(session_bus_type)
 	xserver_rw_xdm_pipes(session_bus_type)
 ')
diff -pru a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te
--- a/policy/modules/contrib/gnome.te	2016-12-07 13:39:50.014910721 +0100
+++ b/policy/modules/contrib/gnome.te	2016-12-21 23:09:48.452980365 +0100
@@ -70,6 +70,7 @@ logging_send_syslog_msg(gnomedomain)
 userdom_use_user_terminals(gnomedomain)
 
 optional_policy(`
+	xserver_rw_xsession_log(gnomedomain)
 	xserver_rw_xdm_pipes(gnomedomain)
 	xserver_use_xdm_fds(gnomedomain)
 ')
@@ -145,3 +146,7 @@ optional_policy(`
 optional_policy(`
 	telepathy_mission_control_read_state(gkeyringd_domain)
 ')
+
+optional_policy(`
+	xserver_rw_xsession_log(gkeyringd_domain)
+')
diff -pru a/policy/modules/contrib/wm.te b/policy/modules/contrib/wm.te
--- a/policy/modules/contrib/wm.te	2016-12-17 17:29:33.856307127 +0100
+++ b/policy/modules/contrib/wm.te	2016-12-21 23:09:43.970930405 +0100
@@ -128,4 +128,5 @@ optional_policy(`
 
 optional_policy(`
 	xserver_dbus_chat_xdm(wm_domain)
+	xserver_rw_xsession_log(wm_domain)
 ')
diff -pru a/policy/modules/contrib/xscreensaver.te b/policy/modules/contrib/xscreensaver.te
--- a/policy/modules/contrib/xscreensaver.te	2016-12-21 23:00:22.415670877 +0100
+++ b/policy/modules/contrib/xscreensaver.te	2016-12-21 23:09:51.201010999 +0100
@@ -58,7 +58,10 @@ miscfiles_read_localization(xscreensaver
 userdom_use_user_terminals(xscreensaver_t)
 userdom_read_user_home_content_files(xscreensaver_t)
 
-xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)
+optional_policy(`
+	xserver_rw_xsession_log(xscreensaver_t)
+	xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)
+')
 
 ########################################
 #
@@ -87,5 +90,6 @@ miscfiles_read_fonts(xscreensaver_helper
 miscfiles_read_localization(xscreensaver_helper_t)
 
 optional_policy(`
+	xserver_rw_xsession_log(xscreensaver_helper_t)
 	xserver_stream_connect(xscreensaver_helper_t)
 ')

  reply	other threads:[~2016-12-21 23:05 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-20 15:28 [refpolicy] [PATCH 1/2] xserver: introduce new fc and interface to manage X session logs Guido Trentalancia
2016-12-20 15:30 ` [refpolicy] [PATCH 2/2] contrib: support the new " Guido Trentalancia
2016-12-21 23:05   ` Guido Trentalancia [this message]
2016-12-22 15:15     ` [refpolicy] [PATCH v3 " Guido Trentalancia
2016-12-28 18:26       ` Chris PeBenito
2016-12-28 19:05         ` Guido Trentalancia
2016-12-28 19:44         ` [refpolicy] [PATCH v4 " Guido Trentalancia
2016-12-30 19:15           ` Chris PeBenito
2016-12-21 19:17 ` [refpolicy] [PATCH 1/2] xserver: introduce new fc and " Chris PeBenito
2016-12-21 19:25   ` Guido Trentalancia
2016-12-21 23:05   ` [refpolicy] [PATCH v2 " Guido Trentalancia
2016-12-22 21:01     ` Chris PeBenito
2016-12-22 21:49       ` [refpolicy] [PATCH v3 " Guido Trentalancia
2016-12-23  7:34         ` Jason Zaman
2016-12-23 15:44           ` [refpolicy] [PATCH v4 " Guido Trentalancia
2016-12-27 15:28             ` Chris PeBenito
2016-12-27 20:00               ` Guido Trentalancia
2016-12-27 20:01               ` [refpolicy] [PATCH v5 " Guido Trentalancia
2016-12-28 18:32                 ` Chris PeBenito
2016-12-28 19:02                   ` Guido Trentalancia
2016-12-28 19:43                   ` [refpolicy] [PATCH v6 " Guido Trentalancia
2016-12-30 19:15                     ` Chris PeBenito

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1482361519.9387.3.camel@trentalancia.net \
    --to=guido@trentalancia.net \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.