From mboxrd@z Thu Jan  1 00:00:00 1970
From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 31 Dec 2016 11:27:20 -0500
Subject: [refpolicy] [PATCH v5] xserver: restrict executable memory
 permissions
In-Reply-To: <1483200178.3041.3.camel@trentalancia.net>
References: <1482945627.7302.8.camel@trentalancia.net>
	<1482954976.2738.9.camel@trentalancia.net>
	<1483058219.31174.0.camel@trentalancia.net>
	<f298ca3b-0866-48d8-ed16-75109c89369f@ieee.org>
	<2093778852.71948.1483135647164.JavaMail.open-xchange@popper10.register.it>
	<6af90cee-3558-05b2-aeed-d15f89debaa1@ieee.org>
	<1483200178.3041.3.camel@trentalancia.net>
Message-ID: <63133c4e-ec11-517c-eae4-bd6a768a0a8b@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/31/16 11:02, Guido Trentalancia via refpolicy wrote:
> @@ -450,6 +459,11 @@ term_setattr_console(xdm_t)
>  term_use_unallocated_ttys(xdm_t)
>  term_setattr_unallocated_ttys(xdm_t)
>
> +# for xconsole
> +term_use_ptmx(xdm_t)
> +term_use_generic_ptys(xdm_t)
> +term_relabel_all_ptys(xdm_t)
> +
>  auth_domtrans_pam_console(xdm_t)
>  auth_manage_pam_pid(xdm_t)
>  auth_manage_pam_console_data(xdm_t)

I've asked a couple times.  What creates this pty?  It should be 
properly labeled.  Generic pty use should be avoided if possible.



-- 
Chris PeBenito