From mboxrd@z Thu Jan 1 00:00:00 1970 From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 11 Dec 2016 15:04:56 -0500 Subject: [refpolicy] [PATCH v3] wm: update the window manager (wm) module and enable its role template In-Reply-To: <1481322107.2989.1.camel@trentalancia.net> References: <1481130053.3300.9.camel@trentalancia.net> <1481217618.20182.8.camel@trentalancia.net> <1481322107.2989.1.camel@trentalancia.net> Message-ID: <8ab3fb4a-3892-0fd3-100f-97d375489432@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/09/16 17:21, Guido Trentalancia via refpolicy wrote: > Enable the window manager role (wm contrib module) and update > the module to work with gnome-shell. > > This second version introduces better integration with common > desktop applications and requires the following recently posted > patch for the games module: > > [PATCH v3 1/2] games: general update and improved pulseaudio integration > http://oss.tresys.com/pipermail/refpolicy/2016-December/008679.html > > This patch might need some more testing (I have received no > feedback yet). > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/wm.if | 42 ++++++++++++++++++++ > policy/modules/contrib/wm.te | 75 ++++++++++++++++++++++++++++++++++++- > policy/modules/roles/staff.te | 1 > policy/modules/roles/sysadm.te | 1 > policy/modules/roles/unprivuser.te | 1 > 5 files changed, 119 insertions(+), 1 deletion(-) [...] > diff -pruN refpolicy-git-07122016-orig/policy/modules/roles/staff.te refpolicy-git-07122016/policy/modules/roles/staff.te > --- refpolicy-git-07122016-orig/policy/modules/roles/staff.te 2016-12-07 13:39:08.669449296 +0100 > +++ refpolicy-git-07122016/policy/modules/roles/staff.te 2016-12-08 22:25:26.327711806 +0100 > @@ -85,6 +85,7 @@ ifndef(`distro_redhat',` > > optional_policy(` > gnome_role_template(staff, staff_r, staff_t) > + wm_role_template(staff, staff_r, staff_t) > ') > > optional_policy(` > diff -pruN refpolicy-git-07122016-orig/policy/modules/roles/sysadm.te refpolicy-git-07122016/policy/modules/roles/sysadm.te > --- refpolicy-git-07122016-orig/policy/modules/roles/sysadm.te 2016-12-07 13:39:08.669449296 +0100 > +++ refpolicy-git-07122016/policy/modules/roles/sysadm.te 2016-12-08 22:25:26.343712120 +0100 > @@ -1245,6 +1245,7 @@ ifndef(`distro_redhat',` > > optional_policy(` > gnome_role_template(sysadm, sysadm_r, sysadm_t) > + wm_role_template(sysadm, sysadm_r, sysadm_t) > ') > ') > > diff -pruN refpolicy-git-07122016-orig/policy/modules/roles/unprivuser.te refpolicy-git-07122016/policy/modules/roles/unprivuser.te > --- refpolicy-git-07122016-orig/policy/modules/roles/unprivuser.te 2016-12-07 13:39:08.669449296 +0100 > +++ refpolicy-git-07122016/policy/modules/roles/unprivuser.te 2016-12-08 22:25:26.344712139 +0100 > @@ -54,6 +54,7 @@ ifndef(`distro_redhat',` > > optional_policy(` > gnome_role_template(user, user_r, user_t) > + wm_role_template(user, user_r, user_t) > ') So this change is essentially saying is you can't use the gnome policy without the wm module. Is that really the case? It seems like they would be separate optionals. -- Chris PeBenito