From mboxrd@z Thu Jan 1 00:00:00 1970 From: pebenito@ieee.org (Chris PeBenito) Date: Wed, 14 Dec 2016 16:25:52 -0500 Subject: [refpolicy] [PATCH v2 1/5] wm: update the window manager (wm) module and enable its role template (v5) In-Reply-To: <1481721818.2981.9.camel@trentalancia.net> References: <1481130053.3300.9.camel@trentalancia.net> <1481217618.20182.8.camel@trentalancia.net> <1481322107.2989.1.camel@trentalancia.net> <1481676520.17446.9.camel@trentalancia.net> <1481680495.3551.1.camel@trentalancia.net> <1481721818.2981.9.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/14/16 08:23, Guido Trentalancia via refpolicy wrote: > Hello Jason, > > you took the list off for this message, I think this is not > intentional, so I am bringing the reply back on the list... > > On Wed, 14/12/2016 at 21.01 +0800, Jason Zaman wrote: >> >> >> On 14 Dec 2016 09:54, "Guido Trentalancia via refpolicy" > ss.tresys.com> wrote: >> Enable the window manager role (wm contrib module) and update >> the module to work with gnome-shell. >> >> This patch requires the following recently posted patch for the >> games module: >> >> [PATCH v3 1/2] games: general update and improved pulseaudio >> integration >> http://oss.tresys.com/pipermail/refpolicy/2016-December/008679.html >> >> This patch has received some testing with the following two >> configurations: >> - gnome-shell executing in normal mode (with display managers >> other than gdm, such as xdm from XOrg); >> - gnome-shell executing in gdm mode (with the Gnome Display >> Manager). >> >> Patches 3/5, 4/5 and 5/5 are needed when gnome-shell is used >> in conjunction with gdm. >> >> Since the window managers are not limited by gnome-shell, this latter >> version of the patch (along with part 2/5) uses separate optional >> conditionals for the gnome and wm role templates. >> >> Signed-off-by: Guido Trentalancia >> --- >> policy/modules/contrib/colord.te | 5 ++ >> policy/modules/contrib/dbus.te | 5 ++ >> policy/modules/contrib/wm.if | 43 +++++++++++++++++- >> policy/modules/contrib/wm.te | 88 >> ++++++++++++++++++++++++++++++++++++- >> policy/modules/roles/staff.te | 8 ++- >> policy/modules/roles/sysadm.te | 4 + >> policy/modules/roles/unprivuser.te | 8 ++- >> 7 files changed, 155 insertions(+), 6 deletions(-) >> [...] >> diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/wm.te >> refpolicy-git-07122016/policy/modules/contrib/wm.te >> --- refpolicy-git-07122016-orig/policy/modules/contrib/wm.te 2016- >> 12-14 02:24:53.396000918 +0100 >> +++ refpolicy-git-07122016/policy/modules/contrib/wm.te 2016-12-13 >> 00:34:34.876856837 +0100 >> @@ -10,6 +10,18 @@ attribute wm_domain; >> type wm_exec_t; >> corecmd_executable_file(wm_exec_t) >> >> +type wm_tmp_t; >> +typealias wm_tmp_t alias { user_wm_tmp_t staff_wm_tmp_t >> sysadm_wm_tmp_t }; >> +userdom_user_tmp_file(wm_tmp_t) >> + >> +type wm_tmpfs_t; >> +typealias wm_tmpfs_t alias { user_wm_tmpfs_t staff_wm_tmpfs_t >> sysadm_wm_tmpfs_t }; >> +userdom_user_tmpfs_file(wm_tmpfs_t) Don't add aliases. The alias types never existed, so there is no compatibility to preserve. -- Chris PeBenito