Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date: Tue, 12 Dec 2017 07:59:17
Message-Id: 1513062387.e21a1ab6acced79dae83f0c0da38fb9a97bd24bc.perfinion@gentoo
1 commit: e21a1ab6acced79dae83f0c0da38fb9a97bd24bc
2 Author: David Sugar <dsugar <AT> tresys <DOT> com>
3 AuthorDate: Fri Dec 8 12:43:47 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Tue Dec 12 07:06:27 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e21a1ab6
7
8 Create interfaces to write to inherited xserver log files.
9
10 Updated based on feedback
11
12 Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
13
14 policy/modules/services/xserver.if | 39 ++++++++++++++++++++++++++++++++++++++
15 1 file changed, 39 insertions(+)
16
17 diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
18 index f08db931..893e469f 100644
19 --- a/policy/modules/services/xserver.if
20 +++ b/policy/modules/services/xserver.if
21 @@ -1058,6 +1058,26 @@ interface(`xserver_xsession_spec_domtrans',`
22
23 ########################################
24 ## <summary>
25 +## Write to inherited xsession log
26 +## files such as .xsession-errors.
27 +## </summary>
28 +## <param name="domain">
29 +## <summary>
30 +## Domain allowed access.
31 +## </summary>
32 +## </param>
33 +#
34 +interface(`xserver_write_inherited_xsession_log',`
35 + gen_require(`
36 + type xsession_log_t;
37 + ')
38 +
39 + allow $1 xsession_log_t:file write_inherited_file_perms;
40 +')
41 +
42 +
43 +########################################
44 +## <summary>
45 ## Read and write xsession log
46 ## files such as .xsession-errors.
47 ## </summary>
48 @@ -1096,6 +1116,25 @@ interface(`xserver_manage_xsession_log',`
49
50 ########################################
51 ## <summary>
52 +## Write to inherited X server log
53 +## files like /var/log/lightdm/lightdm.log
54 +## </summary>
55 +## <param name="domain">
56 +## <summary>
57 +## Domain allowed access.
58 +## </summary>
59 +## </param>
60 +#
61 +interface(`xserver_write_inherited_log',`
62 + gen_require(`
63 + type xserver_log_t;
64 + ')
65 +
66 + allow $1 xserver_log_t:file write_inherited_file_perms;
67 +')
68 +
69 +########################################
70 +## <summary>
71 ## Get the attributes of X server logs.
72 ## </summary>
73 ## <param name="domain">
Report Message
Find on MARC Find on Google Groups