[gentoo-commits] proj/hardened-refpolicy:master commit in: config/appconfig-mls/, config/appconfig-standard/, config/appconfig-mcs/, ... - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: config/appconfig-mls/, config/appconfig-standard/, config/appconfig-mcs/, ...
Date:	Sat, 09 Apr 2022 19:28:55
Message-Id:	`1649532510.dada9b3defc6c44e73d56adf245a5812c3f08404.perfinion@gentoo`

1

commit:     dada9b3defc6c44e73d56adf245a5812c3f08404

2

Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

3

AuthorDate: Sat Apr  9 17:34:16 2022 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Sat Apr  9 19:28:30 2022 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=dada9b3d

7

8

Revert "new sddm V2"

9

10

This reverts commit c5fa13989512397b4ae3c75feb99a8f4cf4c5376.

11

12

This commit added the sddm user to the xserver module.

13

This caused problems loading the xserver module if the user did not

14

exist on the system.

15

16

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

17

18

 config/appconfig-mcs/seusers                   |  1 -

19

 config/appconfig-mcs/xdm_default_contexts      |  1 -

20

 config/appconfig-mls/seusers                   |  1 -

21

 config/appconfig-mls/xdm_default_contexts      |  1 -

22

 config/appconfig-standard/seusers              |  1 -

23

 config/appconfig-standard/xdm_default_contexts |  1 -

24

 policy/modules/services/xserver.te             | 11 -----------

25

 7 files changed, 17 deletions(-)

26

27

diff --git a/config/appconfig-mcs/seusers b/config/appconfig-mcs/seusers

28

index e87000a5..ce614b41 100644

29

--- a/config/appconfig-mcs/seusers

30

+++ b/config/appconfig-mcs/seusers

31

@@ -1,3 +1,2 @@

32

 root:root:s0-mcs_systemhigh

33

 __default__:user_u:s0

34

-sddm:xdm:s0

35

36

diff --git a/config/appconfig-mcs/xdm_default_contexts b/config/appconfig-mcs/xdm_default_contexts

37

deleted file mode 100644

38

index 08c88c0f..00000000

39

--- a/config/appconfig-mcs/xdm_default_contexts

40

+++ /dev/null

41

@@ -1 +0,0 @@

42

-system_r:xdm_t:s0		system_r:xdm_t:s0

43

44

diff --git a/config/appconfig-mls/seusers b/config/appconfig-mls/seusers

45

index 38414fee..4e500b09 100644

46

--- a/config/appconfig-mls/seusers

47

+++ b/config/appconfig-mls/seusers

48

@@ -1,3 +1,2 @@

49

 root:root:s0-mls_systemhigh

50

 __default__:user_u:s0

51

-sddm:xdm:s0

52

53

diff --git a/config/appconfig-mls/xdm_default_contexts b/config/appconfig-mls/xdm_default_contexts

54

deleted file mode 100644

55

index 08c88c0f..00000000

56

--- a/config/appconfig-mls/xdm_default_contexts

57

+++ /dev/null

58

@@ -1 +0,0 @@

59

-system_r:xdm_t:s0		system_r:xdm_t:s0

60

61

diff --git a/config/appconfig-standard/seusers b/config/appconfig-standard/seusers

62

index f6066b50..f7c5bd27 100644

63

--- a/config/appconfig-standard/seusers

64

+++ b/config/appconfig-standard/seusers

65

@@ -1,3 +1,2 @@

66

 root:root

67

 __default__:user_u

68

-sddm:xdm:s0

69

70

diff --git a/config/appconfig-standard/xdm_default_contexts b/config/appconfig-standard/xdm_default_contexts

71

deleted file mode 100644

72

index af1cb2e7..00000000

73

--- a/config/appconfig-standard/xdm_default_contexts

74

+++ /dev/null

75

@@ -1 +0,0 @@

76

-system_r:xdm_t		system_r:xdm_t

77

78

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te

79

index 24cea45b..347e96c2 100644

80

--- a/policy/modules/services/xserver.te

81

+++ b/policy/modules/services/xserver.te

82

@@ -62,10 +62,6 @@ gen_tunable(xserver_object_manager, false)

83

 ## </desc>

84

 gen_tunable(xserver_allow_dri, false)

85

86

-# for sddm to use pam for greeter

87

-role xdm_r;

88

-allow system_r xdm_r;

89

-

90

 attribute x_domain;

91

92

 # X Events

93

@@ -149,7 +145,6 @@ fs_associate_tmpfs(xconsole_device_t)

94

 files_associate_tmp(xconsole_device_t)

95

96

 type xdm_t;

97

-role xdm_r types xdm_t;

98

 type xdm_exec_t;

99

 auth_login_pgm_domain(xdm_t)

100

 init_domain(xdm_t, xdm_exec_t)

101

@@ -848,9 +843,6 @@ manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)

102

 manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)

103

 manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)

104

105

-# for sddm to use pam for greeter, sddm greeter needs execmod

106

-allow xdm_t xdm_tmpfs_t:file execmod;

107

-

108

 # Run Xorg.wrap

109

 can_exec(xserver_t, xserver_exec_t)

110

111

@@ -1054,6 +1046,3 @@ ifdef(`distro_gentoo',`

112

 		cgmanager_stream_connect(xdm_t)

113

')

114

')

115

-

116

-# for sddm to use pam for greeter

117

-gen_user(xdm,, xdm_r, s0, s0)

1	commit: dada9b3defc6c44e73d56adf245a5812c3f08404
2	Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
3	AuthorDate: Sat Apr 9 17:34:16 2022 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Sat Apr 9 19:28:30 2022 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=dada9b3d
7
8	Revert "new sddm V2"
9
10	This reverts commit c5fa13989512397b4ae3c75feb99a8f4cf4c5376.
11
12	This commit added the sddm user to the xserver module.
13	This caused problems loading the xserver module if the user did not
14	exist on the system.
15
16	Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
17
18	config/appconfig-mcs/seusers \| 1 -
19	config/appconfig-mcs/xdm_default_contexts \| 1 -
20	config/appconfig-mls/seusers \| 1 -
21	config/appconfig-mls/xdm_default_contexts \| 1 -
22	config/appconfig-standard/seusers \| 1 -
23	config/appconfig-standard/xdm_default_contexts \| 1 -
24	policy/modules/services/xserver.te \| 11 -----------
25	7 files changed, 17 deletions(-)
26
27	diff --git a/config/appconfig-mcs/seusers b/config/appconfig-mcs/seusers
28	index e87000a5..ce614b41 100644
29	--- a/config/appconfig-mcs/seusers
30	+++ b/config/appconfig-mcs/seusers
31	@@ -1,3 +1,2 @@
32	root:root:s0-mcs_systemhigh
33	__default__:user_u:s0
34	-sddm:xdm:s0
35
36	diff --git a/config/appconfig-mcs/xdm_default_contexts b/config/appconfig-mcs/xdm_default_contexts
37	deleted file mode 100644
38	index 08c88c0f..00000000
39	--- a/config/appconfig-mcs/xdm_default_contexts
40	+++ /dev/null
41	@@ -1 +0,0 @@
42	-system_r:xdm_t:s0 system_r:xdm_t:s0
43
44	diff --git a/config/appconfig-mls/seusers b/config/appconfig-mls/seusers
45	index 38414fee..4e500b09 100644
46	--- a/config/appconfig-mls/seusers
47	+++ b/config/appconfig-mls/seusers
48	@@ -1,3 +1,2 @@
49	root:root:s0-mls_systemhigh
50	__default__:user_u:s0
51	-sddm:xdm:s0
52
53	diff --git a/config/appconfig-mls/xdm_default_contexts b/config/appconfig-mls/xdm_default_contexts
54	deleted file mode 100644
55	index 08c88c0f..00000000
56	--- a/config/appconfig-mls/xdm_default_contexts
57	+++ /dev/null
58	@@ -1 +0,0 @@
59	-system_r:xdm_t:s0 system_r:xdm_t:s0
60
61	diff --git a/config/appconfig-standard/seusers b/config/appconfig-standard/seusers
62	index f6066b50..f7c5bd27 100644
63	--- a/config/appconfig-standard/seusers
64	+++ b/config/appconfig-standard/seusers
65	@@ -1,3 +1,2 @@
66	root:root
67	__default__:user_u
68	-sddm:xdm:s0
69
70	diff --git a/config/appconfig-standard/xdm_default_contexts b/config/appconfig-standard/xdm_default_contexts
71	deleted file mode 100644
72	index af1cb2e7..00000000
73	--- a/config/appconfig-standard/xdm_default_contexts
74	+++ /dev/null
75	@@ -1 +0,0 @@
76	-system_r:xdm_t system_r:xdm_t
77
78	diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
79	index 24cea45b..347e96c2 100644
80	--- a/policy/modules/services/xserver.te
81	+++ b/policy/modules/services/xserver.te
82	@@ -62,10 +62,6 @@ gen_tunable(xserver_object_manager, false)
83	## </desc>
84	gen_tunable(xserver_allow_dri, false)
85
86	-# for sddm to use pam for greeter
87	-role xdm_r;
88	-allow system_r xdm_r;
89	-
90	attribute x_domain;
91
92	# X Events
93	@@ -149,7 +145,6 @@ fs_associate_tmpfs(xconsole_device_t)
94	files_associate_tmp(xconsole_device_t)
95
96	type xdm_t;
97	-role xdm_r types xdm_t;
98	type xdm_exec_t;
99	auth_login_pgm_domain(xdm_t)
100	init_domain(xdm_t, xdm_exec_t)
101	@@ -848,9 +843,6 @@ manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
102	manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
103	manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
104
105	-# for sddm to use pam for greeter, sddm greeter needs execmod
106	-allow xdm_t xdm_tmpfs_t:file execmod;
107	-
108	# Run Xorg.wrap
109	can_exec(xserver_t, xserver_exec_t)
110
111	@@ -1054,6 +1046,3 @@ ifdef(`distro_gentoo',`
112	cgmanager_stream_connect(xdm_t)
113	')
114	')
115	-
116	-# for sddm to use pam for greeter
117	-gen_user(xdm,, xdm_r, s0, s0)

Gentoo Archives: gentoo-commits