fixed policy for xscreensaver with opengl
This commit is contained in:
parent
10d3b4d1fb
commit
32adc20d89
GPG Key ID:
18524638BE25530A
|
|
@ -59,30 +59,26 @@ tunable_policy(`feffe_use_xdm',`
|
|||
allow system_dbusd_t self:netlink_kobject_uevent_socket {create setopt bind getattr read};
|
||||
')
|
||||
|
||||
|
||||
gen_tunable(feffe_xscreensaver_read_home, false)
|
||||
tunable_policy(`feffe_xscreensaver_read_home',`
|
||||
gen_tunable(feffe_xscreensaver_gl, false)
|
||||
tunable_policy(`feffe_xscreensaver_gl',`
|
||||
gen_require(`
|
||||
attribute user_home_content_type;
|
||||
attribute non_security_file_type;
|
||||
attribute user_home_content_type;
|
||||
|
||||
type user_t;
|
||||
type xscreensaver_helper_t;
|
||||
type xscreensaver_t;
|
||||
type xscreensaver_helper_exec_t;
|
||||
type xscreensaver_helper_t;
|
||||
type xdm_t;
|
||||
type lib_t;
|
||||
type tmpfs_t;
|
||||
type bin_t;
|
||||
type xscreensaver_helper_exec_t;
|
||||
type fs_t;
|
||||
type xserver_t;
|
||||
')
|
||||
read_files_pattern(xscreensaver_helper_t, user_home_content_type, user_home_content_type)
|
||||
dev_rw_dri(xscreensaver_helper_t)
|
||||
dev_rw_dri(xscreensaver_t)
|
||||
allow xscreensaver_helper_t xdm_t:fd use;
|
||||
search_dirs_pattern(xscreensaver_helper_t, home_root_t, user_home_dir_t)
|
||||
list_dirs_pattern(xscreensaver_helper_t, user_home_dir_t, user_home_t)
|
||||
read_files_pattern(xscreensaver_helper_t, user_home_t, user_home_t)
|
||||
allow xscreensaver_helper_t xserver_t:fd use;
|
||||
exec_files_pattern(xscreensaver_t, lib_t, lib_t)
|
||||
dev_read_sysfs(xscreensaver_t)
|
||||
xserver_rw_mesa_shader_cache(xscreensaver_t)
|
||||
|
|
@ -93,15 +89,9 @@ tunable_policy(`feffe_xscreensaver_read_home',`
|
|||
exec_files_pattern(xscreensaver_helper_t, xscreensaver_helper_exec_t, xscreensaver_helper_exec_t)
|
||||
exec_files_pattern(xscreensaver_helper_t, bin_t, bin_t)
|
||||
allow xscreensaver_helper_t self:unix_stream_socket { create getattr connect write read shutdown };
|
||||
read_files_pattern(xscreensaver_helper_t, user_home_content_type, user_home_content_type)
|
||||
|
||||
allow xscreensaver_t fs_t:filesystem getattr;
|
||||
xdg_manage_cache(xscreensaver_helper_t)
|
||||
|
||||
dontaudit xscreensaver_helper_t non_security_file_type:file map;
|
||||
dontaudit xscreensaver_helper_t non_security_file_type:dir search;
|
||||
dontaudit xscreensaver_helper_t xserver_t:fd use;
|
||||
dontaudit xscreensaver_t self:process execmem;
|
||||
dontaudit xscreensaver_t user_home_content_type:dir search;
|
||||
dontaudit xscreensaver_helper_t non_security_file_type:filesystem getattr;
|
||||
dontaudit xscreensaver_helper_t non_security_file_type:dir { getattr search };
|
||||
dontaudit xscreensaver_helper_t non_security_file_type:{fifo_file file} {getattr read map};
|
||||
')
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue