fix xscreensaver slideshow permissions
This commit is contained in:
parent
afc541830b
commit
42907ca795
|
@ -54,6 +54,12 @@ tunable_policy(`feffe_xscreensaver_read_home',`
|
||||||
type bin_t;
|
type bin_t;
|
||||||
type xscreensaver_helper_exec_t;
|
type xscreensaver_helper_exec_t;
|
||||||
type fs_t;
|
type fs_t;
|
||||||
|
|
||||||
|
type usr_t;
|
||||||
|
type var_t;
|
||||||
|
type xdg_data_t;
|
||||||
|
type xauth_home_t;
|
||||||
|
type xserver_t;
|
||||||
')
|
')
|
||||||
dev_rw_dri(xscreensaver_helper_t)
|
dev_rw_dri(xscreensaver_helper_t)
|
||||||
dev_rw_dri(xscreensaver_t)
|
dev_rw_dri(xscreensaver_t)
|
||||||
|
@ -73,5 +79,19 @@ tunable_policy(`feffe_xscreensaver_read_home',`
|
||||||
|
|
||||||
allow xscreensaver_t fs_t:filesystem getattr;
|
allow xscreensaver_t fs_t:filesystem getattr;
|
||||||
xdg_manage_cache(xscreensaver_helper_t)
|
xdg_manage_cache(xscreensaver_helper_t)
|
||||||
|
|
||||||
|
allow xscreensaver_helper_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
allow xscreensaver_helper_t xserver_t:fd use;
|
||||||
|
allow xscreensaver_t self:process execmem;
|
||||||
|
|
||||||
|
read_files_pattern(xscreensaver_helper_t, xauth_home_t, xauth_home_t)
|
||||||
|
|
||||||
|
dontaudit xscreensaver_helper_t usr_t:file map;
|
||||||
|
dontaudit xscreensaver_helper_t usr_t:dir search;
|
||||||
|
dontaudit xscreensaver_helper_t var_t:dir search;
|
||||||
|
dontaudit xscreensaver_helper_t xdg_data_t:dir search;
|
||||||
|
dontaudit xscreensaver_helper_t self:process setsched;
|
||||||
|
dontaudit xscreensaver_t xdg_config_t:dir search;
|
||||||
|
dontaudit xscreensaver_t xdg_data_t:dir search;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue