Comment 1 Sven Vermeulen (RETIRED) 2011-12-05 20:47:18 UTC

Created attachment 294891 [details, diff]
Fedora provided patch on refpolicy for xserver

Comment 2 Sven Vermeulen (RETIRED) 2011-12-05 20:47:40 UTC

For feedback/testing => Anarchy

Comment 3 Jory A. Pratt 2011-12-05 23:29:48 UTC

Created attachment 294903 [details, diff]
slim/lxdm support

Patch only implements support for slim/lxdm. It will require that lxdm for sure has 'session optional pam_selinux.so' add to /etc/pam.d/lxdm

Comment 4 Sven Vermeulen (RETIRED) 2011-12-06 09:07:04 UTC

On the following snippet:

 HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
+HOME_DIR/\.Xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)

What file(s) do you want to match with that? The rule you added also already matches .Xauthority so if that context is needed, the other one can be removed.

On the following:

+/var/log/slim\.log.*	--	gen_context(system_u:object_r:xserver_log_t,s0)
+/var/log/(l)?xdm\.log.* --	gen_context(system_u:object_r:xserver_log_t,s0)

Are the trailing regular expressions needed? As far as I know, slim.log is the log file, all slim.log.* matches are then rotated log files and do not need to use the same context.

Comment 5 Sven Vermeulen (RETIRED) 2011-12-10 11:26:40 UTC

Patch will be partially included. The Xauth.* won't be, nor will slim.log.*.

Comment 6 Sven Vermeulen (RETIRED) 2011-12-11 13:50:01 UTC

In hardened-dev overlay

Comment 7 Sven Vermeulen (RETIRED) 2011-12-27 19:18:19 UTC

~arch'ed since 2011-12-17

Comment 8 Sven Vermeulen (RETIRED) 2012-01-29 11:24:41 UTC

Stabilized