commit: e21a1ab6acced79dae83f0c0da38fb9a97bd24bc Author: David Sugar <dsugar <AT> tresys <DOT> com> AuthorDate: Fri Dec 8 12:43:47 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Tue Dec 12 07:06:27 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e21a1ab6
Create interfaces to write to inherited xserver log files. Updated based on feedback Signed-off-by: Dave Sugar <dsugar <AT> tresys.com> policy/modules/services/xserver.if | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index f08db931..893e469f 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1058,6 +1058,26 @@ interface(`xserver_xsession_spec_domtrans',` ######################################## ## <summary> +## Write to inherited xsession log +## files such as .xsession-errors. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_write_inherited_xsession_log',` + gen_require(` + type xsession_log_t; + ') + + allow $1 xsession_log_t:file write_inherited_file_perms; +') + + +######################################## +## <summary> ## Read and write xsession log ## files such as .xsession-errors. ## </summary> @@ -1096,6 +1116,25 @@ interface(`xserver_manage_xsession_log',` ######################################## ## <summary> +## Write to inherited X server log +## files like /var/log/lightdm/lightdm.log +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_write_inherited_log',` + gen_require(` + type xserver_log_t; + ') + + allow $1 xserver_log_t:file write_inherited_file_perms; +') + +######################################## +## <summary> ## Get the attributes of X server logs. ## </summary> ## <param name="domain">
