[refpolicy] [PATCH 0/3] Updated X object manager policy -v2: Intro
ewalsh at tycho.nsa.gov
Tue Oct 27 21:05:54 CDT 2009
This patch series is an updated policy for the X server object manager.
This is the policy that I was running in Portland for my various demos.
It includes new x_pointer/x_keyboard classes, unconfined-by-default
user types, and other changes. The only thing missing here is updated
mls constraints; I am still working on those.
The 3 patches here are NOT independent and breakage will probably
result if only some of them are applied. I only broke them up in an
attempt to make it easier to review the changes.
This is also available in a git tree at
git://anongit.freedesktop.org/~ewalsh/refpolicy (branch "master"), for
ease of pulling.
Changes from -v1:
Dropped the x_keyboard/x_pointer object class patch (already pushed).
Dropped the patch making system_dbusd_t and consolekit_t unconfined.
This is so the focus is only on the changes to the xserver module.
No changes to the existing xserver_role and xserver_restricted_role
interfaces. The existing UBAC-based controls have been restored.
Removed an apostrophe in a comment that was causing m4 errors.
National Security Agency
More information about the refpolicy