[refpolicy] [PATCH 0/3] Updated X object manager policy -v2: Intro

Eamon Walsh ewalsh at tycho.nsa.gov
Tue Oct 27 21:05:54 CDT 2009


This patch series is an updated policy for the X server object manager.  
This is the policy that I was running in Portland for my various demos. 
It includes new x_pointer/x_keyboard classes, unconfined-by-default 
user types, and other changes.  The only thing missing here is updated 
mls constraints; I am still working on those.

The 3 patches here are NOT independent and breakage will probably 
result if only some of them are applied.  I only broke them up in an 
attempt to make it easier to review the changes.

This is also available in a git tree at 
git://anongit.freedesktop.org/~ewalsh/refpolicy (branch "master"), for 
ease of pulling.

Changes from -v1:

Dropped the x_keyboard/x_pointer object class patch (already pushed).

Dropped the patch making system_dbusd_t and consolekit_t unconfined.
This is so the focus is only on the changes to the xserver module.

No changes to the existing xserver_role and xserver_restricted_role
interfaces.  The existing UBAC-based controls have been restored.

Removed an apostrophe in a comment that was causing m4 errors.


-- 

Eamon Walsh 
National Security Agency



More information about the refpolicy mailing list