xdm.te - patch to allow 'graphical shutdown/reboot'
Tom London
selinux at comcast.net
Mon Aug 30 15:21:27 UTC 2004
Clicking on 'shutdown' on the login screen doesn't 'work'.
/sbin/shutdown (running in xdm_t) wants to execute init (init_exec_t).
Here's a patch that fixes....
Not sure about the 'allow xdm_t devpts_t:dir { search };'. dontaudit?
Please correct/improve/...
tom
--- /root/src.package/policy/domains/program/xdm.te 2004-08-29
11:38:27.000000000 -0700
+++ ./xdm.te 2004-08-30 07:13:32.000000000 -0700
@@ -331,3 +331,7 @@
allow xdm_t crack_db_t:file r_file_perms;
')
r_dir_file(xdm_t, selinux_config_t)
+
+# let xdm do shutdown
+allow xdm_t devpts_t:dir { search };
+can_exec(xdm_t, init_exec_t)
More information about the fedora-selinux-list
mailing list