diff options
author | Amadeusz Sławiński <amade@asmblr.net> | 2017-10-17 22:46:33 +0200 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-10-29 21:57:28 +0800 |
commit | b690cc49e498479f60f74d5880b87c6f64cd3870 (patch) | |
tree | ff114f2b7161bf6397849f19ce629c3fb1536ecf /policy/modules/services/xserver.if | |
parent | lvm: allow map perms on lvm_etc_t (diff) | |
download | hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.tar.gz hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.tar.bz2 hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.zip |
if application uses fonts, they may be mapped
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
Diffstat (limited to 'policy/modules/services/xserver.if')
-rw-r--r-- | policy/modules/services/xserver.if | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index e0c5be82..0718d016 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -466,7 +466,7 @@ interface(`xserver_use_user_fonts',` # Read per user fonts allow $1 user_fonts_t:dir list_dir_perms; - allow $1 user_fonts_t:file read_file_perms; + allow $1 user_fonts_t:file { map read_file_perms }; # Manipulate the global font cache manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t) |