[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Sun, 11 Nov 2018 15:29:42 -0800 

commit:     4dbae70829f2e1492de27c90fe3d2ec543d7a62b
Author:     Luis Ressel <aranea <AT> aixah <DOT> de>
AuthorDate: Tue Oct  2 20:02:54 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 11 22:49:58 2018 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4dbae708

xserver: Allow user fonts (and caches) to be mmap()ed.

Applications can optionally map fonts and fontconfig caches into memory.
miscfiles_read_fonts() already grants those perms, but it seems
xserver_use_user_fonts() was forgotten.

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

 policy/modules/services/xserver.if | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/xserver.if 
b/policy/modules/services/xserver.if
index 7e13483b..ec944672 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -511,6 +511,7 @@ interface(`xserver_use_user_fonts',`
        # Manipulate the global font cache
        manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
        manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
+       allow $1 user_fonts_cache_t:file { map read_file_perms };
 
        # Read per user font config
        allow $1 user_fonts_config_t:dir list_dir_perms;

Reply via email to