Your right, the default SELinux policy package for Debian, selinux-policy-default, ships the xserver module and loads it. But it not only loads the xserver module by default, it loads all ~377 modules (that's an issue for the refpolicy package). For a mix of performance, security, handsomeness and clarity I only load the for my system needed modules and xserver is not one of them.
2017-01-01 16:35 GMT+01:00 Michael Biebl <[email protected]>: > Am 01.01.2017 um 16:14 schrieb cgzones: >> I meant the x11-common Debian package. >> The SELinux file contexts are defined in the xserver module: >> https://github.com/TresysTechnology/refpolicy/blob/master/policy/modules/services/xserver.fc >> >> 2017-01-01 16:04 GMT+01:00 Michael Biebl <[email protected]>: >>> Am 01.01.2017 um 16:00 schrieb cgzones: >>>> Oops, >>>> I am sorry. >>>> Seems I forgot to check the file affiliations beside the x11 one. >>>> >>>> So my question breaks down to whether the x11.conf file can be >>>> distributed by the x11-common (or similar) package. >>> >>> Why exactly? I don't find x11 specific selinux policy files. > > I still don't understand why we would need to move the tmpfiles config > file from systemd to x11-common. Mind you that I don't have any selinux > knowledge. > Afaics, in Debian we have selinux-policy-default which should contain > the selinux policy for the X11 tmp directories. > > > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? > _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
