diff options
author | Luis Ressel <aranea@aixah.de> | 2018-10-02 22:02:54 +0200 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2018-11-12 06:49:58 +0800 |
commit | 4dbae70829f2e1492de27c90fe3d2ec543d7a62b (patch) | |
tree | 460d8df93e7a044abb7a5196a2e858bc260515f1 | |
parent | corecommands: Module version bump. (diff) | |
download | hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.tar.gz hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.tar.bz2 hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.zip |
xserver: Allow user fonts (and caches) to be mmap()ed.
Applications can optionally map fonts and fontconfig caches into memory.
miscfiles_read_fonts() already grants those perms, but it seems
xserver_use_user_fonts() was forgotten.
Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r-- | policy/modules/services/xserver.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 7e13483b2..ec944672b 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -511,6 +511,7 @@ interface(`xserver_use_user_fonts',` # Manipulate the global font cache manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t) manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t) + allow $1 user_fonts_cache_t:file { map read_file_perms }; # Read per user font config allow $1 user_fonts_config_t:dir list_dir_perms; |