Allow xdm (lightdm) start plymouth

type=AVC msg=audit(1554917007.995:194): avc:  denied  { execute } for  pid=7647 comm="lightdm" name="plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1554917007.995:194): avc:  denied  { read open } for  pid=7647 comm="lightdm" path="/usr/bin/plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1554917007.995:194): avc:  denied  { execute_no_trans } for  pid=7647 comm="lightdm" path="/usr/bin/plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1554917007.995:194): avc:  denied  { map } for  pid=7647 comm="plymouth" path="/usr/bin/plymouth" dev="dm-1" ino=6508817 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:plymouth_exec_t:s0 tclass=file permissive=1

Signed-off-by: Jason Zaman <jason@perfinion.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index d898fce6..d1a67b62 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -616,6 +616,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	plymouthd_domtrans_plymouth(xdm_t)
+')
+
+optional_policy(`
 	resmgr_stream_connect(xdm_t)
 ')