[gentoo-commits] proj/hardened-refpolicy:master commit in: config/appconfig-mls/, config/appconfig-standard/, config/appconfig-mcs/, ...

[gentoo-commits] proj/hardened-refpolicy:master commit in: config/appconfig-mls/, config/appconfig-standard/, config/appconfig-mcs/, ...

[Jason Zaman]

commit:     dada9b3defc6c44e73d56adf245a5812c3f08404
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  9 17:34:16 2022 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Apr  9 19:28:30 2022 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=dada9b3d

Revert "new sddm V2"

This reverts commit c5fa13989512397b4ae3c75feb99a8f4cf4c5376.

This commit added the sddm user to the xserver module.
This caused problems loading the xserver module if the user did not
exist on the system.

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 config/appconfig-mcs/seusers                   |  1 -
 config/appconfig-mcs/xdm_default_contexts      |  1 -
 config/appconfig-mls/seusers                   |  1 -
 config/appconfig-mls/xdm_default_contexts      |  1 -
 config/appconfig-standard/seusers              |  1 -
 config/appconfig-standard/xdm_default_contexts |  1 -
 policy/modules/services/xserver.te             | 11 -----------
 7 files changed, 17 deletions(-)

diff --git a/config/appconfig-mcs/seusers b/config/appconfig-mcs/seusers
index e87000a5..ce614b41 100644
--- a/config/appconfig-mcs/seusers
+++ b/config/appconfig-mcs/seusers
@@ -1,3 +1,2 @@
 root:root:s0-mcs_systemhigh
 __default__:user_u:s0
-sddm:xdm:s0

diff --git a/config/appconfig-mcs/xdm_default_contexts b/config/appconfig-mcs/xdm_default_contexts
deleted file mode 100644
index 08c88c0f..00000000
--- a/config/appconfig-mcs/xdm_default_contexts
+++ /dev/null
@@ -1 +0,0 @@
-system_r:xdm_t:s0		system_r:xdm_t:s0

diff --git a/config/appconfig-mls/seusers b/config/appconfig-mls/seusers
index 38414fee..4e500b09 100644
--- a/config/appconfig-mls/seusers
+++ b/config/appconfig-mls/seusers
@@ -1,3 +1,2 @@
 root:root:s0-mls_systemhigh
 __default__:user_u:s0
-sddm:xdm:s0

diff --git a/config/appconfig-mls/xdm_default_contexts b/config/appconfig-mls/xdm_default_contexts
deleted file mode 100644
index 08c88c0f..00000000
--- a/config/appconfig-mls/xdm_default_contexts
+++ /dev/null
@@ -1 +0,0 @@
-system_r:xdm_t:s0		system_r:xdm_t:s0

diff --git a/config/appconfig-standard/seusers b/config/appconfig-standard/seusers
index f6066b50..f7c5bd27 100644
--- a/config/appconfig-standard/seusers
+++ b/config/appconfig-standard/seusers
@@ -1,3 +1,2 @@
 root:root
 __default__:user_u
-sddm:xdm:s0

diff --git a/config/appconfig-standard/xdm_default_contexts b/config/appconfig-standard/xdm_default_contexts
deleted file mode 100644
index af1cb2e7..00000000
--- a/config/appconfig-standard/xdm_default_contexts
+++ /dev/null
@@ -1 +0,0 @@
-system_r:xdm_t		system_r:xdm_t

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 24cea45b..347e96c2 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -62,10 +62,6 @@ gen_tunable(xserver_object_manager, false)
 ## </desc>
 gen_tunable(xserver_allow_dri, false)
 
-# for sddm to use pam for greeter
-role xdm_r;
-allow system_r xdm_r;
-
 attribute x_domain;
 
 # X Events
@@ -149,7 +145,6 @@ fs_associate_tmpfs(xconsole_device_t)
 files_associate_tmp(xconsole_device_t)
 
 type xdm_t;
-role xdm_r types xdm_t;
 type xdm_exec_t;
 auth_login_pgm_domain(xdm_t)
 init_domain(xdm_t, xdm_exec_t)
@@ -848,9 +843,6 @@ manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
 
-# for sddm to use pam for greeter, sddm greeter needs execmod
-allow xdm_t xdm_tmpfs_t:file execmod;
-
 # Run Xorg.wrap
 can_exec(xserver_t, xserver_exec_t)
 
@@ -1054,6 +1046,3 @@ ifdef(`distro_gentoo',`
 		cgmanager_stream_connect(xdm_t)
 	')
 ')
-
-# for sddm to use pam for greeter
-gen_user(xdm,, xdm_r, s0, s0)