]> source.dussan.org Git - tigervnc.git/commitdiff
projects / tigervnc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 23cf514)
Allow vnc_session_t manage nfs dirs and files conditionally
authorZdenek Pytela <zpytela@redhat.com>
Tue, 18 May 2021 11:39:11 +0000 (13:39 +0200)
committerZdenek Pytela <zpytela@redhat.com>
Tue, 18 May 2021 11:39:11 +0000 (13:39 +0200)
The permissions set to manage directories and files with the nfs_t type
is allowed when the use_nfs_home_dirs boolean is turned on.

Resolves: https://github.com/TigerVNC/tigervnc/issues/1189

unix/vncserver/selinux/vncsession.te patch | blob | history

diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index 86fd6e5ef4ee61558cdae4a36ac8f83621e44e43..46e699117f33c96488682a7f03412ad2d63fd7e8 100644 (file)
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
 mcs_process_set_categories(vnc_session_t)
 mcs_killall(vnc_session_t)
 
+tunable_policy(`use_nfs_home_dirs',`
+       fs_manage_nfs_dirs(vnc_session_t)
+       fs_manage_nfs_files(vnc_session_t)
+')
+
 optional_policy(`
        auth_login_pgm_domain(vnc_session_t)
        auth_write_login_records(vnc_session_t)
High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc