From: Zdenek Pytela <zpytela@redhat.com>
Date: Tue, 18 May 2021 11:39:11 +0000 (+0200)
Subject: Allow vnc_session_t manage nfs dirs and files conditionally
X-Git-Tag: v1.11.90~13^2~1
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3c8622691abfb377b48bf3749dd629c5a7120cf4;p=tigervnc.git

Allow vnc_session_t manage nfs dirs and files conditionally

The permissions set to manage directories and files with the nfs_t type
is allowed when the use_nfs_home_dirs boolean is turned on.

Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
---

diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index 86fd6e5e..46e69911 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
 mcs_process_set_categories(vnc_session_t)
 mcs_killall(vnc_session_t)
 
+tunable_policy(`use_nfs_home_dirs',`
+	fs_manage_nfs_dirs(vnc_session_t)
+	fs_manage_nfs_files(vnc_session_t)
+')
+
 optional_policy(`
 	auth_login_pgm_domain(vnc_session_t)
 	auth_write_login_records(vnc_session_t)