From: Pierre Ossman <ossman@cendio.se>
Date: Mon, 17 Aug 2020 14:07:03 +0000 (+0200)
Subject: Comment on SELinux rule affect other commands
X-Git-Tag: v1.10.90~3
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=82fbecb8a23bfdd3358516b1e6c98fe1df613791;p=tigervnc.git

Comment on SELinux rule affect other commands

This line affects every command run by the user, unlike everything else
in our policy which is just for vncserver/vncsession. It's easy to miss
this so add a comment pointing it out.
---

diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index 5918e5a1..a773fed3 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -53,6 +53,7 @@ manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
 userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
 userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
 
+# This also affects other tools, e.g. vncpasswd
 userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
 userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")