From 82fbecb8a23bfdd3358516b1e6c98fe1df613791 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Mon, 17 Aug 2020 16:07:03 +0200
Subject: [PATCH] Comment on SELinux rule affect other commands

This line affects every command run by the user, unlike everything else
in our policy which is just for vncserver/vncsession. It's easy to miss
this so add a comment pointing it out.
---
 unix/vncserver/selinux/vncsession.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index 5918e5a1..a773fed3 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -53,6 +53,7 @@ manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
 userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
 userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
 
+# This also affects other tools, e.g. vncpasswd
 userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
 userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
 
-- 
2.39.5