aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZdenek Pytela <zpytela@redhat.com>2021-05-18 13:39:11 +0200
committerZdenek Pytela <zpytela@redhat.com>2021-05-18 13:39:11 +0200
commit3c8622691abfb377b48bf3749dd629c5a7120cf4 (patch)
tree180647f180e815429f7c7608c72f62b5a8c2f64f
parent23cf514ac265a02dc666e8651dcc579022f0da77 (diff)
downloadtigervnc-3c8622691abfb377b48bf3749dd629c5a7120cf4.tar.gz
tigervnc-3c8622691abfb377b48bf3749dd629c5a7120cf4.zip
Allow vnc_session_t manage nfs dirs and files conditionally
The permissions set to manage directories and files with the nfs_t type is allowed when the use_nfs_home_dirs boolean is turned on. Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
-rw-r--r--unix/vncserver/selinux/vncsession.te5
1 files changed, 5 insertions, 0 deletions
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index 86fd6e5e..46e69911 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
mcs_process_set_categories(vnc_session_t)
mcs_killall(vnc_session_t)
+tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(vnc_session_t)
+ fs_manage_nfs_files(vnc_session_t)
+')
+
optional_policy(`
auth_login_pgm_domain(vnc_session_t)
auth_write_login_records(vnc_session_t)