diff options
author | Zdenek Pytela <zpytela@redhat.com> | 2021-05-18 13:39:11 +0200 |
---|---|---|
committer | Zdenek Pytela <zpytela@redhat.com> | 2021-05-18 13:39:11 +0200 |
commit | 3c8622691abfb377b48bf3749dd629c5a7120cf4 (patch) | |
tree | 180647f180e815429f7c7608c72f62b5a8c2f64f | |
parent | 23cf514ac265a02dc666e8651dcc579022f0da77 (diff) | |
download | tigervnc-3c8622691abfb377b48bf3749dd629c5a7120cf4.tar.gz tigervnc-3c8622691abfb377b48bf3749dd629c5a7120cf4.zip |
Allow vnc_session_t manage nfs dirs and files conditionally
The permissions set to manage directories and files with the nfs_t type
is allowed when the use_nfs_home_dirs boolean is turned on.
Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
-rw-r--r-- | unix/vncserver/selinux/vncsession.te | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te index 86fd6e5e..46e69911 100644 --- a/unix/vncserver/selinux/vncsession.te +++ b/unix/vncserver/selinux/vncsession.te @@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t) mcs_process_set_categories(vnc_session_t) mcs_killall(vnc_session_t) +tunable_policy(`use_nfs_home_dirs',` + fs_manage_nfs_dirs(vnc_session_t) + fs_manage_nfs_files(vnc_session_t) +') + optional_policy(` auth_login_pgm_domain(vnc_session_t) auth_write_login_records(vnc_session_t) |