diff options
Diffstat (limited to 'unix/vncserver/selinux/vncsession.te')
| -rw-r--r-- | unix/vncserver/selinux/vncsession.te | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te index 4dbf687e..2ce4fc81 100644 --- a/unix/vncserver/selinux/vncsession.te +++ b/unix/vncserver/selinux/vncsession.te @@ -34,17 +34,13 @@ allow vnc_session_t self:capability { chown dac_override dac_read_search fowner allow vnc_session_t self:process { getcap setexec setrlimit setsched }; allow vnc_session_t self:fifo_file rw_fifo_file_perms; -optional_policy(` - gen_require(` - type sysctl_fs_t; - ') - allow vnc_session_t sysctl_fs_t:dir search; - allow vnc_session_t sysctl_fs_t:file { getattr open read }; -') - allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) +# Allow access to /proc/sys/fs/nr_open +# Needed when the nofile limit is set to unlimited. +kernel_read_fs_sysctls(vnc_session_t) + # Allowed to create ~/.local optional_policy(` gnome_filetrans_home_content(vnc_session_t) |