tigervnc.git - High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc

	Commit message (Collapse)	Author	Age	Files	Lines
*	SELinux: use /root/.vnc in file context specification	Zdenek Pytela	2022-02-07	1	-1/+1
\| \| \| \| \| \|	Instead of HOME_ROOT/.vnc, /root/.vnc should be used for user root's home to specify default file context as HOME_ROOT actually means base for home dirs (usually /home).
*	Merge branch 'fb-session-nfs' of https://github.com/zpytela/tigervnc	Pierre Ossman	2021-08-26	2	-32/+47
\|\
\| *	Add vnc_home_t type	Zdenek Pytela	2021-05-18	2	-15/+13
\| \| \| \| \| \| \| \| \| \| \| \|	The new vnc_home_t type for HOME/.vnc directory was added to the policy, backed by a name transition. The vnc_session_t domain can manage files and directories of this type.
\| *	Allow vnc_session_t manage nfs dirs and files conditionally	Zdenek Pytela	2021-05-18	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The permissions set to manage directories and files with the nfs_t type is allowed when the use_nfs_home_dirs boolean is turned on. Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
\| *	selinux: further style and comprehensibility improvements	Zdenek Pytela	2021-05-18	1	-23/+36
\| \| \| \| \| \| \| \| \| \| \| \|	Sections and rules blocks reordered according to the Style guide. https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
\| *	selinux: Fix issues reported by SELint	Vit Mojzis	2021-05-18	1	-4/+3
\| \| \| \| \| \| \| \| \| \| \| \|	Style guide [1] issues only. No impact on policy functionality. [1] - https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
* \|	SELinux: Add missing compression and install policy to correct directory	Jan Grulich	2021-05-17	1	-5/+8
\|/
*	Use /run instead of /var/run which is just a symlink	Jan Grulich	2020-09-29	1	-1/+1
\|
*	Comment on SELinux rule affect other commands	Pierre Ossman	2020-08-17	1	-0/+1
\| \| \| \| \| \|	This line affects every command run by the user, unlike everything else in our policy which is just for vncserver/vncsession. It's easy to miss this so add a comment pointing it out.
*	[SELinux] Allow vnc session create ~/.vnc	Lukas Vrabec	2020-07-31	2	-5/+18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Allow vnc session labeled with SELinux vnc_session_t domain to create directory in user homedir ~/.vnc labeled with SELinux label xdm_home_t. Because also process vncpasswd creates ~/.vnc directory, file transition that userdomain attribute SELinux domain (label for the process) can create the directory with the same label needs to be added. userdomain attribute contains following SELinux types: auditadm_t dbadm_t guest_t logadm_t secadm_t staff_t staff_wine_t sysadm_t unconfined_t user_t user_wine_t webadm_t xguest_t Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
*	[SELinux] Allow vnc_session_t type execute itself	Lukas Vrabec	2020-05-06	1	-0/+2
\| \| \| \| \| \| \| \|	vncsession-start is running in SELinux vnc_session_t domain because of "SELinuxContext=system_u:system_r:vnc_session_t:s0" option in systemd vncserver@.service unit file. vncsession-start executing binary vncsession with SELinux label/type vnc_session_t. This access was not allowed in vncsession policy.
*	Add SELinux policy file for vncsession	Pierre Ossman	2020-03-12	4	-0/+103
	Running as a service on a SELinux system requires rules so we can transition to our own context. We also need the proper permissions to start new user sessions.