From fa22cd23379b175665a0e8a89256f6563a95b3aa Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Fri, 15 Jul 2011 19:33:40 +0200
Subject: [PATCH] Xserver: Removed rules that allowed xdm_t to use
 systemd_logind /run/systemd/sessions/.* fifo_file descriptor, as that access
 is now added to authlogin_pgm_domain (which xdm is)

The following calls in authlogin_pgm_domain are optional ( you may be
using upstart or sysvinit or whatever and my not have the systemd module
installed )

systemd_use_fds_logind($1)
systemd_write_inherited_logind_sessions_pipes($1)
---
 policy/modules/services/xserver.te | 5 -----
 policy/modules/system/authlogin.if | 8 +++++---
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 05598abc..bc547bf5 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -879,11 +879,6 @@ optional_policy(`
 	shutdown_domtrans(xdm_t)
 ')
 
-optional_policy(`
-	systemd_use_fds_logind(xdm_t)
-	systemd_write_inherited_logind_sessions_pipes(xdm_t)
-')
-
 optional_policy(`
 	udev_read_db(xdm_t)
 ')
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index c53dcd9d..66248040 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -171,9 +171,6 @@ interface(`auth_login_pgm_domain',`
 	seutil_read_config($1)
 	seutil_read_default_contexts($1)
 
-	systemd_use_fds_logind($1)
-	systemd_write_inherited_logind_sessions_pipes($1)
-
 	userdom_set_rlimitnh($1)
 	userdom_read_user_home_content_symlinks($1)
 	userdom_delete_user_tmp_files($1)
@@ -214,6 +211,11 @@ interface(`auth_login_pgm_domain',`
 		ssh_read_user_home_files($1)
 		userdom_read_user_home_content_files($1)
 	')
+
+	optional_policy(`
+		systemd_use_fds_logind($1)
+		systemd_write_inherited_logind_sessions_pipes($1)
+	')
 ')
 
 ########################################
-- 
2.47.2