File suse_modifications_xserver.patch of Package selinux-policy.37503

Index: serefpolicy-20140730/policy/modules/services/xserver.fc
===================================================================
--- serefpolicy-20140730.orig/policy/modules/services/xserver.fc
+++ serefpolicy-20140730/policy/modules/services/xserver.fc
@@ -97,6 +97,9 @@ HOME_DIR/\.dmrc.*	--	gen_context(system_
 /usr/bin/Xvnc		--	gen_context(system_u:object_r:xserver_exec_t,s0)
 /usr/bin/x11vnc		--	gen_context(system_u:object_r:xserver_exec_t,s0)
 
+#/usr/lib/gdm/.* 	-- 	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/X11/display-manager	--	gen_context(system_u:object_r:xdm_exec_t,s0)
+
 /usr/lib/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
 
 /usr/X11R6/bin/[xgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
Index: serefpolicy-20140730/policy/modules/services/xserver.te
===================================================================
--- serefpolicy-20140730.orig/policy/modules/services/xserver.te
+++ serefpolicy-20140730/policy/modules/services/xserver.te
@@ -810,6 +810,17 @@ ifdef(`distro_rhel4',`
 	allow xdm_t self:process { execheap execmem };
 ')
 
+ifndef(`distro_suse',`
+	# this is a neverallow, maybe dontaudit it
+	#allow xdm_t proc_kcore_t:file getattr;
+	allow xdm_t var_run_t:lnk_file create;
+	allow xdm_t var_lib_t:lnk_file read;
+
+	dev_getattr_all_blk_files( xdm_t )
+	dev_getattr_all_chr_files( xdm_t )
+	logging_r_xconsole(xdm_t)
+')
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_exec_nfs_files(xdm_t)
 ')