From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.sws.net.au (smtp.sws.net.au [144.76.186.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 452533597E for ; Sat, 19 Jul 2025 11:42:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.76.186.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752925342; cv=none; b=RNyt/djNXEHKUP9UZYmEf9XIfLZaBbAaJKBGWhAOqwI/JKxlX4I7fTnKpEPKVF3ogv5l4Uyt3eSZT7o7SSxCcfBzRpSH4etVAyxmFyKGfJot5WgQ8Z4rheDDCmeO2QpKc8Anst8PBNM+1dc5Kk2TJubFL/Y9wPh+eNrFY4LVTqQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752925342; c=relaxed/simple; bh=G3CByzJTtHE7Udzod+uDFCHnZI6RktUQDfgcomjbmZI=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=fRU9uBfKi+qQQyY9LCONPvfUOk2OnNy3O5LFY65xYm1/L55QpJ7mEJtW4ZkbxgtoOBrnl0ldWNiLiEwL7nl0v1/TjcqzIH4lMvesCsBKyCOdUrZiB3o5e3tOGbX7lfihPb2ZXw3uKA8XP5MgnsOltSdhdKn/p0I9kn5AHT1VP2A= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au; spf=pass smtp.mailfrom=coker.com.au; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b=wySdmYTc; arc=none smtp.client-ip=144.76.186.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=coker.com.au Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="wySdmYTc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1752924979; bh=1uPmawKHEozzgMRF+AWPj86MFqnRjOAODPy1/ivyMrQ=; l=1144; h=From:To:Reply-To:Subject:Date:From; b=wySdmYTcgU+uOjK4syDsjc6aPAtSljFnfGr3fZd9rZcDV1U2pt88Cpi39e+18Lo2f UOqCo5z8H1z3YcBnxpGD7fohc6keYk8jw7KidJSwveuM3y/iujem/Dadu1xzjvFI5G 3ZJDbxX0tBnvVPqWPd7oCMvZ48/CEG8qyfMj+jZM= Received: from xev.localnet (n175-33-172-140.sun22.vic.optusnet.com.au [175.33.172.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id CC3C9123A1 for ; Sat, 19 Jul 2025 21:36:18 +1000 (AEST) From: Russell Coker To: SELinux Reference Policy mailing list Reply-To: russell@coker.com.au Subject: xauth type Date: Sat, 19 Jul 2025 21:36:08 +1000 Message-ID: <3679417.eFTFzoEnKi@xev> Precedence: bulk X-Mailing-List: selinux-refpolicy@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" # sesearch -T -D xauth_home_t type_transition auditadm_su_t user_home_dir_t:file xauth_home_t; type_transition secadm_su_t user_home_dir_t:file xauth_home_t; type_transition staff_su_t user_home_dir_t:file xauth_home_t; type_transition sysadm_su_t user_home_dir_t:file xauth_home_t; type_transition user_su_t user_home_dir_t:file xauth_home_t; type_transition xauth_t user_home_dir_t:file xauth_home_t; type_transition xauth_t user_tmp_t:file xauth_home_t; type_transition xdm_t user_home_dir_t:file xauth_home_t .Xauthority; The above are the transition rules to label xauth files with X11 (xdm, su, etc). When running Wayland the window manager does this, kwin uses /run/user/$UID/xauth_$RAND and GNOME uses /run/user/$UID/.mutter.XWaylandauth-$RAND and they get labeled as either user_tmp_t or user_runtime_t neither of which is good and as the filename is random we can't have a domain transition rule. The Window manager does many things so having it create all files as xauth_home_t isn't going to work. Any suggestions? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/