Gnome Remote Desktop with SELinux enforced

Back to the main topic:

tee /tmp/grd.te << EOF > /dev/null
module grd 1.0;
require {
    type system_dbusd_t;
    type unconfined_service_t;
    type xdm_t;
    class tcp_socket { getattr getopt read setopt shutdown write };
}
allow system_dbusd_t unconfined_service_t:tcp_socket { read write };
allow xdm_t unconfined_service_t:tcp_socket { getattr getopt read setopt shutdown write };
EOF
checkmodule -M -m -o /tmp/grd.mod /tmp/grd.te
semodule_package -o /tmp/grd.pp -m /tmp/grd.mod
sudo semodule -i /tmp/grd.pp
3 Likes