LinuxLists.cc - [refpolicy] kernel

2009-03-04 21:32:16

Subject: [refpolicy] kernel_devices.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_devices.patch

labels for

/dev/3dfx
/dev/autofs
/dev/gfx
/dev/graphics
...

Java wants to attempt to append to the rand device. Dontaudit for now

interface to manage device_t directories

interfaces to handle new null devices
usb devices

kvm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmu82AACgkQrlYvE4MpobNYFACeN9Eh2IQy62hkLo7do8QMUiCX
/kcAniuwaoIL3/J0CfBHa9FlHi3U2x+l
=nfTV
-----END PGP SIGNATURE-----

2009-03-05 15:59:44

by cpebenito

[permalink] [raw]

Subject: [refpolicy] kernel_devices.patch

On Wed, 2009-03-04 at 16:32 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_devices.patch
>
>
> labels for
>
> /dev/3dfx
> /dev/autofs
> /dev/gfx
> /dev/graphics
> ...
>
>
> Java wants to attempt to append to the rand device. Dontaudit for now
>
> interface to manage device_t directories
>
> interfaces to handle new null devices
> usb devices
>
> kvm

Merged with a bunch of reorganization.

Is this right?

+/dev/bometric/sensor.* -c gen_context(system_u:object_r:event_device_t,s0)

should it be /dev/biometric instead of /dev/bometric?

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-03-05 17:27:22

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] kernel_devices.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher J. PeBenito wrote:
> On Wed, 2009-03-04 at 16:32 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_devices.patch
>>
>>
>> labels for
>>
>> /dev/3dfx
>> /dev/autofs
>> /dev/gfx
>> /dev/graphics
>> ...
>>
>>
>> Java wants to attempt to append to the rand device. Dontaudit for now
>>
>> interface to manage device_t directories
>>
>> interfaces to handle new null devices
>> usb devices
>>
>> kvm
>
> Merged with a bunch of reorganization.
>
> Is this right?
>
> +/dev/bometric/sensor.* -c gen_context(system_u:object_r:event_device_t,s0)
>
> should it be /dev/biometric instead of /dev/bometric?
>
Yes that is a bug.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmwC3oACgkQrlYvE4MpobMBegCfVnXHv1NkzDitODwITaCWnspV
yF4AoIlwB7F2WdDP2f4KUEkcCnolJFom
=uvPy
-----END PGP SIGNATURE-----