LinuxLists.cc - [refpolicy] kernel

2010-02-23 22:07:35

Subject: [refpolicy] kernel_devices.patch

http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_devices.patch

New devices
btrfs-control
dahdi
etherd
misc/dlm
pps
usbmon
uinput
uio

+dev_rw_generic_chr_files(devicekit_power_t)
+ dev_dontaudit_write_all_chr_files(abrt_helper_t)
+ dev_dontaudit_write_all_blk_files(abrt_helper_t)
+ dev_dontaudit_write_mtrr(iptables_t)
+dev_rw_all_inherited_chr_files(sandbox_domain)
+dev_rw_all_inherited_blk_files(sandbox_domain)
+dev_setattr_dlm_control(rgmanager_t)
+dev_setattr_dlm_control(gfs_controld_t
+dev_rw_dlm_control(dlm_controld_t)
+dev_write_kmsg(initrc_t)

2010-03-04 20:30:26

by cpebenito

[permalink] [raw]

Subject: [refpolicy] kernel_devices.patch

On Tue, 2010-02-23 at 17:07 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_devices.patch
>
> New devices
> btrfs-control
> dahdi
> etherd
> misc/dlm
> pps
> usbmon
> uinput
> uio

Merged, except for usbmod, only because I wonder if it should be
debugfs_t, since the same info is available
under /sys/kernel/debug/usb/usbmon/* on a per-device basis.

> +dev_rw_generic_chr_files(devicekit_power_t)
> + dev_dontaudit_write_all_chr_files(abrt_helper_t)
> + dev_dontaudit_write_all_blk_files(abrt_helper_t)
> + dev_dontaudit_write_mtrr(iptables_t)
> +dev_rw_all_inherited_chr_files(sandbox_domain)
> +dev_rw_all_inherited_blk_files(sandbox_domain)
> +dev_setattr_dlm_control(rgmanager_t)
> +dev_setattr_dlm_control(gfs_controld_t
> +dev_rw_dlm_control(dlm_controld_t)
> +dev_write_kmsg(initrc_t)
>

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2010-03-05 16:08:04

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] kernel_devices.patch

On 03/04/2010 03:30 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:07 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_devices.patch
>>
>> New devices
>> btrfs-control
>> dahdi
>> etherd
>> misc/dlm
>> pps
>> usbmon
>> uinput
>> uio
>>
> Merged, except for usbmod, only because I wonder if it should be
> debugfs_t, since the same info is available
> under /sys/kernel/debug/usb/usbmon/* on a per-device basis.
>
>
>> +dev_rw_generic_chr_files(devicekit_power_t)
>> + dev_dontaudit_write_all_chr_files(abrt_helper_t)
>> + dev_dontaudit_write_all_blk_files(abrt_helper_t)
>> + dev_dontaudit_write_mtrr(iptables_t)
>> +dev_rw_all_inherited_chr_files(sandbox_domain)
>> +dev_rw_all_inherited_blk_files(sandbox_domain)
>> +dev_setattr_dlm_control(rgmanager_t)
>> +dev_setattr_dlm_control(gfs_controld_t
>> +dev_rw_dlm_control(dlm_controld_t)
>> +dev_write_kmsg(initrc_t)
>>
>>

Should we label both usbmon_dev_t? usmonfs_t?