http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
Allow other domains to unlink udev_tbl_t
Uses netlink sockets
Creates device_t symlinks
Reads consolekit_var_run
dontaudit leaks from hal
Searches rpm logs (probably a leak)
Transitions to usbmux_d
On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
>
> Allow other domains to unlink udev_tbl_t
Needs a different interface, adding it to udev_rw_db() is an excessive
permission for the interface.
> Uses netlink sockets
Do you have any information on this? It would be best to get a specific
class added for this socket, rather than use the generic netlink_socket.
Otherwise merged.
> Creates device_t symlinks
>
> Reads consolekit_var_run
>
> dontaudit leaks from hal
>
> Searches rpm logs (probably a leak)
>
> Transitions to usbmux_d
>
>
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 03/17/2010 03:17 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
>>
>> Allow other domains to unlink udev_tbl_t
>>
> Needs a different interface, adding it to udev_rw_db() is an excessive
> permission for the interface.
>
>
>> Uses netlink sockets
>>
> Do you have any information on this? It would be best to get a specific
> class added for this socket, rather than use the generic netlink_socket.
>
>
Added during F11. Same time as netlink_kobj_uevent_socket. Might be
the same thing.
> Otherwise merged.
>
>
>> Creates device_t symlinks
>>
>> Reads consolekit_var_run
>>
>> dontaudit leaks from hal
>>
>> Searches rpm logs (probably a leak)
>>
>> Transitions to usbmux_d
>>
>>
>>
>>
>
Updated patch including new policy for usbmuxd.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: udev.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100318/aa7f25a4/attachment.pl