http://people.fedoraproject.org/~dwalsh/SELinux/Policy/system_setrans.patch
Needs getcap
Needs to be able to talk to fds at different levels. For some reason
none of these changes have been made upstream. Am I mistaken in
thinking these are required. I also have this interface used for
cupsd_y, system_dbusd_t, inetd_t.
On Mon, 2008-08-25 at 12:08 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/system_setrans.patch
>
> Needs getcap
>
> Needs to be able to talk to fds at different levels. For some reason
> none of these changes have been made upstream. Am I mistaken in
> thinking these are required. I also have this interface used for
> cupsd_y, system_dbusd_t, inetd_t.
The getcap is fine, but the fd part reverses an upstream change which
allows initrc_t fds to be shared to any level:
http://oss.tresys.com/projects/refpolicy/changeset/2396
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150