http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch
ping gets leaked log descriptor from nagios.
Label send_arp as ping_exec_t
Everyone wants to talk to terminals.
On Wed, 2010-06-02 at 15:49 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch
>
> ping gets leaked log descriptor from nagios.
>
> Label send_arp as ping_exec_t
Merged.
> Everyone wants to talk to terminals.
Which terminals? Its already allowed to use user terminals. Also, the
user_ping tunable isn't necessary since it can already unconditionally
use user terminals; that part of the change is a reversal.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 06/17/2010 10:17 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 15:49 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch
>>
>> ping gets leaked log descriptor from nagios.
>>
>> Label send_arp as ping_exec_t
>
> Merged.
>
>> Everyone wants to talk to terminals.
>
> Which terminals? Its already allowed to use user terminals. Also, the
> user_ping tunable isn't necessary since it can already unconditionally
> use user terminals; that part of the change is a reversal.
>
if ping is executed from a daemon or a dbus service, it will use a
tty_device_t, for example.