http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_userhelper.patch
Add policy for consolehelper so staff_t can shutdown the machine
On 06/02/10 16:15, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_userhelper.patch
>
> Add policy for consolehelper so staff_t can shutdown the machine
Why does this need to be templated, rather than using a single
consolehelper_t?
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 07/08/2010 10:58 AM, Christopher J. PeBenito wrote:
> On 06/02/10 16:15, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_userhelper.patch
>>
>> Add policy for consolehelper so staff_t can shutdown the machine
>
> Why does this need to be templated, rather than using a single
> consolehelper_t?
>
Probably does not need it. I think I created this policy off of
userhelper, which was templated. The only think we might want would be
to allow
staff_t @consolehelper -> staff_consolehelper_t @ bin_t -> staff_t.
But I don't have a use case for this.
On 07/13/10 08:21, Daniel J Walsh wrote:
> On 07/08/2010 10:58 AM, Christopher J. PeBenito wrote:
>> On 06/02/10 16:15, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_userhelper.patch
>>>
>>> Add policy for consolehelper so staff_t can shutdown the machine
>>
>> Why does this need to be templated, rather than using a single
>> consolehelper_t?
>>
> Probably does not need it. I think I created this policy off of
> userhelper, which was templated. The only think we might want would be
> to allow
>
> staff_t @consolehelper -> staff_consolehelper_t @ bin_t -> staff_t.
>
> But I don't have a use case for this.
Ok, well then either we need to come up for a use case for the templated
form, otherwise I'd prefer to have a single domain.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com