A new policy for blueman-mechanism from Fedora contrib repo.
(git://git.fedorahosted.org/selinux-policy.git)
Description :
Blueman is a tool to use Bluetooth devices.
Patch:
http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
There is a significant difference between the way reference policy
implemented auth_use_nsswitch and the way fedora implemented it.
This leads me to believe that, since this policy relies on
auth_use_nsswitch, it should probably be modified to reflect these
changes between fedora's and refpolicy's auth_use_nsswitch()
Some other minor comments:
1. files dont need to file transition from var_lib_t to
blueman_var_lib_t; only directories. The files are created inside these
directories as per file context specification:
/var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
2. files_read_etc_files(blueman_t) is redundant (it is already included
with auth_use_nsswitch()
> A new policy for blueman-mechanism from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)
>
> Description :
> Blueman is a tool to use Bluetooth devices.
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
On 06/26/2012 11:20 PM, Dominick Grift wrote:
> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
>
> There is a significant difference between the way reference policy
> implemented auth_use_nsswitch and the way fedora implemented it.
>
> This leads me to believe that, since this policy relies on
> auth_use_nsswitch, it should probably be modified to reflect these
> changes between fedora's and refpolicy's auth_use_nsswitch()
You could say it about lot of policies which are in the contrib repo.
Let's discuss it.
>
> Some other minor comments:
>
> 1. files dont need to file transition from var_lib_t to
> blueman_var_lib_t; only directories. The files are created inside these
> directories as per file context specification:
>
> /var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
>
> 2. files_read_etc_files(blueman_t) is redundant (it is already included
> with auth_use_nsswitch()
>
>
>> A new policy for blueman-mechanism from Fedora contrib repo.
>> (git://git.fedorahosted.org/selinux-policy.git)
>>
>> Description :
>> Blueman is a tool to use Bluetooth devices.
>>
>> Patch:
>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
On Tue, 2012-06-26 at 23:28 +0200, Miroslav Grepl wrote:
> On 06/26/2012 11:20 PM, Dominick Grift wrote:
> > On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
> >
> > There is a significant difference between the way reference policy
> > implemented auth_use_nsswitch and the way fedora implemented it.
> >
> > This leads me to believe that, since this policy relies on
> > auth_use_nsswitch, it should probably be modified to reflect these
> > changes between fedora's and refpolicy's auth_use_nsswitch()
> You could say it about lot of policies which are in the contrib repo.
Not quite but there may be some that slipped the cracks. since fedora's
auth_use_nsswitch() implementation underwent a huge change not many new
modules have been upstreamed as far as i know.
So i dont think this is true, although in some cases i may be wrong.
> Let's discuss it.
>
> >
> > Some other minor comments:
> >
> > 1. files dont need to file transition from var_lib_t to
> > blueman_var_lib_t; only directories. The files are created inside these
> > directories as per file context specification:
> >
> > /var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
> >
> > 2. files_read_etc_files(blueman_t) is redundant (it is already included
> > with auth_use_nsswitch()
> >
> >
> >> A new policy for blueman-mechanism from Fedora contrib repo.
> >> (git://git.fedorahosted.org/selinux-policy.git)
> >>
> >> Description :
> >> Blueman is a tool to use Bluetooth devices.
> >>
> >> Patch:
> >> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
> >>
> >> _______________________________________________
> >> refpolicy mailing list
> >> refpolicy at oss.tresys.com
> >> http://oss.tresys.com/mailman/listinfo/refpolicy
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
On 06/26/2012 11:28 PM, Miroslav Grepl wrote:
> On 06/26/2012 11:20 PM, Dominick Grift wrote:
>> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
>>
>> There is a significant difference between the way reference policy
>> implemented auth_use_nsswitch and the way fedora implemented it.
>>
>> This leads me to believe that, since this policy relies on
>> auth_use_nsswitch, it should probably be modified to reflect these
>> changes between fedora's and refpolicy's auth_use_nsswitch()
> You could say it about lot of policies which are in the contrib repo.
>
> Let's discuss it.
Also I don't see this big differences. We use nsswitch_domain attribute
now which will also submit as a patch.
>
>> Some other minor comments:
>>
>> 1. files dont need to file transition from var_lib_t to
>> blueman_var_lib_t; only directories. The files are created inside these
>> directories as per file context specification:
>>
>> /var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
>>
>> 2. files_read_etc_files(blueman_t) is redundant (it is already included
>> with auth_use_nsswitch()
>>
>>
>>> A new policy for blueman-mechanism from Fedora contrib repo.
>>> (git://git.fedorahosted.org/selinux-policy.git)
>>>
>>> Description :
>>> Blueman is a tool to use Bluetooth devices.
>>>
>>> Patch:
>>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>>>
>>> _______________________________________________
>>> refpolicy mailing list
>>> refpolicy at oss.tresys.com
>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
On Tue, 2012-06-26 at 23:37 +0200, Miroslav Grepl wrote:
> On 06/26/2012 11:28 PM, Miroslav Grepl wrote:
> > On 06/26/2012 11:20 PM, Dominick Grift wrote:
> >> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
> >>
> >> There is a significant difference between the way reference policy
> >> implemented auth_use_nsswitch and the way fedora implemented it.
> >>
> >> This leads me to believe that, since this policy relies on
> >> auth_use_nsswitch, it should probably be modified to reflect these
> >> changes between fedora's and refpolicy's auth_use_nsswitch()
> > You could say it about lot of policies which are in the contrib repo.
> >
> > Let's discuss it.
> Also I don't see this big differences. We use nsswitch_domain attribute
> now which will also submit as a patch.
Hmm yes you are right, there are some changes but its not as big as i
thought.
On 06/26/2012 11:09 PM, Miroslav Grepl wrote:
> A new policy for blueman-mechanism from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)
>
> Description :
> Blueman is a tool to use Bluetooth devices.
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
Updated.
On 07/03/12 09:41, Miroslav Grepl wrote:
> On 06/26/2012 11:09 PM, Miroslav Grepl wrote:
>> A new policy for blueman-mechanism from Fedora contrib repo.
>> (git://git.fedorahosted.org/selinux-policy.git)
>>
>> Description :
>> Blueman is a tool to use Bluetooth devices.
>>
>> Patch:
>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>>
> Updated.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com