From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 20 Aug 2008 15:53:22 -0400
Subject: [refpolicy] Minor fixes to first boot policy
In-Reply-To: <48A47791.1060307@redhat.com>
References: <48A47791.1060307@redhat.com>
Message-ID: <1219262002.16398.49.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2008-08-14 at 14:21 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_firstboot.patch
> 
> firstboot tends to leak file descritors and since it it thousands of
> lines of code not likely to be fixed.  So dontaudit leaked descriptors
> to unix_stream_socket
> 
> Move unconfined_domain to optional block.
> 
> - -files_etc_filetrans_etc_runtime(firstboot_t, { file dir })
> We dont want to do this.  Firstboot should just edit etc files rather
> then mislabeling them
> 
> Remove ancient cruft

I moved the stream socket part into its own interface and updated the
one caller.  I dropped the xserver part since that interface doesn't
exist.  The remainder is merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150