From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 11 Sep 2008 10:53:46 -0400
Subject: [refpolicy] Update setrans patch
In-Reply-To: <48B2D8F2.3080204@redhat.com>
References: <48B2D8F2.3080204@redhat.com>
Message-ID: <1221144826.24369.31.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2008-08-25 at 12:08 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/system_setrans.patch
> 
> Needs getcap
> 
> Needs to be able to talk to fds at different levels.  For some reason
> none of these changes have been made upstream.  Am I mistaken in
> thinking these are required.  I also have this interface used for
> cupsd_y, system_dbusd_t, inetd_t.

The getcap is fine, but the fd part reverses an upstream change which
allows initrc_t fds to be shared to any level:

http://oss.tresys.com/projects/refpolicy/changeset/2396

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150