From: dwalsh@redhat.com (Daniel J Walsh)
Date: Wed, 24 Sep 2008 16:24:38 -0400
Subject: [refpolicy] services_networkmanager.patch
Message-ID: <48DAA206.8060208@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_networkmanager.patch

Add initrc script support

allow admin to start/stop service

Admin needs admin_pattern on all file types



/usr/sbin/NetworkManagerDispatcher and /usr/sbin/nm-system-settings need
to run as networkmanager

New files in /var/run

network_manager need sys_admin in order to set the hostname, needs chown
, fsetid, setgid, sys_nice for interacting with network devices

needs getcap to read its capabilities

generates socket files in /tmp

reads kernel_debugfs when it crashes, also executes rpm to gather crash info

uses inotify

uses getpw* so needs auth_use_nsswitch


can now be started via dbus

hal logs set as stdout on resume

restarts and communicates with nscd

restarts ntp, and ypbind, and ppp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjaogYACgkQrlYvE4MpobMjkACfbq4gjnPKQ2a4zG9Br82o4w+p
qGwAnj5x6WTH6oqo6znRIVLpAoYC0Rog
=YL5p
-----END PGP SIGNATURE-----