From: dwalsh@redhat.com (Daniel J Walsh) Date: Wed, 29 Oct 2008 08:37:52 -0400 Subject: [refpolicy] Help with policy writing In-Reply-To: References: Message-ID: <49085920.30501@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /usr/local/sbin/samhain -- gen_context(system_u:object_r:samhain_exec_t,s0) DAN> I would make this more generic maybe make the local optional /usr/(local/)?sbin/samhain -- gen_context(system_u:object_r:samhain_exec_t,s0) /etc/samhainrc -- gen_context(system_u:object_r:samhain_config_t,s0) /var/run/samhain.pid -- gen_context(system_u:object_r:samhain_pid_t,s0) /var/run/samhain_log.lock gen_context(system_u:object_r:samhain_lock_t,s0) I think these should be treated the same and labeled samhain_var_run_t Unless there are different security properties between the pid file and the lock file, no reason to label them differently. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkIWR8ACgkQrlYvE4MpobP0OQCeNtwQ9LuZ8IpLMFerpJH9HjAq V2gAoJOT3Gu+ZPLvkBaEWyMYoJ96O8uo =zb5o -----END PGP SIGNATURE-----