From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 02 Dec 2008 17:51:25 -0500
Subject: [refpolicy] kernel_corecommands.patch
In-Reply-To: <492C6F92.3060408@redhat.com>
References: <492C6F92.3060408@redhat.com>
Message-ID: <1228258287.9691.380.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2008-11-25 at 16:35 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
> 
> Add bin_t for several cups binaries.
> 
> Move some for Brother to a higher level
> 
> Add bin_t for ConsoleKit scripts

Merged, with some rearrangement.

> Add bin_t for pam_krb5_storegtmp

Conflicts with pam_exec_t labeling.

> Add sys_chroot capability to corecmd_exec_chroot interface

While I agree in principle, I would want to remove it from unprivileged
users.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150