From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 02 Dec 2008 17:51:25 -0500 Subject: [refpolicy] kernel_corecommands.patch In-Reply-To: <492C6F92.3060408@redhat.com> References: <492C6F92.3060408@redhat.com> Message-ID: <1228258287.9691.380.camel@gorn> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2008-11-25 at 16:35 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch > > Add bin_t for several cups binaries. > > Move some for Brother to a higher level > > Add bin_t for ConsoleKit scripts Merged, with some rearrangement. > Add bin_t for pam_krb5_storegtmp Conflicts with pam_exec_t labeling. > Add sys_chroot capability to corecmd_exec_chroot interface While I agree in principle, I would want to remove it from unprivileged users. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150