From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 04 Dec 2008 08:07:27 -0500
Subject: [refpolicy] services_snmp.patch
In-Reply-To: <4937118F.30205@redhat.com>
References: <492C6CBB.5050806@redhat.com> <1228318344.9691.547.camel@gorn>
	<4937118F.30205@redhat.com>
Message-ID: <1228396049.903.2.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2008-12-03 at 18:09 -0500, Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
> > On Tue, 2008-11-25 at 16:23 -0500, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_snmp.patch
> >>

> >> Communicates with virtual machines and xen machines
> > 
> > I put the kernel_*_xen_state() calls in with the other xen_*() calls.
> > 
> > Merged with some other tweaks.
> > 
> But the xen stuff is optional while the kernel* calls are not.  So if
> you used a policy without xen policy you still want to use the xen device.

That doesn't make any sense to me.  Why would it still be using the xen
proc interfaces if there is no xen?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150