From: dwalsh@redhat.com (Daniel J Walsh) Date: Thu, 04 Dec 2008 14:30:10 -0500 Subject: [refpolicy] services_snmp.patch In-Reply-To: <1228418815.903.88.camel@gorn> References: <492C6CBB.5050806@redhat.com> <1228318344.9691.547.camel@gorn> <4937118F.30205@redhat.com> <1228396049.903.2.camel@gorn> <49382DAB.3070503@redhat.com> <1228418815.903.88.camel@gorn> Message-ID: <49382FC2.1080202@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher J. PeBenito wrote: > On Thu, 2008-12-04 at 14:21 -0500, Daniel J Walsh wrote: >> Christopher J. PeBenito wrote: >>> On Wed, 2008-12-03 at 18:09 -0500, Daniel J Walsh wrote: >>>> Christopher J. PeBenito wrote: >>>>> On Tue, 2008-11-25 at 16:23 -0500, Daniel J Walsh wrote: >>>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_snmp.patch >>>>>> >>>>>> Communicates with virtual machines and xen machines >>>>> I put the kernel_*_xen_state() calls in with the other xen_*() calls. >>>>> >>>>> Merged with some other tweaks. >>>>> >>>> But the xen stuff is optional while the kernel* calls are not. So if >>>> you used a policy without xen policy you still want to use the xen device. >>> That doesn't make any sense to me. Why would it still be using the xen >>> proc interfaces if there is no xen? >>> >> If I have xen devices defined but use some policy other the xen, say >> initrc_t, or myxen or expanded virt whatever. The devices are defined >> in device.te and other xen calls are defined in xen.if, they are not the >> same. > > But we're not talking about devices, we're talking about proc entries. > I wouldn't expect those proc entries to exist except on a xen system, in > which case you also need the xen policy. > You would need policy but not necessarily the interfaces that are defined in xen.if. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkk4L8IACgkQrlYvE4MpobP3dgCguKA5tqeXcJobVIZ3XySQ5GyU 19cAoLVgDsklyeXzOLnJY3tNJpbNApWy =w2PZ -----END PGP SIGNATURE-----