From: dwalsh@redhat.com (Daniel J Walsh)
Date: Wed, 21 Jan 2009 16:22:05 -0500
Subject: [refpolicy] plymouthd avcs in MLS
In-Reply-To: <cadfc0e40901160630h5b2e9fc2q793e4168c02103f0@mail.gmail.com>
References: <A95E4FC0-3AD9-4B42-BF7F-1C144FFD5D72@nall.com>	
	<496B7588.6000204@redhat.com>
	<cadfc0e40901160630h5b2e9fc2q793e4168c02103f0@mail.gmail.com>
Message-ID: <497791FD.305@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have sucked it up over the last couple of days and have cleaned up
most of the MLS avcs in Fedora 11.  It now boots up and I can log in in
enforcing mode.

I would prefer to work with the F11 policy, although this can safely be
installed on an F10 system.

Tryout 3.6.3-5.f11

I gave the kernel_t the privs to run plymouth, it does not make much
sense to prevent kernel_t from any of the accesses it needed.

Also wrote most of the policy for wm_t.

Some problems like use of fusermount are going to be tougher to decide
on what the right thing to do is.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkl3kf0ACgkQrlYvE4MpobNMYwCeOHaZ3GokeMzg8oRrM8vU/S6Q
sqAAoNlF+b4v0c3pnd7BPb8ljzwMB3Vj
=WkHm
-----END PGP SIGNATURE-----