From: txtoth@gmail.com (Xavier Toth)
Date: Wed, 21 Jan 2009 15:25:44 -0600
Subject: [refpolicy] plymouthd avcs in MLS
In-Reply-To: <497791FD.305@redhat.com>
References: <A95E4FC0-3AD9-4B42-BF7F-1C144FFD5D72@nall.com>
	<496B7588.6000204@redhat.com>
	<cadfc0e40901160630h5b2e9fc2q793e4168c02103f0@mail.gmail.com>
	<497791FD.305@redhat.com>
Message-ID: <cadfc0e40901211325g6642aba9nd80727a2f501bcad@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I'll give it a try on an F10 box when it finishes building.

Ted

On Wed, Jan 21, 2009 at 3:22 PM, Daniel J Walsh <dwalsh@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have sucked it up over the last couple of days and have cleaned up
> most of the MLS avcs in Fedora 11.  It now boots up and I can log in in
> enforcing mode.
>
> I would prefer to work with the F11 policy, although this can safely be
> installed on an F10 system.
>
> Tryout 3.6.3-5.f11
>
> I gave the kernel_t the privs to run plymouth, it does not make much
> sense to prevent kernel_t from any of the accesses it needed.
>
> Also wrote most of the policy for wm_t.
>
> Some problems like use of fusermount are going to be tougher to decide
> on what the right thing to do is.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkl3kf0ACgkQrlYvE4MpobNMYwCeOHaZ3GokeMzg8oRrM8vU/S6Q
> sqAAoNlF+b4v0c3pnd7BPb8ljzwMB3Vj
> =WkHm
> -----END PGP SIGNATURE-----
>