From: txtoth@gmail.com (Xavier Toth)
Date: Wed, 21 Jan 2009 15:49:52 -0600
Subject: [refpolicy] plymouthd avcs in MLS
In-Reply-To: <cadfc0e40901211325g6642aba9nd80727a2f501bcad@mail.gmail.com>
References: <A95E4FC0-3AD9-4B42-BF7F-1C144FFD5D72@nall.com>
	<496B7588.6000204@redhat.com>
	<cadfc0e40901160630h5b2e9fc2q793e4168c02103f0@mail.gmail.com>
	<497791FD.305@redhat.com>
	<cadfc0e40901211325g6642aba9nd80727a2f501bcad@mail.gmail.com>
Message-ID: <cadfc0e40901211349g32e8f709i3bbfa393dec81d21@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Jan 21, 2009 at 3:25 PM, Xavier Toth <txtoth@gmail.com> wrote:
> I'll give it a try on an F10 box when it finishes building.
>
> Ted
>
> On Wed, Jan 21, 2009 at 3:22 PM, Daniel J Walsh <dwalsh@redhat.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have sucked it up over the last couple of days and have cleaned up
>> most of the MLS avcs in Fedora 11.  It now boots up and I can log in in
>> enforcing mode.
>>
>> I would prefer to work with the F11 policy, although this can safely be
>> installed on an F10 system.
>>
>> Tryout 3.6.3-5.f11
>>
>> I gave the kernel_t the privs to run plymouth, it does not make much
>> sense to prevent kernel_t from any of the accesses it needed.
>>
>> Also wrote most of the policy for wm_t.
>>
>> Some problems like use of fusermount are going to be tougher to decide
>> on what the right thing to do is.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>
>> iEYEARECAAYFAkl3kf0ACgkQrlYvE4MpobNMYwCeOHaZ3GokeMzg8oRrM8vU/S6Q
>> sqAAoNlF+b4v0c3pnd7BPb8ljzwMB3Vj
>> =WkHm
>> -----END PGP SIGNATURE-----
>>
>

No can do on FC10 as it requires policycoreutils which requires python
2.6 ... :(

Ted