From: dwalsh@redhat.com (Daniel J Walsh) Date: Thu, 22 Jan 2009 09:00:08 -0500 Subject: [refpolicy] plymouthd avcs in MLS In-Reply-To: References: <496B7588.6000204@redhat.com> <497791FD.305@redhat.com> Message-ID: <49787BE8.3010201@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xavier Toth wrote: > On Wed, Jan 21, 2009 at 3:25 PM, Xavier Toth wrote: >> I'll give it a try on an F10 box when it finishes building. >> >> Ted >> >> On Wed, Jan 21, 2009 at 3:22 PM, Daniel J Walsh wrote: > I have sucked it up over the last couple of days and have cleaned up > most of the MLS avcs in Fedora 11. It now boots up and I can log in in > enforcing mode. > > I would prefer to work with the F11 policy, although this can safely be > installed on an F10 system. > > Tryout 3.6.3-5.f11 > > I gave the kernel_t the privs to run plymouth, it does not make much > sense to prevent kernel_t from any of the accesses it needed. > > Also wrote most of the policy for wm_t. > > Some problems like use of fusermount are going to be tougher to decide > on what the right thing to do is. >>> > No can do on FC10 as it requires policycoreutils which requires python > 2.6 ... :( > Ted The problem is the spec file has been converted to use the compressed policycoreutils, You could simply take out the patch and the tgz file and throw it in the F10 spec file and you could build a F10 policy, or you could just start using F11/Rawhide. One problem I have with it now is it is silently failing on dbus (NetworkManager) even in permissive mode. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkl4e+gACgkQrlYvE4MpobPJDgCeKEK36nIyYeavIZY7knOkaVKS umAAoMExfvdB+9fwWRG/pj0/l7FFcEF5 =CXFJ -----END PGP SIGNATURE-----