From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 20 Jul 2009 14:27:14 -0400
Subject: [refpolicy] services_setroubleshoot.patch
In-Reply-To: <4A4A0AB9.3010904@redhat.com>
References: <4A4A0AB9.3010904@redhat.com>
Message-ID: <1248114437.23783.727.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2009-06-30 at 08:53 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_setroubleshoot.patch
> 
> Removed initrc part of the patch.

You have this:

+# if bad library causes setroubleshoot to require these, we want to give it so setroubleshoot can continue to run
+allow setroubleshootd_t self:process { execmem execstack };

Is this anticipated to be a temporary issue?  If so, I'd prefer to keep
it out of refpolicy upstream.  Otherwise it would seem to be better to
be in a distro_redhat.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150