From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 21 Jul 2009 10:50:16 -0400
Subject: [refpolicy] apps_podsleuth.patch
In-Reply-To: <1248185503.2914.442.camel@gorn.columbia.tresys.com>
References: <4A156D3C.2020601@redhat.com>
	<1248185503.2914.442.camel@gorn.columbia.tresys.com>
Message-ID: <4A65D5A8.3080906@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 11:03 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_podsleuth.patch
>>
>> Lots of policy fixes for podsleuth.
>>
>> Add interface to run podsleuth within a role
>>
>> podsleuth uses tmpfs, tmp and cache
>>
>> Needs to deal with nfs and dos file systems
>>
>> Can be started by dbus, runs as a mono app
> 
> Merged except for the nfs and raw disk access, for which I need
> additional explanation.
> 
I agree remove the raw disk, I will also.

In RHEL5 and probably older versions of Fedora, we labeled

genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)

These have been changed to dosfs_t, so I think you can ignore both and I will remove them.