From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 21 Jul 2009 14:19:27 -0400
Subject: [refpolicy] services_ricci.patch
In-Reply-To: <4A65D3A6.1030006@redhat.com>
References: <4A2DB472.1050609@redhat.com>
	<1248185501.2914.432.camel@gorn.columbia.tresys.com>
	<4A65D3A6.1030006@redhat.com>
Message-ID: <1248200367.2914.444.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2009-07-21 at 10:41 -0400, Daniel J Walsh wrote:
> On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
> >>
> >> Lots of additional access required by ricci and friends.
> > 
> > Merged except for the default_t access, which seems like a labeling
> > issue.
> > 
> I would like to remove all default_t access and remove the read_default_t boolean.  

I can definitely agree with this.

> This is almost guaranteed to be a labeling problem. 
 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150