From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 27 Jul 2009 10:19:01 -0400
Subject: [refpolicy] services_hal.patch
In-Reply-To: <4A2DAEB5.8010209@redhat.com>
References: <4A2DAEB5.8010209@redhat.com>
Message-ID: <1248704344.13158.155.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On Mon, 2009-06-08 at 20:37 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_hal.patch
>
> Add policy for hal-dccm
>
> Lots of new interfaces
>
> Manages dos/fusefs files
Why?
> Starts dhcpc
>
> Interfacts with ppp and uses policykit
>
>
>
> Hald acl gets and sets fixed disk attributes
>
Renamed hal_create_log() to hal_manage_log() to match up the permissions
allowed.
########################################
##
+## Allo read/write to a hal unix datagram socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`hal_rw_dgram_sockets',`
+ gen_require(`
+ type hald_t;
+ ')
+
+ dontaudit $1 hald_t:unix_dgram_socket { read write };
+')
+
Is this supposed to be allow or dontaudit? the interface name and
implementation conflict.
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150