From: hal@deer-run.com (Hal Pomeranz)
Date: Mon, 27 Jul 2009 09:13:22 -0700
Subject: [refpolicy] Critique requested
In-Reply-To: <1247996268.2564.38.camel@notebook1.grift.internal>
References: <20090718230224.GB26512@deer-run.com>
	<1247996268.2564.38.camel@notebook1.grift.internal>
Message-ID: <20090727161322.GA4823@deer-run.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Thanks to Dominick for critiquing my initial attempts at using 
the Reference Policy.  I'm still curious about the answer to the
following question, if anybody on the list has some insights:

> > Also a question, if I may.  I originally compiled portsentry from
> > source as a standard dynamically-linked executable.  However, when I
> > started this binary under SELinux control I kept getting denials on
> > the shared library "lib_t" files and directories as well as on various
> > "ld_so*_t" files.  Recompiling as a statically-linked executable made
> > this problem go away (obviously), but what's the magic to get a
> > standard dynamically-linked executable to not generate these errors?
> > I've looked at the sample files in the refpolicy source and haven't
> > been able to figure out the trick.

-- 
Hal Pomeranz, Founder/CEO      Deer Run Associates      hal at deer-run.com
    Network Connectivity and Security, Systems Management, Training