From: pebenito@gentoo.org (Chris PeBenito)
Date: Mon, 27 Jul 2009 13:31:24 -0400
Subject: [refpolicy] Critique requested
In-Reply-To: <20090727161322.GA4823@deer-run.com>
References: <20090718230224.GB26512@deer-run.com>
	<1247996268.2564.38.camel@notebook1.grift.internal>
	<20090727161322.GA4823@deer-run.com>
Message-ID: <1248715884.3388.1.camel@defiant.pebenito.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2009-07-27 at 09:13 -0700, Hal Pomeranz wrote:
> Thanks to Dominick for critiquing my initial attempts at using 
> the Reference Policy.  I'm still curious about the answer to the
> following question, if anybody on the list has some insights:
> 
> > > Also a question, if I may.  I originally compiled portsentry from
> > > source as a standard dynamically-linked executable.  However, when I
> > > started this binary under SELinux control I kept getting denials on
> > > the shared library "lib_t" files and directories as well as on various
> > > "ld_so*_t" files.  Recompiling as a statically-linked executable made
> > > this problem go away (obviously), but what's the magic to get a
> > > standard dynamically-linked executable to not generate these errors?
> > > I've looked at the sample files in the refpolicy source and haven't
> > > been able to figure out the trick.

All types that are a domain should have this access.

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer,
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243