From: pebenito@gentoo.org (Chris PeBenito) Date: Mon, 27 Jul 2009 13:31:24 -0400 Subject: [refpolicy] Critique requested In-Reply-To: <20090727161322.GA4823@deer-run.com> References: <20090718230224.GB26512@deer-run.com> <1247996268.2564.38.camel@notebook1.grift.internal> <20090727161322.GA4823@deer-run.com> Message-ID: <1248715884.3388.1.camel@defiant.pebenito.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 2009-07-27 at 09:13 -0700, Hal Pomeranz wrote: > Thanks to Dominick for critiquing my initial attempts at using > the Reference Policy. I'm still curious about the answer to the > following question, if anybody on the list has some insights: > > > > Also a question, if I may. I originally compiled portsentry from > > > source as a standard dynamically-linked executable. However, when I > > > started this binary under SELinux control I kept getting denials on > > > the shared library "lib_t" files and directories as well as on various > > > "ld_so*_t" files. Recompiling as a statically-linked executable made > > > this problem go away (obviously), but what's the magic to get a > > > standard dynamically-linked executable to not generate these errors? > > > I've looked at the sample files in the refpolicy source and haven't > > > been able to figure out the trick. All types that are a domain should have this access. -- Chris PeBenito Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243