From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 03 Sep 2009 09:28:25 -0400
Subject: [refpolicy] admin_vbetool.patch
In-Reply-To: <4A98361C.5050502@redhat.com>
References: <4A98361C.5050502@redhat.com>
Message-ID: <1251984507.28236.8.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2009-08-28 at 15:55 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_vbetool.patch
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_domain.patch
> vbetool needs dac_override, and writes to sysfs also needs to rw
> xservice misc devices and mtrr device
> 


> Want to add a boolean oh wheter mmap_low_allowed
> 
It looks like all of the mmap_low is conditional.  If thats the case,
I'd prefer to embed the conditional in the interface, rather than
putting it in all the callers.



> vbetool writes and execs content in the /var/run/xserver directories.
> 
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150