From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 22 Feb 2010 08:56:21 -0500
Subject: [refpolicy] Policy for Konqueror and KDE v7
In-Reply-To: <201002211314.13958.Nicky726@gmail.com>
References: <201002011453.48363.Nicky726@gmail.com>
	<1265984479.4386.17.camel@gorn.columbia.tresys.com>
	<201002211314.13958.Nicky726@gmail.com>
Message-ID: <1266846981.9127.24.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2010-02-21 at 13:14 +0100, Nicky726 wrote:
> Hello,
> 
> Dne P? 12. ?nora 2010 15:21:19 jste napsal(a): 
> > On Mon, 2010-02-01 at 14:53 +0100, Nicky726 wrote:
> > > Hello,
> > > 
> > > implemented konqueror_stream_connect and interfaces for access to
> > > koneuror temp files etc. to my policy, as Dominick Grift suggested.
> > 
> > Does not compile for me:
> > 
> > policy/modules/roles/staff.te":78:ERROR 'duplicate declaration of
> > type/attribute' at token ';' on line 2431678:
> > 	type staff_xproperty_t, xproperty_type;
> > #line 78
> 
> Could it be this line in konqueror_role_template?
> 	xserver_user_x_domain_template($1, konqueror_t, konqueror_tmp_t)

The first parameter should likely be "konqueror" and if so, the call
should be moved to the .te.

> If so, am I supposed to create konqueror_role withouth this call just for 
> staff?
> I don't get this error when compiling modules under Fedora, so I don't exactly 
> know, what is wrong.

In the future, please ensure your patches compile against the refpolicy
repo before submitting them.

> > Other things to fix:
> > 
> > * fix the whitespace (eg trailing whitespace)
> > * move kde_manage_home_dirs() to be after kde_search_home() in kde.if
> > * make kde_home_filetrans() have the object class as a 3rd parameter
> > * remove "shared" from the kde type names (kde_shared_home_t ->
> > kde_home_t)
> > * it seems that konqueror_role_template() can be trimmed down by moving
> > common rules into knoqueror.te.
> > * in konqueror_role_template() the konqueror_dbus_chat() should go in
> > the optional with the explicit dbus usage.
> > * files_search_rw() does not exist.
> > * "interfaces from LAYER directory" comments are unnecessary.
> 
> Sould be fixed in attached patch.
> 
> With regards,
> Ondrej Vadinsky
> 

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150