From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 23 Feb 2010 15:56:40 -0500
Subject: [refpolicy] services_snort.patch
Message-ID: <4B844108.9020307@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_snort.patch

snort creates generic sockets
We can dontaudit read of system state

rearrage kernel calls and allow snort to request the kernel load a module.


uses usbmod and genrice usb devices.