From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 04 Mar 2010 14:08:06 -0500
Subject: [refpolicy] kernel_files.patch
In-Reply-To: <4B8454CC.4030206@redhat.com>
References: <4B8454CC.4030206@redhat.com>
Message-ID: <1267729686.11679.58.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
> 
> New file context
> 
> Lots of new interfaces

* need explanation as to why boot_t would be a device node.
* need additional explanation as to the purpose of system_conf_t.
* the files_relabel_all_files() change is still rejected, since block
and chr files should have regular file types.
* the the files-delete_isid_type_files() additions need their own
interfaces instead.
* same thing for files_delete_usr_files()
* the files_read_usr_files() change is excessive
* files_search_var_log() is wrong, var_log_t doesn't belong to the files
module.  There is already an equivalent interface in logging.
* the concept of files_dump_core() is wrong.  Applications do core dumps
in the current directory, and services just happen to "cd /" at the
start.  It doesn't make sense for other domains.
* files_create_default_dir() needs to be 2 interfaces.
* I don't even know what to make of files_boot().

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150