From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 05 Mar 2010 11:08:04 -0500
Subject: [refpolicy] kernel_devices.patch
In-Reply-To: <1267734626.11679.73.camel@gorn.columbia.tresys.com>
References: <4B8451A7.1030307@redhat.com>
	<1267734626.11679.73.camel@gorn.columbia.tresys.com>
Message-ID: <4B912C64.9050106@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/04/2010 03:30 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:07 -0500, Daniel J Walsh wrote:
>    
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_devices.patch
>>
>> New devices
>> btrfs-control
>> dahdi
>> etherd
>> misc/dlm
>> pps
>> usbmon
>> uinput
>> uio
>>      
> Merged, except for usbmod, only because I wonder if it should be
> debugfs_t, since the same info is available
> under /sys/kernel/debug/usb/usbmon/* on a per-device basis.
>
>    
>> +dev_rw_generic_chr_files(devicekit_power_t)
>> +    dev_dontaudit_write_all_chr_files(abrt_helper_t)
>> +    dev_dontaudit_write_all_blk_files(abrt_helper_t)
>> +    dev_dontaudit_write_mtrr(iptables_t)
>> +dev_rw_all_inherited_chr_files(sandbox_domain)
>> +dev_rw_all_inherited_blk_files(sandbox_domain)
>> +dev_setattr_dlm_control(rgmanager_t)
>> +dev_setattr_dlm_control(gfs_controld_t
>> +dev_rw_dlm_control(dlm_controld_t)
>> +dev_write_kmsg(initrc_t)
>>
>>      

Should we label both usbmon_dev_t? usmonfs_t?