From: ssalley@likewise.com (Scott Salley)
Date: Mon, 08 Mar 2010 11:12:06 -0800
Subject: [refpolicy] [PATCH 1/1] Likewise policy
Message-ID: <4B954C06.3080409@likewise.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

>> +allow lwiod_t likewise_krb5_ad_t:file read_file_perms;
>> +allow lwiod_t netlogond_var_lib_t:file read_file_perms;
>> +
>> +corenet_tcp_bind_generic_node(lwiod_t)
>> +corenet_tcp_bind_smbd_port(lwiod_t)
>> +corenet_tcp_connect_smbd_port(lwiod_t)
>
>The networking block is missing to interface calls to ensure compatibility.

Sorry, I don't understand the comment 'The networking block is missing...".
Could you please explain?


>> +allow lwsmd_t lwregd_t:process { signal siginh rlimitinh };
>> +allow lwsmd_t netlogond_t:process { signal siginh rlimitinh };
>> +allow lwsmd_t srvsvcd_t:process { signal siginh rlimitinh };

>I suspect these can be removed. signal is already allowed and the other
>permissions are rarely needed.

Where is signal already allowed? (siginh and rlimitinh can certainly be removed).


Thank you for all the comments/advice/criticism.