From: domg472@gmail.com (Dominick Grift)
Date: Mon, 08 Mar 2010 20:42:01 +0100
Subject: [refpolicy] [PATCH 1/1] Likewise policy
In-Reply-To: <4B955272.4040003@gmail.com>
References: <4B954C06.3080409@likewise.com> <4B955272.4040003@gmail.com>
Message-ID: <4B955309.5090006@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/08/2010 08:39 PM, Dominick Grift wrote:
> On 03/08/2010 08:12 PM, Scott Salley wrote:
>>>> +allow lwsmd_t lwregd_t:process { signal siginh rlimitinh };
>>>> +allow lwsmd_t netlogond_t:process { signal siginh rlimitinh };
>>>> +allow lwsmd_t srvsvcd_t:process { signal siginh rlimitinh };
>>
>>> I suspect these can be removed. signal is already allowed and the other
>>> permissions are rarely needed.
>>
>> Where is signal already allowed? (siginh and rlimitinh can certainly be removed).
> 
> +	allow $1 self:process { signal_perms getsched setsched };
> 
> It is included in the signal_perms permission set. (likewise.if)

Whoops my bad. That is to self and yours is to other domain types.

skip that comment please.

>>
>> Thank you for all the comments/advice/criticism.
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100308/1450dd94/attachment.bin