From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 17 Mar 2010 15:17:50 -0400
Subject: [refpolicy] system_udev.patch
In-Reply-To: <4B84466C.9030609@redhat.com>
References: <4B84466C.9030609@redhat.com>
Message-ID: <1268853470.13301.110.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
> 
> Allow other domains to unlink udev_tbl_t

Needs a different interface, adding it to udev_rw_db() is an excessive
permission for the interface.

> Uses netlink sockets

Do you have any information on this?  It would be best to get a specific
class added for this socket, rather than use the generic netlink_socket.

Otherwise merged.

> Creates device_t symlinks
> 
> Reads consolekit_var_run
> 
> dontaudit leaks from hal
> 
> Searches rpm logs (probably a leak)
> 
> Transitions to usbmux_d
> 
> 
> 

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150