From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 04 Jun 2010 09:52:17 -0400
Subject: [refpolicy] kernel_domain.patch
In-Reply-To: <1275658792.809.49.camel@gorn.columbia.tresys.com>
References: <4C06BD01.3000706@redhat.com>
	<1275658792.809.49.camel@gorn.columbia.tresys.com>
Message-ID: <4C090511.3070601@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/04/2010 09:39 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 16:20 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_domain.patch
>>
>> Fix interface descriptions
>>
>> Lots of new domains.
>>
>> Added polydomain
>
> What is the purpose of polydomain?
>

If I have a polinstatiated homedir like on an MLS machine.  When login 
programs creates the homedir it needs to populate it with content from 
/etc/skel.  When it does this, it needs to relabel it to user homedir 
content.


tunable_policy(`allow_polyinstantiation',`
	files_polyinstantiate_all(polydomain)
	userdom_manage_user_home_content_dirs(polydomain)
	userdom_manage_user_home_content_files(polydomain)
	userdom_relabelto_user_home_dirs(polydomain)
	userdom_relabelto_user_home_files(polydomain)
'