From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 07 Jun 2010 08:51:26 -0400
Subject: [refpolicy] kernel_domain.patch
In-Reply-To: <4C090511.3070601@redhat.com>
References: <4C06BD01.3000706@redhat.com>
	<1275658792.809.49.camel@gorn.columbia.tresys.com>
	<4C090511.3070601@redhat.com>
Message-ID: <1275915086.809.86.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2010-06-04 at 09:52 -0400, Daniel J Walsh wrote:
> On 06/04/2010 09:39 AM, Christopher J. PeBenito wrote:
> > On Wed, 2010-06-02 at 16:20 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_domain.patch
> >>
> >> Fix interface descriptions
> >>
> >> Lots of new domains.
> >>
> >> Added polydomain
> >
> > What is the purpose of polydomain?
> >
> 
> If I have a polinstatiated homedir like on an MLS machine.  When login 
> programs creates the homedir it needs to populate it with content from 
> /etc/skel.  When it does this, it needs to relabel it to user homedir 
> content.

That sounds like rules in auth_login_pgm_domain() that should already
exist.

> tunable_policy(`allow_polyinstantiation',`
> 	files_polyinstantiate_all(polydomain)
> 	userdom_manage_user_home_content_dirs(polydomain)
> 	userdom_manage_user_home_content_files(polydomain)
> 	userdom_relabelto_user_home_dirs(polydomain)
> 	userdom_relabelto_user_home_files(polydomain)
> '

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com