From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 07 Jun 2010 11:08:53 -0400
Subject: [refpolicy] kernel_kernel.patch
In-Reply-To: <4C06BE3E.20000@redhat.com>
References: <4C06BE3E.20000@redhat.com>
Message-ID: <1275923333.809.110.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2010-06-02 at 16:25 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_kernel.patch
> 
> Add ability to dontaudit requiests to load kernel modules.  If you 
> disable ipv6 every confined app that does ip, tries to get the kernel to 
> load the module.
> 
> Better handling of unlabeled files by the kernel interfaces
> 
> Apps needs to connect to the kernel stream

What are the examples?

> Add type for infinibandeventfs

This seems best suited for filesystem.

> Need to allow unlabeled_t files to be put on disk in order that livecd 
> will work.

Thats odd; I would think that the filesystem being created would be
iso9660_t.

Otherwise merged.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com