From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 07 Jun 2010 13:16:16 -0400
Subject: [refpolicy] kernel_kernel.patch
In-Reply-To: <1275923333.809.110.camel@gorn.columbia.tresys.com>
References: <4C06BE3E.20000@redhat.com>
	<1275923333.809.110.camel@gorn.columbia.tresys.com>
Message-ID: <4C0D2960.7090200@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/07/2010 11:08 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 16:25 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_kernel.patch
>>
>> Add ability to dontaudit requiests to load kernel modules.  If you
>> disable ipv6 every confined app that does ip, tries to get the kernel to
>> load the module.
>>
>> Better handling of unlabeled files by the kernel interfaces
>>
>> Apps needs to connect to the kernel stream
>
I guess we should hold off on this and remove it.  Might have been 
caused by the transition from sysinit/mkinitrd to upstart/dracut.  I 
will remove from Rawhide and see if this comes back.
> What are the examples?
>
>> Add type for infinibandeventfs
>
> This seems best suited for filesystem.
>
Ok If you want to move them there, or I will when you commit the changes.
>> Need to allow unlabeled_t files to be put on disk in order that livecd
>> will work.
>
> Thats odd; I would think that the filesystem being created would be
> iso9660_t.
>
> Otherwise merged.
>
>

No, livecd-creator is labeling files with labels the kernel does not 
understand.  So from the host perspective, these labels are unlabeled_t 
(Worst name ever).
livecd-creator creates a directory under /tmp and starts installing 
files using rpm, rpm uses a file context file different from the host. 
Causing unlabeled_t files to be stored on ext3 file system