From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 09 Jun 2010 09:09:59 -0400
Subject: [refpolicy] kernel_files.patch
In-Reply-To: <4C06BD89.7000606@redhat.com>
References: <4C06BD89.7000606@redhat.com>
Message-ID: <1276088999.809.172.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2010-06-02 at 16:22 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
> 
> Files created in / I label as etc_runtime_t, we have never come up with 
> a better label.

I think that you couldn't come up with a better label because there is
no good label.  There isn't a standard concept of what files created in
the root directory are.

> Miroslav added system_conf_t so firewall apps could edit these files

I'm still thinking about this one.  It still seems weird, but I'm not
sure why.

> Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
> 
> Fix labels on chroot environments

Otherwise merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com