From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 18 Jun 2010 14:47:03 -0400
Subject: [refpolicy] admin_dmesg.patch
In-Reply-To: <1276777580.2929.192.camel@gorn.columbia.tresys.com>
References: <4C06B51B.8000309@redhat.com>
	<1276777580.2929.192.camel@gorn.columbia.tresys.com>
Message-ID: <4C1BBF27.4060606@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/17/2010 08:26 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
>>
>> Abrt transitions to  sosreport_t which transitions to dmesg_t
>>
>> And leaks these descriptors.
>
> It sounds like these should be dontaudit instead (?)
>
No I guess in this case leak is the wrong term.  It is passing along an 
stdout which points for a file in its /var/run directory

abrt execs "sosreport > /var/run/sosreport/report.dat"

So we want to allow the dmesg output to get stored in this file.