From: domg472@gmail.com (Dominick Grift) Date: Wed, 23 Jun 2010 14:35:20 +0200 Subject: [refpolicy] [ irc patch 1/1] Extend the IRC domain to include IRSSI. In-Reply-To: <1277295332.19832.12.camel@gorn.columbia.tresys.com> References: <20100622193622.GA26980@localhost.localdomain> <1277236148.19832.6.camel@gorn.columbia.tresys.com> <4C21CC04.1010606@gmail.com> <1277295332.19832.12.camel@gorn.columbia.tresys.com> Message-ID: <4C21FF88.9030909@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/23/2010 02:15 PM, Christopher J. PeBenito wrote: >>>> optional_policy(` >>>> + automount_dontaudit_getattr_tmp_dirs(irc_t) >>>> +') >>>> + >>>> +optional_policy(` >>>> nis_use_ypbind(irc_t) >>>> ') >>>> + >>>> +optional_policy(` >>>> + nscd_socket_use(irc_t) >>>> +') >>> >>> These two and the netlink_route socket earlier makes it look like its >>> going towards auth_use_nsswitch(). >>> >> >> Mozilla also has "automount_dontaudit_getattr_tmp_dirs", >> "nscd_socket_use" and "... self:netlink_route_socket >> r_netlink_socket_perms;", but does NOT have auth_use_nsswitch(). > > I mean the nis_use_ypbind(), nscd_socket_use(), and netlink_route_socket > perms. Mozilla does not have nis_use_ypbind(), so it doesn't seem to > need auth_use_nsswitch() yet. Thats not the case here. > >> So either mozillas policy is wrong here too or it is unrelated. >> >> Fact remains that irssi searches nscd pid directories, likely looking >> for the nscd.socket to connectto. >> >> automount_dontaudit_getattr_tmp_dirs(irc_t) is in my view not specific >> to irc clients, but since the irc domain can own temporary objects, my >> opinion is that we should support it. >> >> All in all, personally i would only change the boolean name and leave >> the rest unchanged. >> > Also note that nis_use_ypbind(irc_t) was already there for irc_t. But nonetheless my irssi policy also has it. The underlying idea for me was to support nis. (which i cannot confirm that it actually works) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100623/e8121b0a/attachment.bin