From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 12 Jul 2010 10:43:14 -0400
Subject: [refpolicy] apps_livecd.patch
In-Reply-To: <4C348FCA.8070109@gmail.com>
References: <4C06B9EA.8080208@redhat.com> <4C348F2F.4090306@tresys.com>
	<4C348FCA.8070109@gmail.com>
Message-ID: <4C3B2A02.7080209@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/07/2010 10:31 AM, Dominick Grift wrote:
> On 07/07/2010 04:29 PM, Christopher J. PeBenito wrote:
>> On 06/02/10 16:07, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_livecd.patch
>>>
>>> Policy for livecd tool to allow it to build alternate livecd for
>>> different os and policy versions.
>>
>> Merged.
>>
> 
> This policy has a bug:
> 
> +seutil_domtrans_setfiles_mac(livecd_t)
> 
> should be: seutil_run_setfiles_mac(livecd_t, system_r)
> 
Actually, it should be removed since the proper code is in livecd_run.

Currently we don't allow system (init) processes to run this domain.

> Because else you will hit a constraint (no role is allowed the
> setfiles_mac_t domain)
> 
> 
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy