From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 19 Jul 2010 13:48:42 -0400
Subject: [refpolicy] apps_userhelper.patch
In-Reply-To: <4C3C5A34.5000709@redhat.com>
References: <4C06BBE5.4030000@redhat.com> <4C35E7A7.4070808@tresys.com>
	<4C3C5A34.5000709@redhat.com>
Message-ID: <4C448FFA.9040309@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/13/10 08:21, Daniel J Walsh wrote:
> On 07/08/2010 10:58 AM, Christopher J. PeBenito wrote:
>> On 06/02/10 16:15, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_userhelper.patch
>>>
>>> Add policy for consolehelper so staff_t can shutdown the machine
>>
>> Why does this need to be templated, rather than using a single
>> consolehelper_t?
>>
> Probably does not need it.  I think I created this policy off of
> userhelper, which was templated.  The only think we might want would be
> to allow
>
> staff_t @consolehelper ->  staff_consolehelper_t @ bin_t ->  staff_t.
>
> But I don't have a use case for this.

Ok, well then either we need to come up for a use case for the templated 
form, otherwise I'd prefer to have a single domain.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com