From: domg472@gmail.com (Dominick Grift)
Date: Thu, 9 Sep 2010 14:57:53 +0200
Subject: [refpolicy] [alsa patch 1/1] Interaction with alsa home content
 by confined users.
In-Reply-To: <4C88D931.2010807@tresys.com>
References: <20100908104106.GA31213@localhost.localdomain>
	<4C88D931.2010807@tresys.com>
Message-ID: <20100909125752.GD16089@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Sep 09, 2010 at 08:55:13AM -0400, Christopher J. PeBenito wrote:
> On 09/08/10 06:41, Dominick Grift wrote:
> >Confined users can manage and relabel alsa home files.
> >
> >Plus some cleanups inspired by example policy.
> >
> >Signed-off-by: Dominick Grift<domg472@gmail.com>
> >---
> [...]
> >diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
> >index 0c9876c..f9c23ed 100644
> >--- a/policy/modules/roles/staff.te
> >+++ b/policy/modules/roles/staff.te
> >@@ -53,6 +53,11 @@ optional_policy(`
> >
> >  ifndef(`distro_redhat',`
> >  	optional_policy(`
> >+		alsa_manage_home_files(staff_t)
> >+		alsa_relabel_home_files(staff_t)
> >+	')
> 
> Is there a reason why this needs to be excluded on redhat systems?

Yes confined users can manage and relabel all userdom_user_home_content by default (so its redundant)
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100909/22228b2d/attachment.bin