From: domg472@gmail.com (Dominick Grift)
Date: Mon, 24 Jan 2011 14:52:29 +0100
Subject: [refpolicy] [PATCH/RFC 13/19]: patch set to update the git
 reference policy
In-Reply-To: <1295829866.3862.72.camel@tesla.lan>
References: <1295829866.3862.72.camel@tesla.lan>
Message-ID: <4D3D841D.3020009@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/authlogin.te refpolicy-git-18012011-new/policy/modules/system/authlogin.te
> --- refpolicy-git-18012011/policy/modules/system/authlogin.te	2011-01-08 19:07:21.347757938 +0100
> +++ refpolicy-git-18012011-new/policy/modules/system/authlogin.te	2011-01-23 03:05:26.447319474 +0100
> @@ -91,6 +91,9 @@ files_list_etc(chkpwd_t)
>  # is_selinux_enabled
>  kernel_read_system_state(chkpwd_t)
>  
> +kernel_search_sysctl(chkpwd_t)

I think this is duplicate. kernel_read_crypto_sysctls() already provides
access to search sysctl directories.

> +kernel_read_crypto_sysctls(chkpwd_t)
> +
>  domain_dontaudit_use_interactive_fds(chkpwd_t)
>  
>  dev_read_rand(chkpwd_t)
> @@ -269,6 +272,7 @@ term_setattr_console(pam_console_t)
>  term_getattr_unallocated_ttys(pam_console_t)
>  term_setattr_unallocated_ttys(pam_console_t)
>  term_use_unallocated_ttys(pam_console_t)
> +term_use_generic_ptys(pam_console_t)

Where do these generic ptys come from?

>  
>  auth_use_nsswitch(pam_console_t)
>  
> @@ -334,6 +338,7 @@ files_manage_etc_files(updpwd_t)
>  
>  term_dontaudit_use_console(updpwd_t)
>  term_dontaudit_use_unallocated_ttys(updpwd_t)
> +term_use_generic_ptys(updpwd_t)
>  
>  auth_manage_shadow(updpwd_t)
>  auth_use_nsswitch(updpwd_t)
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEUEARECAAYFAk09hB0ACgkQMlxVo39jgT/WIACXdd1sXIQ3CbnS5xL/Uf4Btl4/
/wCeLgcW25UQUQm8uwOF3JsvmfVO4Oo=
=pG+w
-----END PGP SIGNATURE-----