From: guido@trentalancia.com (Guido Trentalancia)
Date: Mon, 24 Jan 2011 16:36:19 +0100
Subject: [refpolicy] [PATCH/RFC 16/19]: patch set to update the git
 reference policy
In-Reply-To: <4D3D851C.9080201@gmail.com>
References: <1295829874.3862.75.camel@tesla.lan> <4D3D851C.9080201@gmail.com>
Message-ID: <1295883379.1547.3.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 24/01/2011 at 14.56 +0100, Dominick Grift wrote:
> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/sysnetwork.if refpolicy-git-18012011-new/policy/modules/system/sysnetwork.if
> > --- refpolicy-git-18012011/policy/modules/system/sysnetwork.if	2011-01-08 19:07:21.362760308 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/system/sysnetwork.if	2011-01-18 23:13:49.817855562 +0100
> > @@ -215,6 +215,24 @@ interface(`sysnet_rw_dhcp_config',`
> >  
> >  ########################################
> >  ## <summary>
> > +##      Search dhcp client state directories.
> > +## </summary>
> > +## <param name="domain">
> > +##      <summary>
> > +##      Domain allowed access.
> > +##      </summary>
> > +## </param>
> > +#
> > +interface(`sysnet_search_dhcpc_state',`
> > +	gen_require(`
> > +		type dhcpc_state_t;
> > +	')
> > +
> > +	search_dirs_pattern($1, dhcpc_state_t, dhcpc_state_t)
> > +')
> 
> You should also provide access to the location of dhcpc_state_t
> directories. This interface may allow access to search dhcpc_state_t
> directories, but it does not do any good if the caller cannot search its
> parent(s).

Ok, I agree and it will be done. You already pointed out for another
similar interface. I had created just the minimum permissions that were
actually being required.

Regards,

Guido