From: guido@trentalancia.com (Guido Trentalancia)
Date: Mon, 24 Jan 2011 16:49:24 +0100
Subject: [refpolicy] [PATCH/RFC 14/19]: patch set to update the git
 reference policy
In-Reply-To: <4D3D8387.6010003@gmail.com>
References: <1295829869.3862.73.camel@tesla.lan> <4D3D8387.6010003@gmail.com>
Message-ID: <1295884164.1547.8.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 24/01/2011 at 14.49 +0100, Dominick Grift wrote:
> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
> > --- refpolicy-git-18012011/policy/modules/system/logging.te	2011-01-08 19:07:21.356759360 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/system/logging.te	2011-01-18 23:13:49.813854998 +0100
> > @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
> >  
> >  allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
> >  
> > +allow audisp_t proc_t:file read_file_perms;
> 
> usage of proc_t is not allowed here. use:
> 
> kernel_read_system_state(audisp_t)

Ok, it will be changed accordingly. Wasn't aware of that restriction, is
it the style guidelines thing ? Of course, proc_t is not defined
there...

There were other comments to other pieces of the set. Will check the
rest later this evening or tomorrow as it requires a bit more time.

Thanks very much for your comments.

Regards,

Guido