From: guido@trentalancia.com (Guido Trentalancia)
Date: Tue, 25 Jan 2011 13:58:02 +0100
Subject: [refpolicy] [PATCH/RFC 13/19]: patch set to update the git
 reference policy
In-Reply-To: <4D3D841D.3020009@gmail.com>
References: <1295829866.3862.72.camel@tesla.lan> <4D3D841D.3020009@gmail.com>
Message-ID: <1295960282.1665.50.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Dominick !

On Mon, 24/01/2011 at 14.52 +0100, Dominick Grift wrote:
> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x
corenetwork.te -x modules.conf
refpolicy-git-18012011/policy/modules/system/authlogin.te
refpolicy-git-18012011-new/policy/modules/system/authlogin.te
> > --- refpolicy-git-18012011/policy/modules/system/authlogin.te
2011-01-08 19:07:21.347757938 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/system/authlogin.te
2011-01-23 03:05:26.447319474 +0100
> > @@ -91,6 +91,9 @@ files_list_etc(chkpwd_t)
> >  # is_selinux_enabled
> >  kernel_read_system_state(chkpwd_t)
> >  
> > +kernel_search_sysctl(chkpwd_t)
> 
> I think this is duplicate. kernel_read_crypto_sysctls() already
provides
> access to search sysctl directories.

Changed.

> > +kernel_read_crypto_sysctls(chkpwd_t)
> > +
> >  domain_dontaudit_use_interactive_fds(chkpwd_t)
> >  
> >  dev_read_rand(chkpwd_t)
> > @@ -269,6 +272,7 @@ term_setattr_console(pam_console_t)
> >  term_getattr_unallocated_ttys(pam_console_t)
> >  term_setattr_unallocated_ttys(pam_console_t)
> >  term_use_unallocated_ttys(pam_console_t)
> > +term_use_generic_ptys(pam_console_t)
> 
> Where do these generic ptys come from?

I am not sure... they might be mistaken.

Best thing to do is probably to remove them and test again. In the end I
had just submitted for comments, so nothing was meant to be definitive.

Thanks for pointing that out anyway ! As always your comments are much
appreciated and they always prove to be very useful.

> >  auth_use_nsswitch(pam_console_t)
> >  
> > @@ -334,6 +338,7 @@ files_manage_etc_files(updpwd_t)
> >  
> >  term_dontaudit_use_console(updpwd_t)
> >  term_dontaudit_use_unallocated_ttys(updpwd_t)
> > +term_use_generic_ptys(updpwd_t)
> >  
> >  auth_manage_shadow(updpwd_t)
> >  auth_use_nsswitch(updpwd_t)

Same as above for the generic ptys.

Regards,

Guido