From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 16 Feb 2011 09:31:00 -0500
Subject: [refpolicy] [PATCH 1/1] Without allow siginh,
 we get a huge timeout wait period (15 seconds)
In-Reply-To: <20110214190352.GC13533@siphos.be>
References: <20110206151633.GA13056@siphos.be> <4D593FB4.5030307@tresys.com>
	<20110214190352.GC13533@siphos.be>
Message-ID: <4D5BDFA4.2090400@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/14/11 14:03, Sven Vermeulen wrote:
> On Mon, Feb 14, 2011 at 09:44:04AM -0500, Christopher J. PeBenito wrote:
>> On 2/6/2011 10:16 AM, Sven Vermeulen wrote:
>>> We need to allow siginh; without it, xinit waits for 15 seconds
>>> before continuing (not really user friendly), even though the system
>>> functions properly afterwards.
>>
>> This needs a comment in the policy.  Also, it should probably go in 
>> xserver_restricted_role() instead.
> 
> Why not both (xserver_role and xserver_restricted_role)? Both get the timeout otherwise.

xserver_role() calls xserver_restricted_role().

> I'm trying to find some information on the SIGINH but am failing
> tremendously (all that I can find is that SELinux dontaudit's it and the
> fact that many people don't know that). What is siginh?

Signal inheritance across exec().

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com