From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 16 Feb 2011 09:31:00 -0500 Subject: [refpolicy] [PATCH 1/1] Without allow siginh, we get a huge timeout wait period (15 seconds) In-Reply-To: <20110214190352.GC13533@siphos.be> References: <20110206151633.GA13056@siphos.be> <4D593FB4.5030307@tresys.com> <20110214190352.GC13533@siphos.be> Message-ID: <4D5BDFA4.2090400@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/14/11 14:03, Sven Vermeulen wrote: > On Mon, Feb 14, 2011 at 09:44:04AM -0500, Christopher J. PeBenito wrote: >> On 2/6/2011 10:16 AM, Sven Vermeulen wrote: >>> We need to allow siginh; without it, xinit waits for 15 seconds >>> before continuing (not really user friendly), even though the system >>> functions properly afterwards. >> >> This needs a comment in the policy. Also, it should probably go in >> xserver_restricted_role() instead. > > Why not both (xserver_role and xserver_restricted_role)? Both get the timeout otherwise. xserver_role() calls xserver_restricted_role(). > I'm trying to find some information on the SIGINH but am failing > tremendously (all that I can find is that SELinux dontaudit's it and the > fact that many people don't know that). What is siginh? Signal inheritance across exec(). -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com