From: russell@coker.com.au (Russell Coker) Date: Thu, 10 Mar 2011 01:59:00 +1100 Subject: [refpolicy] [PATCH 13/34]: patch to allow networkmanager dbus chat In-Reply-To: <1299681703.2948.42.camel@tesla.lan> References: <1297836836.3205.56.camel@tesla.lan> <1299681703.2948.42.camel@tesla.lan> Message-ID: <201103100159.00445.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 10 Mar 2011, Guido Trentalancia wrote: > > For domain transitions it is mostly a matter of having a cron job or > > nagios entry that searches for wrong entries such as processes in > > kernel_t or initrc_t. > > What's wrong with just a "make check" target in refpolicy ? It just doesn't work. The main problem I've found in transitions not working is binaries getting renamed, which "make check" can never find. The next issue is application misconfiguration, such as an xdm program not having the correct PAM configuration, again it's not something that you can check through policy. > There is major limitation with this: reboot and/or restarting of > services required. In the simple solution that I was thinking of, this > limitation could be documented and printed out: echo $limitation ; sleep > 10 ; carry out basic sanity checks. Rebooting a VM is no big deal at all. It's something that can be done by a cron job. Also I'd like to automate the process of an X login and running some applications in KDE and GNOME sessions. Any suggestions of how to do this would be appreciated. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/