From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 20 Jul 2011 11:33:07 -0400
Subject: [refpolicy] [PATCH/RFC] Haveged definition
In-Reply-To: <20110720151732.GA18841@siphos.be>
References: <20110720151732.GA18841@siphos.be>
Message-ID: <4E26F533.5030803@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/20/11 11:17, Sven Vermeulen wrote:
> Haveged is a simple daemon that feeds the systems' random pool entropy using
> the HAVEGE algorithm.
>
> The following posts contain the .te, .if, .fc as well as the sysadm role
> enhancement to be able to manage the haveged process.
>
> My suggestion is to stick this in the services/ category. Yet, if there is a
> consensus that we don't want all services (especially relatively simple
> ones) in the reference policy, then that is fine by me as well.

How about turning audioentropy into entropyd and putting both services 
into the same domain?  The former has more permissions, but not many of 
consequence.  We could make a tunable that makes the obvious audio stuff 
configurable.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com