From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 22 Jul 2011 08:43:27 -0400
Subject: [refpolicy] [PATCH/RFC v4] Haveget support in (audio)entropyd
In-Reply-To: <20110720185845.GA21852@siphos.be>
References: <20110720185845.GA21852@siphos.be>
Message-ID: <4E29706F.5010803@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/20/11 14:58, Sven Vermeulen wrote:
> This patch set segregates the obvious audio-related privileges within
> entropyd_t (in the audioentropyd module) through the use of a SELinux
> boolean "entropyd_use_audio", enhances the entropyd_t with the privileges
> needed by haveged, and adds the proper file contexts for haveged support.
>
> Comments always appreciated. This obsoletes the previous patch set titled
> "[PATCH/RFC v3] Haveget support in (audio)entropyd".
>
> Changes since v2:
> - Use optional_policy ( tunable_policy ( ... ) ) format. The other way
>    around isn't supported
>
> Changes since v3:
> - dev_* calls do not need to be made optional, they are part of base modules

Merged.  I need to do one of these to things:

1. rename the module to entropyd.  Causes an annoying upgrade problem 
for distros.  Otherwise this is trivial since it has no interface 
compatibility to worry about.

2. set the default of entropyd_use_audio to true since this is the 
audioentropy module.

How do you feel about #1?  Dan, you too.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com