From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 22 Jul 2011 09:52:38 -0400
Subject: [refpolicy] [PATCH/RFC v4] Haveget support in (audio)entropyd
In-Reply-To: <4E29706F.5010803@tresys.com>
References: <20110720185845.GA21852@siphos.be> <4E29706F.5010803@tresys.com>
Message-ID: <4E2980A6.9020103@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/22/2011 08:43 AM, Christopher J. PeBenito wrote:
> On 07/20/11 14:58, Sven Vermeulen wrote:
>> This patch set segregates the obvious audio-related privileges
>> within entropyd_t (in the audioentropyd module) through the use of
>> a SELinux boolean "entropyd_use_audio", enhances the entropyd_t
>> with the privileges needed by haveged, and adds the proper file
>> contexts for haveged support.
>> 
>> Comments always appreciated. This obsoletes the previous patch set
>> titled "[PATCH/RFC v3] Haveget support in (audio)entropyd".
>> 
>> Changes since v2: - Use optional_policy ( tunable_policy ( ... ) )
>> format. The other way around isn't supported
>> 
>> Changes since v3: - dev_* calls do not need to be made optional,
>> they are part of base modules
> 
> Merged.  I need to do one of these to things:
> 
> 1. rename the module to entropyd.  Causes an annoying upgrade
> problem for distros.  Otherwise this is trivial since it has no
> interface compatibility to worry about.
> 
> 2. set the default of entropyd_use_audio to true since this is the 
> audioentropy module.
> 
> How do you feel about #1?  Dan, you too.
> 
Fine with me.  We can remove the old and add the new to the dist for the
name.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4pgKYACgkQrlYvE4MpobNktgCgkR9v+t4nyqxr4bIjVM/6NkIg
bFoAoJ2vegVTU4d8PWAm8S3ElwcmmalX
=f/Oz
-----END PGP SIGNATURE-----