From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 7 Sep 2011 21:38:53 +0200
Subject: [refpolicy] [PATCH 1/6] Allow using user terminals
In-Reply-To: <4E6666D7.1040502@tresys.com>
References: <20110904112506.GA2631@siphos.be> <20110904112545.GB2631@siphos.be>
	<4E6666D7.1040502@tresys.com>
Message-ID: <20110907193853.GB11855@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, Sep 06, 2011 at 02:30:47PM -0400, Christopher J. PeBenito wrote:
> On 09/04/11 07:25, Sven Vermeulen wrote:
> > In order to debug wireshark startup issues, it is important that
> > wireshark, when started from a command line, is allowed to output its
> > error messages.
[...]
> > +userdom_use_user_terminals(wireshark_t)
> 
> Isn't wireshark an X app?  Wouldn't it only need pty access?
> 

Ah yes, my bad. That was a remainder from an earlier attempt where dumpcap
too was labeled wireshark_exec_t (in the hope that I didn't need to allow
execute rights on bin_t) which is a commandline application (and useful in
batch jobs or scripts without need for wireshark).

I'll resubmit with userdom_use_user_ptys().

Wkr,
	Sven Vermeulen