From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 09 Jan 2012 16:22:38 -0500
Subject: [refpolicy] Contribute ctdbd policy from Fedora to Refpolicy
In-Reply-To: <20120109210834.GG3416@siphos.be>
References: <4F072F46.9090709@redhat.com> <20120109210834.GG3416@siphos.be>
Message-ID: <4F0B5A9E.10308@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/09/2012 04:08 PM, Sven Vermeulen wrote:
> On Fri, Jan 06, 2012 at 12:28:38PM -0500, Daniel J Walsh wrote:
>> Please Review and Ack.
> [...]
> 
> There's some indentation wrong (especially in the interfaces),
> looks like there are some lines with tab and some with spaces.
> 
>> +exec_files_pattern(ctdbd_t, ctdbd_var_lib_t, ctdbd_var_lib_t)
> 
> Oh noes, not again ;-)
> 
> Same here like with boinc, is there a possibility to have some
> segregation between the "regular" ctdbd_var_lib_t and the files
> ctdbd_t wants to execute?
> 
> If not (or not feasible), ok by me.
> 
> Wkr, Sven Vermeulen 
> _______________________________________________ refpolicy mailing
> list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy

Maybe if these have a constant name, but we have to ask Miroslav.
Maybe we could use file_name_trans rules, but I still think we end up
with a type that has to be written and executed by the same domain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LWp4ACgkQrlYvE4MpobMnBwCg4/1K8+VHObTlWePkrRupWaeV
tUoAoKnyvJV2W8i7tXNrwq7exIKF3X1A
=cEv+
-----END PGP SIGNATURE-----