From: dominick.grift@gmail.com (Dominick Grift)
Date: Mon, 06 Aug 2012 17:48:05 +0200
Subject: [refpolicy] [PATCH]: mcelog module initial rewrite
In-Reply-To: <201208061538.q76FcbuT031917@vivaldi41.register.it>
References: <201208061538.q76FcbuT031917@vivaldi41.register.it>
Message-ID: <1344268085.29329.62.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Mon, 2012-08-06 at 17:38 +0200, Guido Trentalancia wrote:

> I think create_socket_perms does not allow "connectto", which is what the client needs, but I'll double-check again.

Yes i was not sure. Use create_stream_socket_perms instead of
create_socket_perms. That should allow the connectto permission.

> Do you believe it won't work that way ?

It will work fine but that is not the point. The point is that it will
be a change from the usual and for not much benefit if any at all, at
least at the moment.

There is no compelling reason to use mcelog_exec_t.

> 
> Regards,
> 
> Guido 
>