From: guido@trentalancia.com (Guido Trentalancia) Date: Tue, 07 Aug 2012 19:57:46 +0200 Subject: [refpolicy] [PATCH v4]: mcelog module initial rewrite In-Reply-To: <1344361404.2306.5.camel@d30.localdomain> References: <201208061519.q76FJcDp011962@vivaldi31.register.it> <1344267046.29329.57.camel@d30.localdomain> <50201053.9000506@trentalancia.com> <1344282251.29329.73.camel@d30.localdomain> <50215188.7040900@trentalancia.com> <1344361404.2306.5.camel@d30.localdomain> Message-ID: <5021571A.9070801@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 07/08/2012 19:43, Dominick Grift wrote: > >> >> It's needed for the (untested) client mode. >> >> There is a boolean for that (and for the server mode, as one might want >> to write another client for example). >> > > Its already allowed... I will explain it one more time: > > allow mcelog_t self:unix_stream_socket create_stream_socket_perms; > manage_sock_files_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t) > > is what allows this already. Its already there and therefore the > stream_connect_pattern() is reduntant. The above two do not have "connectto", which is needed by the client. >>>> -miscfiles_read_localization(mcelog_t) >>>> +term_dontaudit_use_all_ptys(mcelog_t) >>>> +term_dontaudit_use_all_ttys(mcelog_t) >>> >>> not needed. use: userdom_use_user_terminals(mcelog_t) >> >> It works and it appears to be widely used. >> >> However I am not entirely clear to me what would happen if the >> userdomain module is explicitly turned off and whether it will keep >> working in single-user mode... >> > > No need to worry about that. The userdomain module is not optional. It's a bit strange, if I turn it off, it still gets compiled in... >>>> +tunable_policy(`mcelog_foreground',` >>>> +term_use_all_ttys(mcelog_t) >>>> +term_use_all_ptys(mcelog_t) >>>> +') >>> >>> Not needed. >> >> See above. > > Although the policy improved i still have issues with various parts of > your policy. Perfection does not exist. Time available is not infinite. And there several (or sometimes even infinite) degrees of freedom when it comes to implement things. Since at the moment mcelog, is not supported or its support is broken (whichever you prefer), I suggest this v4 version is applied and then if you (or others) like to modify it, you can do so directly and indipendently. > However i won't review it anymore because i have made my points already > in previous reviews. No need for repeating myself. Your suggestions have been introduced (except from "connectto", see above). If it is for the booleans, then I think it's much better to have a configurable module once the default values allow the most common way of execution. You are unlikely to convince me here: I do not want a server writing to a socket information about the cpu. Regards, Guido