From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 13 Sep 2012 11:36:47 -0400
Subject: [refpolicy] [PATCH 1/2] Label /var/run/mdadm/map as mdadm_map_t
In-Reply-To: <1347468575.2915.16.camel@d30.localdomain>
References: <1347406308-20976-1-git-send-email-bigon@debian.org>
	<1347468575.2915.16.camel@d30.localdomain>
Message-ID: <5051FD8F.9020801@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2012 12:49 PM, Dominick Grift wrote:
> 
> 
> On Wed, 2012-09-12 at 01:31 +0200, Laurent Bigonville wrote:
>> From: Laurent Bigonville <bigon@bigon.be>
>> 
>> mdadm is now creating map file under /run/mdadm/map --- raid.fc |    1 + 
>> 1 file changed, 1 insertion(+)
>> 
>> diff --git a/raid.fc b/raid.fc index ed9c70d..e3c8bfb 100644 ---
>> a/raid.fc +++ b/raid.fc @@ -4,3 +4,4 @@ /sbin/mdmpd		--
>> gen_context(system_u:object_r:mdadm_exec_t,s0)
>> 
>> /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0) 
>> +/var/run/mdadm/map	--	gen_context(system_u:object_r:mdadm_map_t,s0)
> 
> I think its probably best to drop mdadm_map_t and make it an alias of 
> mdadm_var_run_t instead
> 
> I have some changes from both myself and fedora for raid module in the 
> pipeline.
> 
> It sucks though because both fedora as well as refpolicy made mdadm_t a 
> unconfined type. That basically makes it almost impossible for us to 
> develop it further and receive feedback on it.
> 
> _______________________________________________ refpolicy mailing list 
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
> 
Dominick lets turn that off in Rawhide.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBR/Y8ACgkQrlYvE4MpobO3CQCgqM77dqA/OM9r7a16r7PNfAHP
rnwAoNCHmqHjQmcN/g1eQj4vj7MlMhSi
=2osU
-----END PGP SIGNATURE-----