From: dominick.grift@gmail.com (Dominick Grift) Date: Thu, 13 Sep 2012 18:09:28 +0200 Subject: [refpolicy] [PATCH 1/2] Label /var/run/mdadm/map as mdadm_map_t In-Reply-To: <5051FD8F.9020801@redhat.com> References: <1347406308-20976-1-git-send-email-bigon@debian.org> <1347468575.2915.16.camel@d30.localdomain> <5051FD8F.9020801@redhat.com> Message-ID: <1347552568.2915.30.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2012-09-13 at 11:36 -0400, Daniel J Walsh wrote: > On 09/12/2012 12:49 PM, Dominick Grift wrote: > > > > > > On Wed, 2012-09-12 at 01:31 +0200, Laurent Bigonville wrote: > >> From: Laurent Bigonville > >> > >> mdadm is now creating map file under /run/mdadm/map --- raid.fc | 1 + > >> 1 file changed, 1 insertion(+) > >> > >> diff --git a/raid.fc b/raid.fc index ed9c70d..e3c8bfb 100644 --- > >> a/raid.fc +++ b/raid.fc @@ -4,3 +4,4 @@ /sbin/mdmpd -- > >> gen_context(system_u:object_r:mdadm_exec_t,s0) > >> > >> /var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0) > >> +/var/run/mdadm/map -- gen_context(system_u:object_r:mdadm_map_t,s0) > > > > I think its probably best to drop mdadm_map_t and make it an alias of > > mdadm_var_run_t instead > > > > I have some changes from both myself and fedora for raid module in the > > pipeline. > > > > It sucks though because both fedora as well as refpolicy made mdadm_t a > > unconfined type. That basically makes it almost impossible for us to > > develop it further and receive feedback on it. > > > > _______________________________________________ refpolicy mailing list > > refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy > > > Dominick lets turn that off in Rawhide. > That is a good idea. I would like to hear pebenito' opinion about removing it in refpolicy as well. what caused refpolicy to make mdadm_t a unconfined domain in the first place?