From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 19 Oct 2012 16:51:46 -0400
Subject: [refpolicy] [REVIEW REQUEST] Changes to the pulseaudio policy
 module and its dependencies
In-Reply-To: <1350670399.12496.24.camel@d30.localdomain>
References: <1350667422-9219-1-git-send-email-dominick.grift@gmail.com>
	<20121019180055.GA11667@siphos.be>
	<1350670399.12496.24.camel@d30.localdomain>
Message-ID: <5081BD62.6090302@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/19/2012 02:13 PM, Dominick Grift wrote:

They are allowed to create files in the tmpfs.

Imagine a third party product creates a tmpfs in /dev/mytmpfs

Currently confined apps and users are allowed to create files in that
directory, if we gave access only to shm_t then this tmpfs would be protected.
 Of course the third party could label it's tmpfs something different, but
then they would need to know about SELinux.

Just a thought.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCBvWEACgkQrlYvE4MpobNLMACfcrm3eZjg1Q9Y8LlGzWL7opv8
h+EAoL/64RCTl7fsUSKUY7Yqdw1MCcKG
=Nn6r
-----END PGP SIGNATURE-----