From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 19 Oct 2012 23:03:07 +0200
Subject: [refpolicy] [REVIEW REQUEST] Changes to the pulseaudio policy
 module and its dependencies
In-Reply-To: <5081BD62.6090302@redhat.com>
References: <1350667422-9219-1-git-send-email-dominick.grift@gmail.com>
	<20121019180055.GA11667@siphos.be>
	<1350670399.12496.24.camel@d30.localdomain>
	<5081BD62.6090302@redhat.com>
Message-ID: <1350680587.12496.33.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Fri, 2012-10-19 at 16:51 -0400, Daniel J Walsh wrote:
> On 10/19/2012 02:13 PM, Dominick Grift wrote:
> 
> They are allowed to create files in the tmpfs.
> 
> Imagine a third party product creates a tmpfs in /dev/mytmpfs
> 
> Currently confined apps and users are allowed to create files in that
> directory, if we gave access only to shm_t then this tmpfs would be protected.
>  Of course the third party could label it's tmpfs something different, but
> then they would need to know about SELinux.
> 
> Just a thought.

Sure i am ok with that idea. go ahead and implement it ;)

I am currently more interested in applicable feed back, suggestions and
comments on the patch in the topic though :)