From: dac.override@gmail.com (Dominick Grift) Date: Wed, 27 Apr 2016 18:51:03 +0200 Subject: [refpolicy] [Patch V2 1/1] Add hwloc-dump-hwdata SELinux policy In-Reply-To: References: <1461745535-6857-1-git-send-email-grzegorz.andrejczuk@intel.com> <1461770515-13153-1-git-send-email-grzegorz.andrejczuk@intel.com> <1461770515-13153-2-git-send-email-grzegorz.andrejczuk@intel.com> Message-ID: <811e1359-2b99-91a5-a7dc-aca858fc1224@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/27/2016 06:47 PM, Jason Zaman wrote: >> + +######################################## +##

+## >> Manage hwloc runtime. +##

+## >> +##

+## Domain allowed access. +## >>

+## +# +interface(`hwloc_manage_runtime',` + >> gen_require(` + type hwloc_var_run_t; + ') + >> + files_rw_pid_dirs($1) > This seems wrong. Shouldn't it be a pid filetrans on 'hwloc'? There > is no reason to give rw perms on everything in /run. > This is suitable for use with manual type transition Example: mkdir -Z /var/run/hwloc Mainly for sysadm - -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBCAAGBQJXIO3xAAoJECV0jlU3+Udp31gL/3C/e2aUhW7WGth1Gs8epSIm BacwwYY0hY2sCQdfDJQuITvyv9M5P2YrWwlW7/YwpSt940mRmFIO376LqaRYd0H4 LRDES3+hsO+m+78qenzrpjTJC4ZpwFAlvqEpA/325mEd5/Kz6P0jkIK5KiXh/lDJ P2vKJqmzMWSzPu4mXGEhjXBdITKV5Y6LtJDCdlkSk7xqSrYi+J4ANldExIDc+hE8 FF50VnlMZekfHSRnpMWvKTW4f0zbFcNmqCDBEXq4tQm4YLfz2Q1BqgQ2IxU93Qn4 4Xo3dzVGudM7zF+N2kS1sy/BlYnkrDiX4ArQMC83AOwwLf0WXLMysJ3SrvX/Gx6e uTzIVrsaHMRUo0tYrgdtDSeSMPwBW5Zyc+yrBf6xt+7Lr+WNbRo9TBbJJBxvAxdV 9rzxkDgRqNo00BTlxE1YUVDNaYaWBTNlJQoNCeydb0CET2M9ZFjIbOkjbyQLGhPE +ro+tneeggcgnVsrGXK2LPbe51dKuZFAHtsbnUdHgA== =kFAr -----END PGP SIGNATURE-----