From: russell@coker.com.au (Russell Coker) Date: Wed, 3 Aug 2016 12:31:26 +1000 Subject: [refpolicy] [PATCH] policy for "mon" network monitoring In-Reply-To: <246b3e68-c54f-0454-97f1-8d8684f13d0c@ieee.org> References: <20160731090959.fihe7ytiorwwfjno@athena.coker.com.au> <246b3e68-c54f-0454-97f1-8d8684f13d0c@ieee.org> Message-ID: <201608031231.26961.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 3 Aug 2016 10:25:57 AM Chris PeBenito wrote: > > We could consider setting up multiple domains for tests, for example one > > domain for talking to the Internet and another for local checks. But I > > That would be a good thing to move towards as the network access on top > of sudo doesn't inspire me with much confidence. Well it's not nearly as bad as the daemons that have net access and capabilities like setuid. > > think that the current policy is good enough to be included at the moment > > and we can discuss changes later. > > The mon_test_t rules need some style cleanup, then I think we can look > at merging it with its current domain set. What type of style issues? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/