From: guido@trentalancia.net (Guido Trentalancia)
Date: Sat, 26 Nov 2016 16:49:09 +0100
Subject: [refpolicy] [PATCH] Apache OpenOffice module
In-Reply-To: <cd596863-baf6-119b-c6d6-f5c4514fca7b@gmail.com>
References: <1480113700.5692.4.camel@trentalancia.net>
	<cd596863-baf6-119b-c6d6-f5c4514fca7b@gmail.com>
Message-ID: <1480175349.13653.3.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello again...

On Sat, 26/11/2016 at 14.53 +0100, Dominick Grift via refpolicy wrote:
> On 11/25/2016 11:41 PM, Guido Trentalancia via refpolicy wrote:

[...]

> > +##############################
> > +#
> > +# Openoffice local policy
> > +#
> > +
> > +allow ooffice_t self:process { execmem signal };
> > +allow ooffice_t self:shm create_shm_perms;
> > +allow ooffice_t self:udp_socket create_socket_perms;
> 
> the above indicated that it is probably an nss client
> (auth_use_nsswitch())

Actually, auth_use_nsswitch() is probably too permissive and not
needed, I think sysnet_dns_name_resolve() is more than enough...

So, I am probably going to change it like that.

Regards,

Guido