From: jason@perfinion.com (Jason Zaman)
Date: Thu, 21 Dec 2017 00:53:30 +0800
Subject: [refpolicy] [PATCH 1/5] gssproxy: allow kerberos nfs filetrans
In-Reply-To: <a9ba02e1-7298-ad1e-57e2-451282cf53ad@ieee.org>
References: <20171213181722.28545-1-jason@perfinion.com>
	<a9ba02e1-7298-ad1e-57e2-451282cf53ad@ieee.org>
Message-ID: <20171220165330.GA9465@meriadoc.perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Dec 13, 2017 at 06:18:59PM -0500, Chris PeBenito wrote:
> On 12/13/2017 01:17 PM, Jason Zaman wrote:
> > ---
> >   gssproxy.te | 1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/gssproxy.te b/gssproxy.te
> > index c1dcc55..dc7f0e6 100644
> > --- a/gssproxy.te
> > +++ b/gssproxy.te
> > @@ -63,4 +63,5 @@ optional_policy(`
> >   	kerberos_manage_host_rcache(gssproxy_t)
> >   	kerberos_read_keytab(gssproxy_t)
> >   	kerberos_use(gssproxy_t)
> > +	kerberos_tmp_filetrans_host_rcache(gssproxy_t, file, "nfs_0")
> >   ')
> 
> Is there a reason it has to be limited to only nfs_0? I didn't notice 
> any type transition conflicts.

No reason other than bad copy paste, i've sent a new version.

-- Jason
> 
> -- 
> Chris PeBenito