From: russell@coker.com.au (Russell Coker) Date: Fri, 16 Feb 2018 17:02:38 +1100 Subject: [refpolicy] rawip_socket permissions In-Reply-To: <1fe28c0b-7dd2-fc61-85e3-df8b8cc27742@ieee.org> References: <3088676.kIsrdd9GrL@xev> <1fe28c0b-7dd2-fc61-85e3-df8b8cc27742@ieee.org> Message-ID: <1842426.p6FBhgQr0C@liv> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Friday, 16 February 2018 9:03:06 AM AEDT Chris PeBenito wrote: > I've hoped for better socket permission sets, but the verbs for the > permission set names elude me. I'm open to suggestions, though I'd > prefer the permission sets include verbs (or their abbreviations, such > as "rw") to help convey meaning. Is there a point in having a specific "rw" on rawip? Having "rw" implies that something other than "rw" would be used, and does that make sense? Do we have network sniffers having just read access? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/