From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 18 Feb 2018 11:13:56 -0500
Subject: [refpolicy] rawip_socket permissions
In-Reply-To: <1842426.p6FBhgQr0C@liv>
References: <3088676.kIsrdd9GrL@xev>
	<1fe28c0b-7dd2-fc61-85e3-df8b8cc27742@ieee.org>
	<1842426.p6FBhgQr0C@liv>
Message-ID: <e2ca8315-2f7d-b2e0-9ced-c3fba36715e4@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/16/2018 01:02 AM, Russell Coker wrote:
> On Friday, 16 February 2018 9:03:06 AM AEDT Chris PeBenito wrote:
>> I've hoped for better socket permission sets, but the verbs for the
>> permission set names elude me.  I'm open to suggestions, though I'd
>> prefer the permission sets include verbs (or their abbreviations, such
>> as "rw") to help convey meaning.
> 
> Is there a point in having a specific "rw" on rawip?  Having "rw" implies that
> something other than "rw" would be used, and does that make sense?  Do we have
> network sniffers having just read access?

I wasn't saying that there had to be a rw set, just providing an example.

-- 
Chris PeBenito