From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 18 Feb 2018 11:13:56 -0500 Subject: [refpolicy] rawip_socket permissions In-Reply-To: <1842426.p6FBhgQr0C@liv> References: <3088676.kIsrdd9GrL@xev> <1fe28c0b-7dd2-fc61-85e3-df8b8cc27742@ieee.org> <1842426.p6FBhgQr0C@liv> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/16/2018 01:02 AM, Russell Coker wrote: > On Friday, 16 February 2018 9:03:06 AM AEDT Chris PeBenito wrote: >> I've hoped for better socket permission sets, but the verbs for the >> permission set names elude me. I'm open to suggestions, though I'd >> prefer the permission sets include verbs (or their abbreviations, such >> as "rw") to help convey meaning. > > Is there a point in having a specific "rw" on rawip? Having "rw" implies that > something other than "rw" would be used, and does that make sense? Do we have > network sniffers having just read access? I wasn't saying that there had to be a rw set, just providing an example. -- Chris PeBenito