http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_podsleuth.patch
Lots of policy fixes for podsleuth.
Add interface to run podsleuth within a role
podsleuth uses tmpfs, tmp and cache
Needs to deal with nfs and dos file systems
Can be started by dbus, runs as a mono app
On Thu, 2009-05-21 at 11:03 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_podsleuth.patch
>
> Lots of policy fixes for podsleuth.
>
> Add interface to run podsleuth within a role
>
> podsleuth uses tmpfs, tmp and cache
>
> Needs to deal with nfs and dos file systems
>
> Can be started by dbus, runs as a mono app
Merged except for the nfs and raw disk access, for which I need
additional explanation.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 11:03 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_podsleuth.patch
>>
>> Lots of policy fixes for podsleuth.
>>
>> Add interface to run podsleuth within a role
>>
>> podsleuth uses tmpfs, tmp and cache
>>
>> Needs to deal with nfs and dos file systems
>>
>> Can be started by dbus, runs as a mono app
>
> Merged except for the nfs and raw disk access, for which I need
> additional explanation.
>
I agree remove the raw disk, I will also.
In RHEL5 and probably older versions of Fedora, we labeled
genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
These have been changed to dosfs_t, so I think you can ignore both and I will remove them.