LinuxLists.cc - [refpolicy] services

2009-06-09 01:01:38

Subject: [refpolicy] services_ricci.patch

http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch

Lots of additional access required by ricci and friends.

2009-07-21 14:11:41

by cpebenito

[permalink] [raw]

Subject: [refpolicy] services_ricci.patch

On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
>
> Lots of additional access required by ricci and friends.

Merged except for the default_t access, which seems like a labeling
issue.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-07-21 14:41:42

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] services_ricci.patch

On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
>>
>> Lots of additional access required by ricci and friends.
>
> Merged except for the default_t access, which seems like a labeling
> issue.
>
I would like to remove all default_t access and remove the read_default_t boolean.
This is almost guaranteed to be a labeling problem.

2009-07-21 18:19:27

by cpebenito

[permalink] [raw]

Subject: [refpolicy] services_ricci.patch

On Tue, 2009-07-21 at 10:41 -0400, Daniel J Walsh wrote:
> On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
> >>
> >> Lots of additional access required by ricci and friends.
> >
> > Merged except for the default_t access, which seems like a labeling
> > issue.
> >
> I would like to remove all default_t access and remove the read_default_t boolean.

I can definitely agree with this.

> This is almost guaranteed to be a labeling problem.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-07-21 19:07:42

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] services_ricci.patch

On 07/21/2009 02:19 PM, Christopher J. PeBenito wrote:
> On Tue, 2009-07-21 at 10:41 -0400, Daniel J Walsh wrote:
>> On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
>>> On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
>>>>
>>>> Lots of additional access required by ricci and friends.
>>> Merged except for the default_t access, which seems like a labeling
>>> issue.
>>>
>> I would like to remove all default_t access and remove the read_default_t boolean.
>
> I can definitely agree with this.
>
>> This is almost guaranteed to be a labeling problem.
>
Go for it. I have it removed from rawhide now.