On 04/28/11 10:50, Dominick Grift wrote:
> On 04/28/2011 04:03 PM, Elia Pinto wrote:
>
>> +/usr/bin/atopd -- gen_context(system_u:object_r:atopd_exec_t,s0)
>> +/usr/bin/atop -- gen_context(system_u:object_r:atopd_exec_t,s0)
>
> Might want to consider running the daemon and client in seperate domains.
Dominick has given a good review. The above is my biggest concern with
the module. However, my guess would be that the client is probably best
left without a domain transition (i.e. run atop in the user's domain),
but there doesn't seem to be any added rules for client, so I'm not sure.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com