The attached patch moves the xconsole policy to logging.pp from the xserver
policy. It's more about logging than the X server and there are a lot of
systems which have syslogd configured to write to /dev/xconsole but that have
no X server installed.
Also included some changes to init.te which are specific to Debian and
Postfix.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xconsole.diff
Type: text/x-patch
Size: 7326 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20111107/d15d58c7/attachment.bin
On 11/07/11 07:46, Russell Coker wrote:
> The attached patch moves the xconsole policy to logging.pp from the xserver
> policy. It's more about logging than the X server and there are a lot of
> systems which have syslogd configured to write to /dev/xconsole but that have
> no X server installed.
I'm afraid I don't agree; its still associated with display on X, even without a functioning X server. When you say that there are lot of systems with syslogd using xconsole, are you referring to Debian systems? The last time I remember seeing any system using xconsole in any fashion was a long time ago, but I don't use Debian.
> Also included some changes to init.te which are specific to Debian and
> Postfix.
It looks like there are some problems with encapsulation breakage and whitespace errors (spaces vs tabs).
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Wed, 9 Nov 2011, "Christopher J. PeBenito" <[email protected]> wrote:
> On 11/07/11 07:46, Russell Coker wrote:
> > The attached patch moves the xconsole policy to logging.pp from the
> > xserver policy. It's more about logging than the X server and there are
> > a lot of systems which have syslogd configured to write to /dev/xconsole
> > but that have no X server installed.
>
> I'm afraid I don't agree; its still associated with display on X, even
> without a functioning X server.
Or any other process running as root or the adm group that is configured to
read it.
> When you say that there are lot of
> systems with syslogd using xconsole, are you referring to Debian systems?
Yes, syslogd is configured to write to it regardless of whether X is
installed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/