Gene Czarcinski wrote:
This is a bug caused by the user being unable to read policy_config_t files (file_context)
I do believe that the policy packages needs some work:
1. Cannot be built in a private build tree (this possibly caused the "policy." problem which is fixed in 1.9.2-11 ... we will see if it builds in the private tree by a regular user).
I'm not sure I see what the "bug" is here. A "regular user" should not be building the policy for a system. A user should be able to build a private copy of the policy (eg, for testing, analysis, etc), but these files should have regular user file labels (i.e., *not* policy_config_t or policy_src_t). Any user/domain should be able to run checkpolicy, but much thought and consideration needs to be given as to which domains may run checkpolicy in the checkpolicy_t domain. Maybe I'm reading too much into this?
David
-- __________________________________
David Caplan 410 290 1411 x105 dac@xxxxxxxxxx Tresys Technology, LLC 8840 Stanford Blvd., Suite 2100 Columbia, MD 21045