On Wed, 21 Jul 2004 04:15, Tom London <selinux@xxxxxxxxxxx> wrote: > ifdef(`usbmodules.te', ` > r_dir_file(ptal_t, usbdevfs_t) > ') I think that the above will be needed even without usbmodules.te. Also note that usbdevfs_t is defined in types/file.te so you won't have any compile errors, which is the main reason for ifdef's. I'll add that to my policy without the ifdef. > file_type_auto_trans(ptal_t, var_run_t, ptal_var_run_t) This isn't what we want. It allows ptal_t to directly create sock_file, lnk_file, fifo_file, and dir entries under /var/run which is more access than it needs. Fixing the bug in cups.fc as described in my previous message will solve the problem. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
