On Thu, 2005-07-21 at 21:42 +1000, Russell Coker wrote: > The attached patch is needed for correct functionality of ainit with the > latest strict policy when running reasonably recent rawhide packages. > > Is this really what we want? Having a system process allocate shared memory > that can be used by any user processes? Also it seems likely that other > sound programs will need to access the shared memory in question. Not a good idea. Look at nscd handling for its shmem interface; we use an attribute to allow certain domains such access, but most domains are limited to the socket IPC-based interface. This program should likewise have some kind of fallback to an IPC-based interface if the shmem interface isn't allowed. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
