On 7/23/07, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
Ok, I have removed the hald_t memory_device part:On Mon, 2007-07-23 at 09:23 -0500, Justin Conover wrote:
>
>
> On 7/23/07, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Mon, 2007-07-23 at 09:09 -0500, Justin Conover wrote:
> > I'm not sure if there is a regular selinux mailing list or
> not, I
> > mainly use Fedora but thought someone here might be able to
> help.
>
> http://www.nsa.gov/selinux/info/list.cfm
>
>
> Thank you, I saw that list but it said "SELinux Developers mailing
> list" and I'm not a developer so I thought that excluded me :)
Nope.
> So if I remove the rule entirely, does that mean take it out of
> local.te? The parts talking about hald.
Only one that is relevant to this assertion is the one between hald_t
and memory_device_t.
--
Stephen Smalley
National Security Agency
comatose:~# grep hald local.te
type hald_t;
#============= hald_t ==============
#allow hald_t memory_device_t:chr_file read;
allow hald_t var_t:file { read getattr };
comatose:~# checkmodule -M -m -o local.mod local.te
checkmodule: loading policy configuration from local.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 6) to local.mod
comatose:~# semodule_package -o local.pp -m local.mod
comatose:~# semodule -i local.pp
comatose:~#
Another question, does doing this audit2allow method sort of mean "I have no idea what I'm doing, so allow it all", or is that why it caught the hald_t memory portion and said NO, don't do this!
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
