On Aug 18, 2009, at 11:17, Dominick Grift wrote:
try this rule instead of the domtrans_pattern():
can_exec(racoon_t, setkey_exec_t)
Thanks, that did the trick.
Everything seems to be fine now with enforcing turned fully back on.
Here's for reference the myracoon.te we ended up with, in case it
helps somebody else too:
policy_module(myracoon, 0.0.4)
require { type racoon_t, setkey_exec_t; }
auth_read_shadow(racoon_t)
can_exec(racoon_t, setkey_exec_t)
fs_dontaudit_getattr_xattr_fs(racoon_t)
type racoon_tmp_t;
files_tmp_file(racoon_tmp_t)
manage_dirs_pattern(racoon_t, racoon_tmp_t, racoon_tmp_t)
manage_files_pattern(racoon_t, racoon_tmp_t, racoon_tmp_t)
files_tmp_filetrans(racoon_t, racoon_tmp_t, { dir file })
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
