On 12/21/2009 07:43 AM, Dominick Grift wrote: > On Mon, Dec 21, 2009 at 12:57:49PM +0100, Miroslav Grepl wrote: >> On 12/19/2009 10:51 AM, Dominick Grift wrote: >>> Attached is DenyHosts modules Based on the Fedora 12 DenyHosts package. >>> >>> Maintained here: git clone git://82.197.205.60/selinux-modules.git >>> >>> >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> From denyhosts.te: >> >> # /etc/hosts.deny >> files_rw_etc_files(denyhosts_t) >> >> Dominick, >> I believe we shouldn't add this permission to denyhosts. >> >> Dan, >> maybe other candidate for system_conf_t type as well as sysctl.conf. > > Agreed. Same could be said for /var/log/secure being generic var_log_t? >> >> Regards, >> Miroslav >> >> >> >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list Would net_conf_t make more sense? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list