On 03/01/2010 06:46 PM, Scott Salley wrote: > I have a project with multiple daemons (around 6) which share many > common features (they access the network, create and maintain daemon > specific files, access random numbers, etc...), though they each deal > with a different set of tasks (monitoring network resources, providing > network file sharing services, providing network authentication > services, etc). > > > > Is it okay to use the interface file to define a set of common > properties for these daemons to avoid listing everything out for each > daemon? If not the interface file, then how should a common set of > patterns for these daemons be defined? > > > > I found listing the rules for each daemon to be bug prone and tedious. > > And you can also use attributes in interfaces. For example (from telepathy.if): ######################################## ## <summary> ## Send DBus messages to and from ## all Telepathy domains. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`telepathy_dbus_chat', ` gen_require(` attribute tp_domains; class dbus send_msg; ') allow $1 tp_domains:dbus send_msg; allow tp_domains $1:dbus send_msg; ') (from telepathy.te): optional_policy(` telepathy_dbus_chat(tp_domains) ') Meaning each domain type that has the tp_domains attribute assigned can dbus chat to each domain type that has the tp_domains attribute assigned. > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
