>> Is 'rw_fifo_file_perms' custom-defined somewhere?
>>
>> All I can see on the fifo_file is { append create execute getattr ioctl
>> link lock mounton quotaon read relabelfrom relabelto rename setattr
>> swapon unlink write }, of which, 'read' and 'write' are the relevant
>> ones. If I do 'allow voip_sandbox_t self:fifo_file { read write }' would
>> that be the same thing or am I missing something?
>>
>
> http://oss.tresys.com/projects/refpolicy/browser/policy/support/obj_perm_sets.spt
>
> line 241:
>
> define(`rw_fifo_file_perms',`{ getattr open read write append ioctl lock }')
>
> Basically a set of common permissions to read and write fifo files. Not
> quite the same as just { read write } but not too excessive either.
>
That would do, thanks!
> I always use "macros" where ever possible that will make policy
> maintenance much easier.
>
Maintenance - yes, but finding where it comes from and what it does
(essential for people like me!) is a right nightmare!
Every time I stumble across something like this I have to do a 'grep' on
the whole serefpolicy directory to see where it comes from and what it
does - this does take time and I find it very frustrating, not to
mention that this search is not always successful (there are macros with
$1 and $2 in their names and finding this is not as straight forward job
as it first seems!)
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
