Re: Creating and packaging a new policy module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2013-08-22 at 06:33 +0000, Juan Orti Alcaine wrote:
> El 2013-08-20 11:13, Dominick Grift escribió:
> > upstream will probably only accept it with the use of a 
> > dadvd_domtrans()
> > but for your solution for now you could do something like this:
> > 
> > optional_policy(`
> > gen_require(`
> > 	type radvd_exec_t, radvd_t;
> > ')
> > domtrans_pattern(gogoc_t, radvd_exec_t, radvd_t)
> > ')
> > 
> 
> I have updated the policy, could you please take a look at it and give 
> me your oppinion?

sysnet_exec_ifconfig(gogoc_t)

its probably worth considering a domain transition to ifconfig instead
because:

allow gogoc_t self:capability { net_admin net_raw kill };

Are probably needed by ifconfig, and by running ifconfig in the ifconfig
domain, you might be able to remove these permissions from gogoc_t

However if you do decide to domain transition to ifconfig then its
probably a good idea to start all over, since other permissions you
added for gogoc_t might no longer be needed because they were added for
ifconfig

> 
> http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.te
> http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.if
> http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.fc
> 
> Thank you,
> Juan.
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux