On 08/22/2013 09:25 AM, Dominick Grift wrote:
On Thu, 2013-08-22 at 06:33 +0000, Juan Orti Alcaine wrote:
El 2013-08-20 11:13, Dominick Grift escribió:
upstream will probably only accept it with the use of a
dadvd_domtrans()
but for your solution for now you could do something like this:
optional_policy(`
gen_require(`
type radvd_exec_t, radvd_t;
')
domtrans_pattern(gogoc_t, radvd_exec_t, radvd_t)
')
I have updated the policy, could you please take a look at it and give
me your oppinion?
sysnet_exec_ifconfig(gogoc_t)
its probably worth considering a domain transition to ifconfig instead
because:
allow gogoc_t self:capability { net_admin net_raw kill };
Are probably needed by ifconfig, and by running ifconfig in the ifconfig
domain, you might be able to remove these permissions from gogoc_t
However if you do decide to domain transition to ifconfig then its
probably a good idea to start all over, since other permissions you
added for gogoc_t might no longer be needed because they were added for
ifconfig
Yes, basically it could be decided from AVC msgs which you were getting.
http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.te
http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.if
http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.fc
Thank you,
Juan.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
