Re: Yubikey policy for review

Miroslav Grepl <mgrepl@xxxxxxxxxx> · Wed, 02 Apr 2014 15:53:21 +0200

    On 04/02/2014 03:44 PM, Miroslav Grepl
      wrote:

      On 04/02/2014 03:38 PM, Miroslav
        Grepl wrote:

        On 04/02/2014 02:34 PM, Daniel J
          Walsh wrote:

          Sometimes it is better to keep the complexity of the policy
          down, rather then a minor increase in security.

          On 04/01/2014 07:53 PM, William
            Brown wrote:

            Hi,

I have made the changes to the policy as suggested my Miroslav.

The reason I initially made two boolean's rather than one, is that OTP
doesn't need the permissions granted by CHAP, and vice versa.

            --
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

          --
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

        Yes. 

        I like the latest version ... going to add it.

        --
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

      Actually I am adding it with some modifications.

      --
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

    I added fixes.

    commit 831622bbe63dc7778d2000f0228e2373f7913a0e

    Author: Miroslav Grepl <mgrepl@xxxxxxxxxx>

    Date:   Wed Apr 2 15:51:58 2014 +0200

        Add additional fixes for yubikeys based on
    william@xxxxxxxxxxxxxxx

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux