On 30 April 2015 at 12:35, Miroslav Grepl <mgrepl@xxxxxxxxxx> wrote: > >> > It looks good. Just I see > > /var/run/sslh(/.*)? > gen_context(system_u:object_r:sslh_var_run_t,s0) > > but I don't see rules for it. Also you should provide also sslh.if > policy file. > Ah I based this on the tor service for certain syntax ... I've not done any selinux policy writing with the new macros - only on EL5 during ex429 Since the tor te didn't have rules for this I assumed a macro picked it up to allow sysvinit based systems to write the pid... I'll amend and include appropriate rules there as well. On the EPEL side does policy get backported or should I update my EPEL package with the compiling of the pp in %build and include installing it in %install/%post? > I don't see a reason for > > /usr/lib/systemd/system/sslh@*.* -- > gen_context(system_u:object_r:sslh_unit_file_t,s0) > > which is covered by the previous decl. > That was my eyes glossing over the regex (I plan to include systemd templated versions in a future release). > If you provide also sslh.if we can review it at all and send possible > patches. > I'll put together an appropriate if to go along with these - the fc/te initial feedback request was just to make sure the main policy looked good and was consistent with current practices. > Thank you. > Thanks for your time and feedback -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
