On 09/17/2015 04:43 AM, Alec Leamas
wrote:
Dear
list,
I maintain the lirc package. This is basically a daemon handling
IR remotes, adding some flexibility and functionality to the
kernel.
Recently we have moved from a model where the daemon runs as root
to running as a regular user. The test environment has been run
with selinux disabled, so we missed the selinux denials this
created. Now, I need to correct this - but I'm new to selinux and
somewhat lost..
Reading the docs I have created a simple-minded patch[1]. Has
anyone time to give it a look and provide some feedback, direct or
perhaps some better links than I have found [2]? The patch does
mute the AVC denials messages, but I guess there are other things
to think about (?)
Cheers!
--alec
[1] http://ur1.ca/nt44a
[2]
https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
You should just ask the upstream to adopt your policy and not ship
it yourself.
The way you did this, will actually break the system. Since used
the same name for
your policy as the one that is installed. Your lircd.pp will
replace the existing lircd.pp
causing the update to fail.
It is best to send this snippet to refpolicy@xxxxxxxxxxxxxx
-
+allow
lircd_t passwd_file_t:file { read getattr open };
-
+allow
lircd_t self:capability { setuid setgid dac_override };
|
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
