Arjan van de Ven wrote:
Might need to change xorg.conf to etc_runtime_t?
I would hate to see us making our selinux policy less secure for an
external, not shipped, binary kernel module.
I would agree with you generally but this particular module is
widespread and end users are likely to turn off SELinux altogether when
they hit problems with it. We might have to consider the balance for
this one carefully. Maybe provide a well documented SELinux boolean
which can be optionally enabled by end users installing the kernel
module while keeping the defaults more secure
regards
Rahul