On Sat, Jun 15, 2019 at 03:24:03PM -0400, Chris PeBenito wrote:
> On 6/15/19 1:58 PM, Dominick Grift wrote:
> > On Sat, Jun 15, 2019 at 12:08:16PM -0400, Chris PeBenito wrote:
> > > On 6/10/19 10:20 AM, Alexander Miroshnichenko wrote:
>
> > > > +allow lldpd_t self:process { fork signal_perms };
> > > > +allow lldpd_t self:fifo_file rw_fifo_file_perms;
> > > > +allow lldpd_t self:unix_stream_socket { accept listen };
> > >
> > > These perms should probably be create_stream_socket_perms.
> >
> > the other permissions are already provided with logging_send_syslog_msg() so would be reduntant
>
> This is true. However,the syslog socket is not the only socket in use.
> Since it also listens on its own stream socket, the
> create_stream_socket_perms more clearly shows the intent.
The compiler will remove the duplicate rules, and yes the intent is more clear.
It just feels strange writing and reading duplicate policy.
>
>
> --
> Chris PeBenito
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
Attachment:
signature.asc
Description: PGP signature
