On 9/26/2023 4:09 AM, Russell Coker wrote:
Regarding /usr/lib/NetworkManager/nm-dispatcher, you asked for more information when I submitted a patch changing the context. Currently it has type NetworkManager_initrc_exec_t which implies that it's part of a start script when it's really a program that's doing the actual work. Also that type means that when a laptop resumes from suspend it gets run in domain initrc_t which is not appropriate for it. We could have a domain_auto_trans for type NetworkManager_initrc_exec_t but I think it's more appropriate to give it a label that more accurately reflects it's use. What do you think Chris?
I agree that NetworkManager_initrc_exec_t doesn't fit. It could warrant its own domain, like audisp, but I'm unsure without more info about the types of access it needs. i.e. more specific info than is in the man page.
-- Chris PeBenito
