On Tue, Jun 17, 2008 at 10:39 AM, Christopher J. PeBenito <cpebenito@xxxxxxxxxx> wrote: > On Tue, 2008-06-17 at 09:46 -0500, Xavier Toth wrote: >> I'm seeing AVCs related to netlink_audit_socket when the screen saver >> dialog is run. gnome-screensaver-dialog opens a pam session which uses >> pam_unix which in turn runs the unix_chkpwd helper. I'm thinking that >> gnome-screensaver-dialog is going to need some policy including >> possibly authlogin_common_auth_domain_template. > > I'm not 100% clear, is the auditing happening from unix_chkpwd or the > screensaver proper? > I'm sure that it is unix_chkpwd that is auditing and not gnome-screensaver-dialog. >> Would it be best to add policy for this to gnome or should it have >> it's own module? > > The gnome module is for policies for core gnome components. > Unfortunately "core component" isn't really well defined at the moment. > But I've been thinking about it since Dan has a gnome clock applet > policy since it can set the clock. If we had a better idea what pieces > needed their own domain, it'd be easier to make a decision. Something > like dbus doesn't fit since its useful outside of gnome. Yes there may be other gnome apps that need policy but I don't know which at this point. > > -- > Chris PeBenito > Tresys Technology, LLC > (410) 290-1411 x150 > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
