On Mon, 2008-08-04 at 14:35 +0200, david@xxxxxxxxxxx wrote:
> plain text document attachment (policy_modules_kernel_terminal.patch)
> Additional permissions for server ptynodes
I have to reject this. server_ptynode is not a generic pty.
> Index: refpolicy/policy/modules/kernel/terminal.if
> ===================================================================
> --- refpolicy.orig/policy/modules/kernel/terminal.if 2008-08-03 16:46:56.000000000 +0200
> +++ refpolicy/policy/modules/kernel/terminal.if 2008-08-03 18:01:38.000000000 +0200
> @@ -525,11 +525,13 @@
> interface(`term_use_generic_ptys',`
> gen_require(`
> type devpts_t;
> + attribute server_ptynode;
> ')
>
> dev_list_all_dev_nodes($1)
> allow $1 devpts_t:dir list_dir_perms;
> allow $1 devpts_t:chr_file { rw_term_perms lock append };
> + allow $1 server_ptynode:chr_file { getattr read write ioctl };
> ')
>
> ########################################
> @@ -547,9 +549,11 @@
> interface(`term_dontaudit_use_generic_ptys',`
> gen_require(`
> type devpts_t;
> + attribute server_ptynode;
> ')
>
> dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
> + dontaudit $1 server_ptynode:chr_file { getattr read write ioctl };
> ')
>
> ########################################
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
