On Mon, 16 Mar 2009, Martin Orr <martin@xxxxxxxxxxxxxx> wrote:
> +domain_read_all_domains_state(system_dbusd_t)
Do we really want all domains? I think it will do to allow system_dbusd_t to
read all domains that talk to it.
Why not modify dbus_system_bus_client() to have something like the following?
allow system_dbusd_t $2:dir search;
allow system_dbusd_t $2:file read_file_perms;
--
russell@xxxxxxxxxxxx
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
