avc: smartcard token login
Mr Dash Four
mr.dash.four at googlemail.com
Sun Dec 5 20:41:24 UTC 2010
> add these two:
>
> openct_stream_connect(local_login_t)
>
> # assuming it may also want to stream connect to openct, in either case
> this is the only existing interface that allows access to write
> openct_var_run_t pid sock files.
>
> openct_signull(local_login_t)
>
There you go, thank you!
There is one slight problem with this though - the above 3 macros
(openct_read_pid_files, openct_stream_connect and openct_signull) CANNOT
be directly inserted in locallogin.te as locallogin is a 'base' module
(part of the policy) as openct is just a 'module' and if the above 3
macros are in locallogin.te that will produce out-of-scope error, so I
do not know how this is going to be resolved without additional module
or doing something else - my knowledge is still not enough to figure it
out...
More information about the selinux
mailing list