avc: smartcard token login
Dominick Grift
domg472 at gmail.com
Sun Dec 5 20:52:42 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/05/2010 09:41 PM, Mr Dash Four wrote:
>
>> add these two:
>>
>> openct_stream_connect(local_login_t)
>>
>> # assuming it may also want to stream connect to openct, in either case
>> this is the only existing interface that allows access to write
>> openct_var_run_t pid sock files.
>>
>> openct_signull(local_login_t)
>>
> There you go, thank you!
>
> There is one slight problem with this though - the above 3 macros
> (openct_read_pid_files, openct_stream_connect and openct_signull) CANNOT
> be directly inserted in locallogin.te as locallogin is a 'base' module
> (part of the policy) as openct is just a 'module' and if the above 3
> macros are in locallogin.te that will produce out-of-scope error, so I
> do not know how this is going to be resolved without additional module
> or doing something else - my knowledge is still not enough to figure it
> out...
>
Do any other login programs need this as well? i am thinking of gdm,
sshd etc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkz7+5oACgkQMlxVo39jgT/L5ACfVqDXuQ130xJIcqTEW7xLx6NN
44gAnil/mRs2YDMRYJrGQmRjrPQm9W3h
=dXbK
-----END PGP SIGNATURE-----
More information about the selinux
mailing list