On Saturday 12 November 2005 02:47, Michael Sweet <mike(a)easysw.com> wrote:
I removed the non-CUPS rules because the mix of software makes
debugging and validating the CUPS policies that much harder, and it
makes sense to maintain the policies for separate projects
separately...
Firstly, please test your patches first. There is no name_connect access in
the unix_stream_socket class or a seteuid capability.
Please don't remove comments such as "this is not ideal, and allowing setattr
access to cupsd_etc_t is wrong". That's a design flaw in cupsd, eventually
we want to fix it. Removing the comment decreases the chance of such a
design flaw ever being corrected.
The hplip and ptal policies are OK in the same file as cups. They are
printer-specific programs. Having separate lpd and cups files is more of a
problem. As we seem to be moving away from the traditional lpd we will
probably change things in this regard.
When there is policy involving access between initrc_t and the domains/types
defined in a daemon policy file then this belongs in the policy file for the
daemon. Important files such as initrc.te should not have sections for all
the many daemons that need to interact with them.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page