On Wed, 2004-09-01 at 07:33, Stephen Smalley wrote:
These permissions shouldn't be granted directly to the user
domains. We
need per-userdomain dbusd domains defined via a macro for the
per-session message bus.
BTW, note that in the rawhide policy, Dan (or someone) has added a
domain_auto_trans(userdomain, dbusd_exec_t, dbusd_t) to dbusd.te as a
workaround so that the per-session bus daemons also run in dbusd_t, but
that isn't truly what we want in the long term.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency