On Mon, 27 Sep 2004 04:28, Tom London <selinux(a)gmail.com> wrote:
That's not right, is it? Shouldn't cupsd be running in
cupsd_t?
Correct.
The following patch adds a
domain_auto_trans(hald_t, cupsd_exec_t, cupsd_t)
to cups.te
Good work, I've put that in my tree.
Also we should remove the can_exec_any() from hald.te ASAP, it's a time bomb
allowing large numbers of undesired programs to run in hald_t.
This makes the 'new' cupsd run in cupsd_t.
This doesn't fix everything, as there are still about 170 AVCs.
Do we need to add a bunch of 'domain_auto_trans' rules for
hald_t (for apmd_t, crond_t, ......)? dontaudits?
I'll look into that later.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page