hpoj?

Russell Coker russell at coker.com.au
Wed Jul 21 06:45:15 UTC 2004


On Wed, 21 Jul 2004 04:15, Tom London <selinux at comcast.net> wrote:
> ifdef(`usbmodules.te', `
> r_dir_file(ptal_t, usbdevfs_t)
> ')

I think that the above will be needed even without usbmodules.te.  Also note 
that usbdevfs_t is defined in types/file.te so you won't have any compile 
errors, which is the main reason for ifdef's.  I'll add that to my policy 
without the ifdef.

> file_type_auto_trans(ptal_t, var_run_t, ptal_var_run_t)

This isn't what we want.  It allows ptal_t to directly create sock_file, 
lnk_file, fifo_file, and dir entries under /var/run which is more access than 
it needs.  Fixing the bug in cups.fc as described in my previous message will 
solve the problem.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



More information about the selinux mailing list