hpoj?
Russell Coker
russell at coker.com.au
Wed Jul 21 06:45:15 UTC 2004
On Wed, 21 Jul 2004 04:15, Tom London <selinux at comcast.net> wrote:
> ifdef(`usbmodules.te', `
> r_dir_file(ptal_t, usbdevfs_t)
> ')
I think that the above will be needed even without usbmodules.te. Also note
that usbdevfs_t is defined in types/file.te so you won't have any compile
errors, which is the main reason for ifdef's. I'll add that to my policy
without the ifdef.
> file_type_auto_trans(ptal_t, var_run_t, ptal_var_run_t)
This isn't what we want. It allows ptal_t to directly create sock_file,
lnk_file, fifo_file, and dir entries under /var/run which is more access than
it needs. Fixing the bug in cups.fc as described in my previous message will
solve the problem.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list