avc: smartcard token login
Dominick Grift
domg472 at gmail.com
Sun Dec 5 20:48:34 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/05/2010 09:41 PM, Mr Dash Four wrote:
>
>> add these two:
>>
>> openct_stream_connect(local_login_t)
>>
>> # assuming it may also want to stream connect to openct, in either case
>> this is the only existing interface that allows access to write
>> openct_var_run_t pid sock files.
>>
>> openct_signull(local_login_t)
>>
> There you go, thank you!
>
> There is one slight problem with this though - the above 3 macros
> (openct_read_pid_files, openct_stream_connect and openct_signull) CANNOT
> be directly inserted in locallogin.te as locallogin is a 'base' module
> (part of the policy) as openct is just a 'module' and if the above 3
> macros are in locallogin.te that will produce out-of-scope error, so I
> do not know how this is going to be resolved without additional module
> or doing something else - my knowledge is still not enough to figure it
> out...
>
report a bugzilla with this url, then hopefully it will get merged soon
into fedora and it will be fixed in a forthcoming update:
http://lists.fedoraproject.org/pipermail/selinux/2010-December/013292.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkz7+qIACgkQMlxVo39jgT+NPQCfUSig/GzyvwTwJepErSu5QtCQ
7vEAoIMgDhchr+8TA12kIlhwhGbTfI0i
=64Ao
-----END PGP SIGNATURE-----
More information about the selinux
mailing list