avc: smartcard token login
Dominick Grift
domg472 at gmail.com
Sun Dec 5 21:23:25 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/05/2010 10:18 PM, Mr Dash Four wrote:
>
>> In theory that would work since the policy is wrapped in a
>> optional_policy block.
>>
> Ah, right - something new I learned today then!
>
>> To be honest these modules (authlogin and locallogin) should not be in
>> base in the first place.
>>
>> I dont have them in base in my personal policy either:
>>
>> [root at localhost Desktop]$ semodule -l | grep authlogin
>> authlogin 2.2.0
>> [root at localhost Desktop]$ semodule -l | grep locallogin
>> locallogin 1.10.0
>>
> Yeah, but other modules (gdm for one, I think) is also 'base' and if you
> make locallogin as 'module' you will get that error too (I tried doing
> something like this this afternoon and soon realised that I will be in a
> world of hurt if I continue that path, so I prepared a separate module
> instead).
gdm should not be in base either:
semodule -l | grep xserver
xserver 3.4.2
I've been through this duplicate declaration/out of scope issues many
times. It is one of the reason that i maintain my own policy instead of
using fedoras' policy.
>
>> Stuffing everything in base just to work around some issue that should
>> be handled more appropriately is a bad idea in my opinion.
>>
>> If this patch does not work then not much else will work and policy is
>> fundamentally broken.
>>
> Hehe! I am sure you've tested it before sending this over. I'll do the
> same tomorrow and see how it goes.
>
Sorry, i have not tested it.
Yet, i am pretty sure it would work in my personal policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkz8As0ACgkQMlxVo39jgT/ZCgCfW75h55BiMEUcu30sqn0IoV9A
pDAAoMFcoiGHjEDyiCWBYcLZT62H2uh0
=NnRc
-----END PGP SIGNATURE-----
More information about the selinux
mailing list