avc: smartcard token login

Dominick Grift domg472 at gmail.com
Sun Dec 5 21:23:25 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/05/2010 10:18 PM, Mr Dash Four wrote:
> 
>> In theory that would work since the policy is wrapped in a
>> optional_policy block.
>>   
> Ah, right - something new I learned today then!
> 
>> To be honest these modules (authlogin and locallogin) should not be in
>> base in the first place.
>>
>> I dont have them in base in my personal policy either:
>>
>> [root at localhost Desktop]$ semodule -l | grep authlogin
>> authlogin    2.2.0   
>> [root at localhost Desktop]$ semodule -l | grep locallogin
>> locallogin    1.10.0   
>>   
> Yeah, but other modules (gdm for one, I think) is also 'base' and if you
> make locallogin as 'module' you will get that error too (I tried doing
> something like this this afternoon and soon realised that I will be in a
> world of hurt if I continue that path, so I prepared a separate module
> instead).

gdm should not be in base either:

semodule -l | grep xserver
xserver	3.4.2	

I've been through this duplicate declaration/out of scope issues many
times. It is one of the reason that i maintain my own policy instead of
using fedoras' policy.

> 
>> Stuffing everything in base just to work around some issue that should
>> be handled more appropriately is a bad idea in my opinion.
>>
>> If this patch does not work then not much else will work and policy is
>> fundamentally broken.
>>   
> Hehe! I am sure you've tested it before sending this over. I'll do the
> same tomorrow and see how it goes.
> 

Sorry, i have not tested it.
Yet, i am pretty sure it would work in my personal policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkz8As0ACgkQMlxVo39jgT/ZCgCfW75h55BiMEUcu30sqn0IoV9A
pDAAoMFcoiGHjEDyiCWBYcLZT62H2uh0
=NnRc
-----END PGP SIGNATURE-----


More information about the selinux mailing list