avc: smartcard token login
Mr Dash Four
mr.dash.four at googlemail.com
Sun Dec 5 21:29:04 UTC 2010
> I've been through this duplicate declaration/out of scope issues many
> times. It is one of the reason that i maintain my own policy instead of
> using fedoras' policy.
>
I do something similar - for different machines (which have different
requirements) I have prepared separate patches based on the version of
the fedora policy used and I just apply them (looking for
failures/hunks) when a new version of the policy is released.
One of the things which annoys me no end in the fedora policy is using
the scatter-gun approach and granting access to the 'generic'
net/node/interface to a host of modules as well as granting access to
all 'client' packets. That is fundamentally wrong imo!
> Sorry, i have not tested it.
> Yet, i am pretty sure it would work in my personal policy.
>
I'll do that tomorrow when I have the chance!
More information about the selinux
mailing list