Creating and packaging a new policy module
Dominick Grift
dominick.grift at gmail.com
Thu Aug 22 07:25:45 UTC 2013
On Thu, 2013-08-22 at 06:33 +0000, Juan Orti Alcaine wrote:
> El 2013-08-20 11:13, Dominick Grift escribió:
> > upstream will probably only accept it with the use of a
> > dadvd_domtrans()
> > but for your solution for now you could do something like this:
> >
> > optional_policy(`
> > gen_require(`
> > type radvd_exec_t, radvd_t;
> > ')
> > domtrans_pattern(gogoc_t, radvd_exec_t, radvd_t)
> > ')
> >
>
> I have updated the policy, could you please take a look at it and give
> me your oppinion?
sysnet_exec_ifconfig(gogoc_t)
its probably worth considering a domain transition to ifconfig instead
because:
allow gogoc_t self:capability { net_admin net_raw kill };
Are probably needed by ifconfig, and by running ifconfig in the ifconfig
domain, you might be able to remove these permissions from gogoc_t
However if you do decide to domain transition to ifconfig then its
probably a good idea to start all over, since other permissions you
added for gogoc_t might no longer be needed because they were added for
ifconfig
>
> http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.te
> http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.if
> http://pkgs.fedoraproject.org/cgit/gogoc.git/tree/gogoc.fc
>
> Thank you,
> Juan.
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list