From: stefan@seekline.net (Stefan Schulze Frielinghaus)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] services_nut.patch
Date: Mon, 23 Nov 2009 17:04:30 +0100 [thread overview]
Message-ID: <1258992270.4516.13.camel@localhost> (raw)
In-Reply-To: <1258989561.27504.643.camel@gorn.columbia.tresys.com>
On Mon, 2009-11-23 at 10:19 -0500, Christopher J. PeBenito wrote:
> On Mon, 2009-11-23 at 15:36 +0100, Stefan Schulze Frielinghaus wrote:
> > On Mon, 2009-11-23 at 14:05 +0100, Miroslav Grepl wrote:
> > [...]
> > > > Another question, what is the intention of the following
> > > >
> > > > permissive upsd_t;
> > > > permissive upsdrvctl_t;
> > > > permissive upsmon_t;
> > > >
> > > > Does that make the domain permissive by default?
> > > Yes, it does. We add new domains to permissive so we can fix all the avc's without blocking of functionality apps.
> >
> > But not for refpolicy, right? I cannot find any such statement in the
> > policy modules of refpolicy. At least I wouldn't expect such a behavior
> > from modules of refpolicy. I guess we can remove those three lines.
> >
> > If you are fine with the merge of both policies then we can commit it
> > (after the port change of course).
>
> My policy is to not have permissive domains in upstream refpolicy. If
> the modules need more work the patch is dropped. Otherwise the
> permissive is dropped.
Yes, this is what I thought. Since I use the NUT policy for about a year
and it has some intersection with Miroslavs policy (he uses NUT with a
ups attached via USB and my via SNMP), I would say it is stable enough.
next prev parent reply other threads:[~2009-11-23 16:04 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-12 21:46 [refpolicy] services_nut.patch Daniel J Walsh
2009-11-16 14:31 ` Stefan Schulze Frielinghaus
2009-11-16 18:32 ` Daniel J Walsh
2009-11-22 14:59 ` Stefan Schulze Frielinghaus
2009-11-23 13:05 ` Miroslav Grepl
2009-11-23 14:36 ` Stefan Schulze Frielinghaus
2009-11-23 15:19 ` Christopher J. PeBenito
2009-11-23 16:04 ` Stefan Schulze Frielinghaus [this message]
2009-11-23 16:09 ` Stefan Schulze Frielinghaus
2009-11-23 17:17 ` Miroslav Grepl
2009-12-18 13:53 ` Christopher J. PeBenito
2009-12-21 10:14 ` Stefan Schulze Frielinghaus
2009-12-25 12:55 ` Stefan Schulze Frielinghaus
2010-01-29 16:20 ` Miroslav Grepl
2010-02-09 13:47 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 20:28 Daniel J Walsh
2010-02-24 15:53 ` Stefan Schulze Frielinghaus
2010-02-24 17:14 ` Daniel J Walsh
2010-02-26 9:00 ` Stefan Schulze Frielinghaus
2010-02-26 13:39 ` Daniel J Walsh
2010-02-26 14:23 ` Stefan Schulze Frielinghaus
2010-08-26 22:02 Daniel J Walsh
2010-09-15 13:16 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1258992270.4516.13.camel@localhost \
--to=stefan@seekline.net \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.