* apps_uml changes
@ 2007-05-30 15:40 dwalsh
2007-06-11 14:04 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: dwalsh @ 2007-05-30 15:40 UTC (permalink / raw)
To: cpebenito; +Cc: selinux
Remove TODO
--- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-29 14:10:48.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/apps/uml.if 2007-05-30 09:25:53.000000000 -0400
@@ -193,33 +193,6 @@
nis_use_ypbind($1_uml_t)
')
- ifdef(`TODO',`
- # for X
- optional_policy(`
- ifelse($1, sysadm,`
- ',`
- optional_policy(`
- allow $1_uml_t xdm_xserver_tmp_t:dir search;
- ')
- allow $1_uml_t $1_xserver_tmp_t:sock_file write;
- allow $1_uml_t $1_xserver_t:unix_stream_socket connectto;
- ')
- ')
-
- optional_policy(`
- # for uml_net
- domain_auto_trans($1_uml_t, uml_net_exec_t, uml_net_t)
- allow uml_net_t $1_uml_t:unix_stream_socket { read write };
- allow uml_net_t $1_uml_t:unix_dgram_socket { read write };
- dontaudit uml_net_t privfd:fd use;
- can_access_pty(uml_net_t, $1_uml)
- dontaudit uml_net_t $1_uml_rw_t:dir { getattr search };
- ')
- #TODO
- optional_policy(`
- allow $1_uml_t $1_xauth_home_t:file { getattr read };
- ')
- ')
')
########################################
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: apps_uml changes
2007-05-30 15:40 apps_uml changes dwalsh
@ 2007-06-11 14:04 ` Christopher J. PeBenito
2007-06-11 14:10 ` Daniel J Walsh
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2007-06-11 14:04 UTC (permalink / raw)
To: dwalsh; +Cc: selinux
On Wed, 2007-05-30 at 11:40 -0400, dwalsh@redhat.com wrote:
> Remove TODO
Are you sure that none of these rules are needed?
> --- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-29 14:10:48.000000000 -0400
> +++ serefpolicy-3.0.1/policy/modules/apps/uml.if 2007-05-30 09:25:53.000000000 -0400
> @@ -193,33 +193,6 @@
> nis_use_ypbind($1_uml_t)
> ')
>
> - ifdef(`TODO',`
> - # for X
> - optional_policy(`
> - ifelse($1, sysadm,`
> - ',`
> - optional_policy(`
> - allow $1_uml_t xdm_xserver_tmp_t:dir search;
> - ')
> - allow $1_uml_t $1_xserver_tmp_t:sock_file write;
> - allow $1_uml_t $1_xserver_t:unix_stream_socket connectto;
> - ')
> - ')
> -
> - optional_policy(`
> - # for uml_net
> - domain_auto_trans($1_uml_t, uml_net_exec_t, uml_net_t)
> - allow uml_net_t $1_uml_t:unix_stream_socket { read write };
> - allow uml_net_t $1_uml_t:unix_dgram_socket { read write };
> - dontaudit uml_net_t privfd:fd use;
> - can_access_pty(uml_net_t, $1_uml)
> - dontaudit uml_net_t $1_uml_rw_t:dir { getattr search };
> - ')
> - #TODO
> - optional_policy(`
> - allow $1_uml_t $1_xauth_home_t:file { getattr read };
> - ')
> - ')
> ')
>
> ########################################
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: apps_uml changes
2007-06-11 14:04 ` Christopher J. PeBenito
@ 2007-06-11 14:10 ` Daniel J Walsh
0 siblings, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2007-06-11 14:10 UTC (permalink / raw)
To: Christopher J. PeBenito; +Cc: selinux
Christopher J. PeBenito wrote:
> On Wed, 2007-05-30 at 11:40 -0400, dwalsh@redhat.com wrote:
>
>> Remove TODO
>>
>
> Are you sure that none of these rules are needed?
>
>
No but I am sick of looking at them. Unless the UML developers/testers
come in and test it with ref policy, I am not sure we want to hang onto
these things indefinitely.
>> --- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-29 14:10:48.000000000 -0400
>> +++ serefpolicy-3.0.1/policy/modules/apps/uml.if 2007-05-30 09:25:53.000000000 -0400
>> @@ -193,33 +193,6 @@
>> nis_use_ypbind($1_uml_t)
>> ')
>>
>> - ifdef(`TODO',`
>> - # for X
>> - optional_policy(`
>> - ifelse($1, sysadm,`
>> - ',`
>> - optional_policy(`
>> - allow $1_uml_t xdm_xserver_tmp_t:dir search;
>> - ')
>> - allow $1_uml_t $1_xserver_tmp_t:sock_file write;
>> - allow $1_uml_t $1_xserver_t:unix_stream_socket connectto;
>> - ')
>> - ')
>> -
>> - optional_policy(`
>> - # for uml_net
>> - domain_auto_trans($1_uml_t, uml_net_exec_t, uml_net_t)
>> - allow uml_net_t $1_uml_t:unix_stream_socket { read write };
>> - allow uml_net_t $1_uml_t:unix_dgram_socket { read write };
>> - dontaudit uml_net_t privfd:fd use;
>> - can_access_pty(uml_net_t, $1_uml)
>> - dontaudit uml_net_t $1_uml_rw_t:dir { getattr search };
>> - ')
>> - #TODO
>> - optional_policy(`
>> - allow $1_uml_t $1_xauth_home_t:file { getattr read };
>> - ')
>> - ')
>> ')
>>
>> ########################################
>>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-06-11 14:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-30 15:40 apps_uml changes dwalsh
2007-06-11 14:04 ` Christopher J. PeBenito
2007-06-11 14:10 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.