[refpolicy] kernel_files.patch

[refpolicy] kernel_files.patch

[Daniel J Walsh]

http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_files.patch

Additional files labels


additional interfaces to be used by domains

[refpolicy] kernel_files.patch

[Christopher J. PeBenito]

On Thu, 2009-11-12 at 16:01 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_files.patch
> 
> Additional files labels
> 
> 
> additional interfaces to be used by domains

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] kernel_files.patch

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch

Add system_conf_t for handling iptables/firewall tools.

Added /rhev directory

label /sys

other fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx27vwACgkQrlYvE4MpobPW6gCeM3UYco36GIT17Zae6x35rUC8
YOQAnR1Kr2gmS+JsV+JIIduwrdOo0iMg
=5bnh
-----END PGP SIGNATURE-----

[refpolicy] kernel_files.patch

[Daniel J Walsh]

http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch

Files created in / I label as etc_runtime_t, we have never come up with 
a better label.



Miroslav added system_conf_t so firewall apps could edit these files

Redhat does want /usr/local/src labeled src_t or /usr/src for that matter

Fix labels on chroot environments

[refpolicy] kernel_files.patch

[Christopher J. PeBenito]

On Wed, 2010-06-02 at 16:22 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
> 
> Files created in / I label as etc_runtime_t, we have never come up with 
> a better label.

I think that you couldn't come up with a better label because there is
no good label.  There isn't a standard concept of what files created in
the root directory are.

> Miroslav added system_conf_t so firewall apps could edit these files

I'm still thinking about this one.  It still seems weird, but I'm not
sure why.

> Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
> 
> Fix labels on chroot environments

Otherwise merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] kernel_files.patch

[Daniel J Walsh]

On 06/09/2010 09:09 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 16:22 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
>>
>> Files created in / I label as etc_runtime_t, we have never come up with
>> a better label.
>
> I think that you couldn't come up with a better label because there is
> no good label.  There isn't a standard concept of what files created in
> the root directory are.
>
>> Miroslav added system_conf_t so firewall apps could edit these files
>
> I'm still thinking about this one.  It still seems weird, but I'm not
> sure why.
>
>> Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
>>
>> Fix labels on chroot environments
>
> Otherwise merged.
>

I figured out what the kernel_stream_connect was.  Plymouthd runs in the 
initrd and when xdm or boot is complete,  It sends a message to tell the 
plymouthd to stop running.

[refpolicy] kernel_files.patch

[Daniel J Walsh]

http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch

New file context

Lots of new interfaces

[refpolicy] kernel_files.patch

[Christopher J. PeBenito]

On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
> 
> New file context
> 
> Lots of new interfaces

* need explanation as to why boot_t would be a device node.
* need additional explanation as to the purpose of system_conf_t.
* the files_relabel_all_files() change is still rejected, since block
and chr files should have regular file types.
* the the files-delete_isid_type_files() additions need their own
interfaces instead.
* same thing for files_delete_usr_files()
* the files_read_usr_files() change is excessive
* files_search_var_log() is wrong, var_log_t doesn't belong to the files
module.  There is already an equivalent interface in logging.
* the concept of files_dump_core() is wrong.  Applications do core dumps
in the current directory, and services just happen to "cd /" at the
start.  It doesn't make sense for other domains.
* files_create_default_dir() needs to be 2 interfaces.
* I don't even know what to make of files_boot().

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] kernel_files.patch

[Christopher J. PeBenito]

On Thu, 2010-03-04 at 14:08 -0500, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> > http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
> > 
> > New file context
> > 
> > Lots of new interfaces
> 
[...]
> * the files_relabel_all_files() change is still rejected, since block
> and chr files should have regular file types.

That is, they should *not* have regular file types.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] kernel_files.patch

[Daniel J Walsh]

On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
>    
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>>
>> New file context
>>
>> Lots of new interfaces
>>      
> * need explanation as to why boot_t would be a device node.
>    
I can't find why.  Might be some bizarro ia64 type machine.  I will 
remove and see if it comes back
> * need additional explanation as to the purpose of system_conf_t.
>    
Miroslav has this one.  It has to do with system-config-firewall.

> * the files_relabel_all_files() change is still rejected, since block
> and chr files should have regular file types.
>    
This one comes about because of mkinitd being run by rpm in post installs.
Which does not happen any longer but I do not see what the benifit of 
turning this off.
We have several tools like mock, liveusb_creator, kernel make etc that 
are going to create blk_files
and chr_files in places like /tmp that might run a cp -p or some other 
tool that is going to try to relabel.

> * the the files-delete_isid_type_files() additions need their own
> interfaces instead.
>    
Fixed
> * same thing for files_delete_usr_files()
>    
Removed
> * the files_read_usr_files() change is excessive
>    
Ok can we remove src_t altogether then.  It just seems to cause bugs and 
I see no reason for this label.

It's only reason for being is to create AVC messages.
./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
./policy/modules/system/userdomain.if:    
files_read_usr_src_files($1_usertype)
./policy/modules/system/userdomain.if:    files_exec_usr_src_files($1_t)
./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
./policy/modules/system/modutils.te:    
files_getattr_usr_src_files(update_modules_t)
./policy/modules/kernel/files.if:    files_read_usr_src_files($1)
./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
./policy/modules/admin/portage.if:    files_exec_usr_src_files($1)

Only one of these you might care about is portage.if,  if that is the 
case then I will eliminate the label from RedHat labeling.

> * files_search_var_log() is wrong, var_log_t doesn't belong to the files
> module.  There is already an equivalent interface in logging.
>    
Removed
> * the concept of files_dump_core() is wrong.  Applications do core dumps
> in the current directory, and services just happen to "cd /" at the
> start.  It doesn't make sense for other domains.
>    
Fine I need a domain for creating files in the / directory which I can 
then allow daemon to do.
Do you want to call this files_manage_root?

> * files_create_default_dir() needs to be 2 interfaces.
>    
Added files_root_filetrans_default
> * I don't even know what to make of files_boot().
>
>    
I think this is caused by early boot of the kernel, /dev/ gets labeled 
boot_t until it gets relabeled in the initrc scripts.  Might not exist 
any longer with the move to dracut.

I will remove and see what happens.

Most people run an unconfined_domain(kernel_t) anyways.

[refpolicy] kernel_files.patch

[Daniel J Walsh]

On 03/05/2010 11:46 AM, Daniel J Walsh wrote:
> On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
>    
>> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
>>
>>      
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>>>
>>> New file context
>>>
>>> Lots of new interfaces
>>>
>>>        
>> * need explanation as to why boot_t would be a device node.
>>
>>      
> I can't find why.  Might be some bizarro ia64 type machine.  I will
> remove and see if it comes back
>    
>> * need additional explanation as to the purpose of system_conf_t.
>>
>>      
> Miroslav has this one.  It has to do with system-config-firewall.
>
>    
>> * the files_relabel_all_files() change is still rejected, since block
>> and chr files should have regular file types.
>>
>>      
> This one comes about because of mkinitd being run by rpm in post installs.
> Which does not happen any longer but I do not see what the benifit of
> turning this off.
> We have several tools like mock, liveusb_creator, kernel make etc that
> are going to create blk_files
> and chr_files in places like /tmp that might run a cp -p or some other
> tool that is going to try to relabel.
>
>    
>> * the the files-delete_isid_type_files() additions need their own
>> interfaces instead.
>>
>>      
> Fixed
>    
>> * same thing for files_delete_usr_files()
>>
>>      
> Removed
>    
>> * the files_read_usr_files() change is excessive
>>
>>      
> Ok can we remove src_t altogether then.  It just seems to cause bugs and
> I see no reason for this label.
>
> It's only reason for being is to create AVC messages.
> ./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
> ./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
> ./policy/modules/system/userdomain.if:
> files_read_usr_src_files($1_usertype)
> ./policy/modules/system/userdomain.if:    files_exec_usr_src_files($1_t)
> ./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
> ./policy/modules/system/modutils.te:
> files_getattr_usr_src_files(update_modules_t)
> ./policy/modules/kernel/files.if:    files_read_usr_src_files($1)
> ./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
> ./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
> ./policy/modules/admin/portage.if:    files_exec_usr_src_files($1)
>
> Only one of these you might care about is portage.if,  if that is the
> case then I will eliminate the label from RedHat labeling.
>
>    
>> * files_search_var_log() is wrong, var_log_t doesn't belong to the files
>> module.  There is already an equivalent interface in logging.
>>
>>      
> Removed
>    
>> * the concept of files_dump_core() is wrong.  Applications do core dumps
>> in the current directory, and services just happen to "cd /" at the
>> start.  It doesn't make sense for other domains.
>>
>>      
> Fine I need a domain for creating files in the / directory which I can
> then allow daemon to do.
> Do you want to call this files_manage_root?
>
>    
>> * files_create_default_dir() needs to be 2 interfaces.
>>
>>      
> Added files_root_filetrans_default
>    
>> * I don't even know what to make of files_boot().
>>
>>
>>      
> I think this is caused by early boot of the kernel, /dev/ gets labeled
> boot_t until it gets relabeled in the initrc scripts.  Might not exist
> any longer with the move to dracut.
>
> I will remove and see what happens.
>
> Most people run an unconfined_domain(kernel_t) anyways.
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>    
Is this more to your liking?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kernel_files.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100305/da553dc2/attachment-0001.pl 

[refpolicy] kernel_files.patch

[Miroslav Grepl]

On 03/05/2010 06:12 PM, Daniel J Walsh wrote:
> On 03/05/2010 11:46 AM, Daniel J Walsh wrote:
>> On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
>>> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
>>>
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>>>>
>>>> New file context
>>>>
>>>> Lots of new interfaces
>>>>
>>> * need explanation as to why boot_t would be a device node.
>>>
>> I can't find why.  Might be some bizarro ia64 type machine.  I will
>> remove and see if it comes back
>>> * need additional explanation as to the purpose of system_conf_t.
>>>
>> Miroslav has this one.  It has to do with system-config-firewall.
>>
Yes, it is related with the s-c-firewall which writes to the sysctl.conf 
file (to enable masquerading ) and creates the sysctl.conf.old file. But 
s-c-firewall creates also 'iptables.conf.old' under /etc directory.

So we came up with a new type system_conf_t to solve this issue.
>>> * the files_relabel_all_files() change is still rejected, since block
>>> and chr files should have regular file types.
>>>
>> This one comes about because of mkinitd being run by rpm in post 
>> installs.
>> Which does not happen any longer but I do not see what the benifit of
>> turning this off.
>> We have several tools like mock, liveusb_creator, kernel make etc that
>> are going to create blk_files
>> and chr_files in places like /tmp that might run a cp -p or some other
>> tool that is going to try to relabel.
>>
>>> * the the files-delete_isid_type_files() additions need their own
>>> interfaces instead.
>>>
>> Fixed
>>> * same thing for files_delete_usr_files()
>>>
>> Removed
>>> * the files_read_usr_files() change is excessive
>>>
>> Ok can we remove src_t altogether then.  It just seems to cause bugs and
>> I see no reason for this label.
>>
>> It's only reason for being is to create AVC messages.
>> ./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t) 
>>
>> ./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
>> ./policy/modules/system/userdomain.if:
>> files_read_usr_src_files($1_usertype)
>> ./policy/modules/system/userdomain.if:    files_exec_usr_src_files($1_t)
>> ./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
>> ./policy/modules/system/modutils.te:
>> files_getattr_usr_src_files(update_modules_t)
>> ./policy/modules/kernel/files.if:    files_read_usr_src_files($1)
>> ./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',` 
>>
>> ./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
>> ./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
>> ./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t) 
>>
>> ./policy/modules/admin/portage.if:    files_exec_usr_src_files($1)
>>
>> Only one of these you might care about is portage.if,  if that is the
>> case then I will eliminate the label from RedHat labeling.
>>
>>> * files_search_var_log() is wrong, var_log_t doesn't belong to the 
>>> files
>>> module.  There is already an equivalent interface in logging.
>>>
>> Removed
>>> * the concept of files_dump_core() is wrong.  Applications do core 
>>> dumps
>>> in the current directory, and services just happen to "cd /" at the
>>> start.  It doesn't make sense for other domains.
>>>
>> Fine I need a domain for creating files in the / directory which I can
>> then allow daemon to do.
>> Do you want to call this files_manage_root?
>>
>>> * files_create_default_dir() needs to be 2 interfaces.
>>>
>> Added files_root_filetrans_default
>>> * I don't even know what to make of files_boot().
>>>
>>>
>> I think this is caused by early boot of the kernel, /dev/ gets labeled
>> boot_t until it gets relabeled in the initrc scripts.  Might not exist
>> any longer with the move to dracut.
>>
>> I will remove and see what happens.
>>
>> Most people run an unconfined_domain(kernel_t) anyways.
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> Is this more to your liking?
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100308/ae4bb83b/attachment.html 

[refpolicy] kernel_files.patch

[Christopher J. PeBenito]

On Fri, 2010-03-05 at 11:46 -0500, Daniel J Walsh wrote:
> On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
> > On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> >    
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch

> > * the files_read_usr_files() change is excessive
> >    
> Ok can we remove src_t altogether then.  It just seems to cause bugs and 
> I see no reason for this label.
> 
> It's only reason for being is to create AVC messages.
> ./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
> ./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
> ./policy/modules/system/userdomain.if:    
> files_read_usr_src_files($1_usertype)
> ./policy/modules/system/userdomain.if:    files_exec_usr_src_files($1_t)
> ./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
> ./policy/modules/system/modutils.te:    
> files_getattr_usr_src_files(update_modules_t)
> ./policy/modules/kernel/files.if:    files_read_usr_src_files($1)
> ./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
> ./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
> ./policy/modules/admin/portage.if:    files_exec_usr_src_files($1)
> 
> Only one of these you might care about is portage.if,  if that is the 
> case then I will eliminate the label from RedHat labeling.

The only reason I can think of is to separate kernel sources out from
usr_t.  Domains that can write to usr_t shouldn't necessarily be able to
write to the kernel sources.

> > * the concept of files_dump_core() is wrong.  Applications do core dumps
> > in the current directory, and services just happen to "cd /" at the
> > start.  It doesn't make sense for other domains.
> >    
> Fine I need a domain for creating files in the / directory which I can 
> then allow daemon to do.
> Do you want to call this files_manage_root?

files_manage_root_files().

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] kernel_files.patch

[Daniel J Walsh]

http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch

Add /afs as a mount point.

Label /[^/]* as etc_runtime_t, if init scripts create files here we 
label them as etc_runtime_t (/halt, /.autorelabel...  Probably cold 
label them root_t and allow initscripts to manage_files_perms and 
transiton to them.

Added files_relabel_all_file_type_fs for mounting with security context.

Need to have an interface to allow tmpreaper to delete file_t files, as 
well as admin.

Other interfaces used by Fedora

Adding interface for inherited files, not sure what to call this.  The 
idea is, the shell can pass my confined domain any open file by my 
confined domain can not open or create any file.  Removed ioctl from 
file access to see if we really need it.

[refpolicy] kernel_files.patch

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch

Add a couple of file context

Fixes for lots of interfaces

Add files_relabel_all_file_type_fs  To allow mounting filesystems with
different file context.

Add ability to delete file_t, sysadmin needs this to clean up badly labels.

Usually these are on /tmp

Fix delete usr_t

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmu8ZgACgkQrlYvE4MpobMlRQCg0JrENfQE01qZW/vG9rr+wIE7
BNUAoKneZsDpeNrmN5n4kYzLV9mLWGy4
=j99y
-----END PGP SIGNATURE-----

[refpolicy] kernel_files.patch

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch

Fix label of system_map under /boot/efi

Add etc_runtime to hosts.deny

Allow relabel from and to all blk and chr file context.  This prevents
restorecon from breaking if users have blk files in homedir.

Add interfaces to rw_all_files

Allow relabel all filesytems to all other files systems (Mount context=)

Add the ability to delete unlabled file (file_t) tmpreaper needs to be
able to delete files left on /tmp that never got labeled on initial label.


A few other interfaces

Additional mount file ssytem.  Any file type can be moved to /tmp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkksdZIACgkQrlYvE4MpobP6LACgyM9okXvx0ZSCaqPl3Zg85rbo
OagAnAxfBw+LhLzj30L6f/cZo6dumzUP
=qK4Y
-----END PGP SIGNATURE-----

[refpolicy] kernel_files.patch

[Christopher J. PeBenito]

On Tue, 2008-11-25 at 17:00 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
> 
> Fix label of system_map under /boot/efi
> 
> Add etc_runtime to hosts.deny

I need justification for this.

> Allow relabel from and to all blk and chr file context.  This prevents
> restorecon from breaking if users have blk files in homedir.

Why would there be device nodes in a user home directory?  We can't
allow device nodes to be relabeled to something that is not a device
node type.

> Add interfaces to rw_all_files
> 
> Allow relabel all filesytems to all other files systems (Mount context=)

When/why did the existing rule for this become insufficient?

> Add the ability to delete unlabled file (file_t) tmpreaper needs to be
> able to delete files left on /tmp that never got labeled on initial label.

I don't have a problem with this, but I think the
files_delete_isid_type_files() interface needs to be split up.  Or put
the rules into the purge tmp interface.

> A few other interfaces

Need explanation for the polyinstantiation change.

files_delete_usr_files() needs to be broken up.

> Additional mount file ssytem.  Any file type can be moved to /tmp.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] kernel_files.patch

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher J. PeBenito wrote:
> On Tue, 2008-11-25 at 17:00 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
>>
>> Fix label of system_map under /boot/efi
>>
>> Add etc_runtime to hosts.deny
> 
There are some init scripts that modify the hosts.deny file so it ends
up labeled etc_runtime_t.  Forget which one.
> I need justification for this.
> 
>> Allow relabel from and to all blk and chr file context.  This prevents
>> restorecon from breaking if users have blk files in homedir.
> 
> Why would there be device nodes in a user home directory?  We can't
> allow device nodes to be relabeled to something that is not a device
> node type.
> 
Any kernel developer will end up with chr and block devices in their
homedir, if they run a restorecon or setfiles on their home dir they get
avc messages when they relabel their homedir, with "valid" files in the
homedir.  Trying to justify this denial, just ends up with kernel
engineers saying SELinux sucks...

>> Add interfaces to rw_all_files
>>
>> Allow relabel all filesytems to all other files systems (Mount context=)
> 
> When/why did the existing rule for this become insufficient?
> 
If you bind mount files or file systems mount needs to be able to
read/write the source.
>> Add the ability to delete unlabled file (file_t) tmpreaper needs to be
>> able to delete files left on /tmp that never got labeled on initial label.
> 

> I don't have a problem with this, but I think the
> files_delete_isid_type_files() interface needs to be split up.  Or put
> the rules into the purge tmp interface.
> 
Fine.
>> A few other interfaces
> 
> Need explanation for the polyinstantiation change.
> 
> files_delete_usr_files() needs to be broken up.
> 
Fine
>> Additional mount file ssytem.  Any file type can be moved to /tmp.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkk2qD8ACgkQrlYvE4MpobPdKACgoZ6yyvSjrbLoQavDndbQEmML
DU8AoKPX7vhM8puNQgd+kupyiSlu0tkW
=4vtR
-----END PGP SIGNATURE-----