From: domg472@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [ devices patch 1/1] Fix dev_list_sysfs interface to allow domains to read sysfs lnk_file.
Date: Thu, 04 Mar 2010 18:27:14 +0100 [thread overview]
Message-ID: <4B8FED72.2080606@gmail.com> (raw)
In-Reply-To: <1267718004.11679.36.camel@gorn.columbia.tresys.com>
On 03/04/2010 04:53 PM, Christopher J. PeBenito wrote:
> On Fri, 2010-02-26 at 11:39 +0100, Dominick Grift wrote:
>> Signed-off-by: Dominick Grift <domg472@gmail.com>
>
> I'm on the fence for this one. Normally I think this is better suited
> for dev_read_sysfs(), which has this perm already. But since sysfs is
> so highly linked, I suppose it could make sense. What prompted this?
Well i needed an interface that does not provide access to read files
but does provides access to read lnk_files (for listing sysfs).
I needed it for my kismet policy:
> dev_list_sysfs(kismet_servers)
> allow kismet_servers sysfs_t:lnk_file read;
>> ---
>> :100644 100644 fe31e1f... 83c4a2a... M policy/modules/kernel/devices.if
>> policy/modules/kernel/devices.if | 1 +
>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
>> index fe31e1f..83c4a2a 100644
>> --- a/policy/modules/kernel/devices.if
>> +++ b/policy/modules/kernel/devices.if
>> @@ -3322,6 +3322,7 @@ interface(`dev_list_sysfs',`
>> ')
>>
>> list_dirs_pattern($1, sysfs_t, sysfs_t)
>> + allow $1 sysfs_t:lnk_file read_lnk_file_perms;
>> ')
>>
>> ########################################
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100304/3a3fa11e/attachment.bin
prev parent reply other threads:[~2010-03-04 17:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-26 10:39 [refpolicy] [ devices patch 1/1] Fix dev_list_sysfs interface to allow domains to read sysfs lnk_file Dominick Grift
2010-03-04 15:53 ` Christopher J. PeBenito
2010-03-04 17:27 ` Dominick Grift [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B8FED72.2080606@gmail.com \
--to=domg472@gmail.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.