From mboxrd@z Thu Jan  1 00:00:00 1970
From: domg472@gmail.com (Dominick Grift)
Date: Mon, 12 Jul 2010 16:51:34 +0200
Subject: [refpolicy] apps_livecd.patch
In-Reply-To: <4C3B2A02.7080209@redhat.com>
References: <4C06B9EA.8080208@redhat.com> <4C348F2F.4090306@tresys.com>
	<4C348FCA.8070109@gmail.com> <4C3B2A02.7080209@redhat.com>
Message-ID: <4C3B2BF6.1010208@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/12/2010 04:43 PM, Daniel J Walsh wrote:
> On 07/07/2010 10:31 AM, Dominick Grift wrote:
>> On 07/07/2010 04:29 PM, Christopher J. PeBenito wrote:
>>> On 06/02/10 16:07, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_livecd.patch
>>>>
>>>> Policy for livecd tool to allow it to build alternate livecd for
>>>> different os and policy versions.
>>>
>>> Merged.
>>>
>>
>> This policy has a bug:
>>
>> +seutil_domtrans_setfiles_mac(livecd_t)
>>
>> should be: seutil_run_setfiles_mac(livecd_t, system_r)
>>
> Actually, it should be removed since the proper code is in livecd_run.

Then what is this for:
role system_r types livecd_t;

Also:

http://lists.fedoraproject.org/pipermail/selinux/2010-June/012699.html


> Currently we don't allow system (init) processes to run this domain.
> 
>> Because else you will hit a constraint (no role is allowed the
>> setfiles_mac_t domain)
>>
>>
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100712/99a8910c/attachment.bin