[refpolicy] [PATCH 28/34]: patch to allow reading hal pid files from ifconfig_t

From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 28/34]: patch to allow reading hal pid files from ifconfig_t
Date: Mon, 28 Feb 2011 13:39:32 -0500	[thread overview]
Message-ID: <4D6BEBE4.2000004@redhat.com> (raw)
In-Reply-To: <1298917603.3123.2.camel@tesla.lan>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/28/2011 01:26 PM, Guido Trentalancia wrote:
> On Mon, 28/02/2011 at 09.47 -0500, Christopher J. PeBenito wrote:
>> On 02/16/11 01:34, Guido Trentalancia wrote:
>>> This patch allows to read hal pid files from the ifconfig_t
>>> context.
>>>
>>> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/system/sysnetwork.te refpolicy-git-15022011-new-modified/policy/modules/system/sysnetwork.te
>>> --- refpolicy-git-15022011-new-before-modification/policy/modules/system/sysnetwork.te	2011-01-08 19:07:21.363760466 +0100
>>> +++ refpolicy-git-15022011-new-modified/policy/modules/system/sysnetwork.te	2011-02-15 23:28:42.843164809 +0100
>>> @@ -327,6 +327,7 @@ ifdef(`hide_broken_symptoms',`
>>>  optional_policy(`
>>>  	hal_dontaudit_rw_pipes(ifconfig_t)
>>>  	hal_dontaudit_rw_dgram_sockets(ifconfig_t)
>>> +	hal_read_pid_files(ifconfig_t)
>>>  ')
>>>  
>>>  optional_policy(`
>>
>> Why would this be necessary?  Are you sure its not another leak
>> (especially considering the other dontaudits)?
> 
> Yes, that is not strictly necessary. What do you mean exactly for a
> leak ?
> 
> Regards,
> 
> Guido
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

http://danwalsh.livejournal.com/6117.html?thread=16613
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1r6+QACgkQrlYvE4MpobMQlgCgsXvKbJOASK9hh8uMWPFTF1Jz
etAAnRn6N7mpw/QkcDj78XWq5eC3aHCa
=J1QJ
-----END PGP SIGNATURE-----