hald/hal-hotplug-map
Russell Coker
russell at coker.com.au
Wed Sep 1 06:17:50 UTC 2004
On Mon, 30 Aug 2004 07:10, Tom London <selinux at comcast.net> wrote:
> Oops.... hald.fc should be
> # hald - hardware informationd daemon
> /usr/sbin/hald -- system_u:object_r:hald_exec_t
> /usr/libexec/hal-hotplug-map -- system_u:object_r:hald_exec_t
>
> Otherwise hal.dev and hal.hotplug get erroneously relabeled.
It's a difficult decision about whether to allow hald_t to execute bin_t or to
label the file as hald_exec_t. At this time I think that labelling it as
hald_exec_t is better as it prevents hald from executing many different
program files.
I've attached a little patch which implements this.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hald.diff
Type: text/x-diff
Size: 1032 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040901/8497782f/attachment.bin>
More information about the fedora-selinux-list
mailing list