[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: selinux-policy-2.5.4

From: Stephen Smalley <sds tycho nsa gov>
To: Steve G <linux_4ever yahoo com>
Cc: Fedora SELinux list <fedora-selinux-list redhat com>
Subject: Re: selinux-policy-2.5.4
Date: Mon, 26 Feb 2007 07:46:10 -0500

On Sun, 2007-02-25 at 12:15 -0800, Steve G wrote:
> Hi,
> 
> I am curious about the testing process for policy releases. Seems like everytime
> a new upstream policy is pulled in, we suddenly have a bunch of avcs. For the
> newest policy, 2.5.4, I have all these:
> 
> allow avahi_t unlabeled_t : packet { recv send };
> allow bluetooth_t lib_t : file execute_no_trans;
> allow mount_t security_t : filesystem getattr;
> allow postfix_local_t mail_spool_t : file append;
> allow postfix_local_t unlabeled_t : packet send;
> allow postfix_master_t security_t : filesystem getattr;
> allow restorecon_t security_t : filesystem getattr;
> allow setrans_t security_t : filesystem getattr;
> allow setroubleshootd_t mail_spool_t : lnk_file read;
> allow setroubleshootd_t security_t : filesystem getattr;
> allow vpnc_t security_t : filesystem getattr;
> allow vpnc_t unlabeled_t : packet { recv send };
> 
> These are simply from booting and connecting to the network. I haven't even tried
> to start X or do any serious work.

The security_t:filesystem getattr ones would be from your libselinux
patch (not yet merged, at least upstream).

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: selinux-policy-2.5.4
  - From: Stephen Smalley

References:
- selinux-policy-2.5.4
  - From: Steve G

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]