plymouthd avcs in MLS

Xavier Toth txtoth at gmail.com
Wed Jan 21 21:49:52 UTC 2009


On Wed, Jan 21, 2009 at 3:25 PM, Xavier Toth <txtoth at gmail.com> wrote:
> I'll give it a try on an F10 box when it finishes building.
>
> Ted
>
> On Wed, Jan 21, 2009 at 3:22 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have sucked it up over the last couple of days and have cleaned up
>> most of the MLS avcs in Fedora 11.  It now boots up and I can log in in
>> enforcing mode.
>>
>> I would prefer to work with the F11 policy, although this can safely be
>> installed on an F10 system.
>>
>> Tryout 3.6.3-5.f11
>>
>> I gave the kernel_t the privs to run plymouth, it does not make much
>> sense to prevent kernel_t from any of the accesses it needed.
>>
>> Also wrote most of the policy for wm_t.
>>
>> Some problems like use of fusermount are going to be tougher to decide
>> on what the right thing to do is.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>
>> iEYEARECAAYFAkl3kf0ACgkQrlYvE4MpobNMYwCeOHaZ3GokeMzg8oRrM8vU/S6Q
>> sqAAoNlF+b4v0c3pnd7BPb8ljzwMB3Vj
>> =WkHm
>> -----END PGP SIGNATURE-----
>>
>

No can do on FC10 as it requires policycoreutils which requires python
2.6 ... :(

Ted




More information about the fedora-selinux-list mailing list