A few policy additions:

add support for xconsole_device_t

assert.te: nfs_export_all_rw is not there anymore. Nobody complained till now, so maybe this is not needed at all?

initrc.te: these permissions are needed on suse systems, I think they can be generally allowed.

restorecon.te: ttyfiles don't have the device_type attribute

apmd.te: acpid stores files under /var/lib on suse systems

cupsd.te: cupsd_config_t depends on hald

rpm.te: rpm is granted setrlimit further up in the policy

xdm.te: I have default_context_t files symlinked, I think it's OK to allow this in the general case. I also needed device_t:lnk_file access once, can't remember why, but I don't think it's harmful.

global_macros.te: the patch snippet is from var_run_domain(). Domains need search access to var_t:dir if they want to access /var/run.

I think the other stuff is clear.

Thomas

-- 
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7





--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



text/plain attachment: patch



application/pgp-signature attachment: Digital signature