[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TTY question

To: ivg2@xxxxxxxxxxx
Subject: Re: TTY question
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2005 07:46:13 -0500
Cc: SELinux <selinux@xxxxxxxxxxxxx>
In-reply-to: <1108000939.5241.10.camel@xxxxxxxxxxxxxx>
Organization: National Security Agency
References: <1107915334.6602.1.camel@xxxxxxxxxxxxxx> <1107954368.17568.25.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1108000939.5241.10.camel@xxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Wed, 2005-02-09 at 21:02, Ivan Gyurdiev wrote:
> # access_terminal(prefix, domain)
> access_terminal(`
>         allow $1_$2_t $1_tty_device_t:chr_file rw_file_perms;
>         allow $1_$2_t devtty_t:chr_file rw_file_perms;
>         allow $1_$2_t devpts_t:dir r_dir_perms;
>         allow $1_$2_t $1_devpts_t:chr_file rw_file_perms;
> ') dnl access_terminal

Why not just:
# access_terminal(domain, typeprefix)
define(`access_terminal', `
allow $1 $2_tty_device_t:chr_file rw_file_perms;
allow $1 devtty_t:chr_file rw_file_perms;
allow $1 devpts_t:dir r_dir_perms;
allow $1 $2_devpts_t:chr_file rw_file_perms;
') dnl access_terminal

Then the usage in e.g. x_client_domain becomes:
access_terminal($1_$2_t, $1)

whereas elsewhere it may just be:
access_terminal($1_t, $1) 

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: TTY question
  - From: Ivan Gyurdiev

References:
- TTY question
  - From: Ivan Gyurdiev
- Re: TTY question
  - From: Stephen Smalley
- Re: TTY question
  - From: Ivan Gyurdiev

Prev by Date: Re: TTY question
Next by Date: Re: TTY question
Previous by thread: Re: TTY question
Next by thread: Re: TTY question
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.