[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

targeted policy patch

To: selinux@xxxxxxxxxxxxx
Subject: targeted policy patch
From: Serge Hallyn <serge.hallyn@xxxxxxxxx>
Date: Thu, 19 May 2005 10:11:24 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=KstOWmIKLJjfqwyTkkBSnJF2y8nyAzldFKz2C2OShCF4/5oEr26k2+EOkm4unYNjwwFJ4i9skOzYkGXlB7JugCGHXi5FwQgbcg1EbX8l2Elh0QUluqWzkPncqrknsVvfls9lQHpIjPTa31PyHqEf4YL7bM1Oa4bdKuAJnKAaOS4=
Reply-to: Serge Hallyn <serge.hallyn@xxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

Hi,

In order to compile the sf.net targeted policy on a gentoo system with
the sf.net checkpolicy, I needed the following patch.  It does several
small things, the last of which I expect is actually wrong, but at
least gets me a compiling policy:

1. preserves kernel.te to get its type declaration.
2. fixes what i assume is a type, 'rm -rf domains/misc/used' instead of unused
3. deletes setfiles.fc, since setfiles_exec_t is not declared in the policy
4. adds the unrestricted attribute to the insmod_t domain.  This stops
a conflict with the neverallow rule for ~signal -> unconfined_t.

thanks,
-serge

Attachment: targeted_nits.patch
Description: Binary data

Follow-Ups:
- Re: targeted policy patch
  - From: Stephen Smalley

Prev by Date: Re: vsftpd with selinux on FC3
Next by Date: Re: targeted policy patch
Previous by thread: need advice
Next by thread: Re: targeted policy patch
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.