[DSE-Dev] [martin at martinorr.name: /selinux getattr messages]
erich at debian.org
Fri Nov 16 16:27:06 UTC 2007
> I testing selinux on my etch/lenny machine, and i prepared patch for
> refpolicy trunk:
Just some notes:
- don't include build.conf in the patch
- try to split the patch into small changes, and send them individually.
That makes review easier, and they go into upstream quicker.
I don't have the time to completely review your patch, so just a few
Make a new context such as alsa_state_t, using *_etc_* outside of /etc
is a misnamer, and you unnecessarily give write access to files in /etc
when you only want to give write access to /var/lib/alsa.
Also you should relabel the directory /var/lib/alsa, this helps getting
the file labeled correctly upon creation already.
shouldn't be labeled mozilla_exec_t, because it's just a wrapper shell
script. The correct binaries to relabel are
(for version where there was just the gecko branch)
/etc/gdm - you messed something up there. avoid bin_t there.
also relabel the directory, so the pidfile gets labeled correctly upon
Again, I didn't go through the whole diff. But on overall, I think
you've been doing a quite good job. You've understood how to fix audit
errors properly and how to use interfaces and macros. I hope that
someone of the active SELinux users will have time to look at your diff
in detail and include some of the changes into the upstream branch.
erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_
Why waste time learning, when ignorance is instantaneous? --- Calvin //\
Die eigentliche Aufgabe eines Freundes ist, dir beizustehen, V_/_
wenn du im Unrecht bist. Jedermann ist auf deiner Seite, wenn
du im Recht bist. --- Mark Twain
More information about the SELinux-devel