[DSE-Dev] [martin at martinorr.name: /selinux getattr messages]
Václav Ovsík
vaclav.ovsik at i.cz
Mon Nov 19 15:33:47 UTC 2007
On Fri, Nov 16, 2007 at 03:40:49PM +0100, Erich Schubert wrote:
> Hi,
> > selinux_get_fs_mount(fsadm_t)
> > -> ./policy/modules/system/fstools.te
> >
> > selinux_get_fs_mount(mount_t)
> > -> ./policy/modules/system/mount.te
>
> > Is such solution ok and acceptable upstream (conditionaly for
> > Debian distro or so)?
>
> That is a well-defined access control switch, so I figure it's okay, at
> least if it has been checked that these aren't due to some bug in the
> programs doing these commands.
>
> You might also want to browse the changes I did to my policy.
> They're all in SVN at
> http://svn.debian.org/wsvn/selinux/refpolicy/branches/debian/
I checked out this branch and am going to look in it.
> If you want, I can give you write access to that repository.
> All you need is an alioth account and join the SELinux project there.
BTW: I'm not DD.
> >From the changelog you can see that upstream revision 2337 was the last
> one I merged, so you should be able to get a clean diff via SVN by
> comparing that revision from upstream with my 'HEAD' revision.
> I don't know if I did something to fix that audit error. Maybe I
> modified one of the other macros instead to include this getattr.
>
> best regards,
Thanks.
--
Zito
More information about the SELinux-devel
mailing list