[refpolicy] Minor fixes to first boot policy
Christopher J. PeBenito
cpebenito at tresys.com
Wed Aug 20 14:53:22 CDT 2008
On Thu, 2008-08-14 at 14:21 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_firstboot.patch
>
> firstboot tends to leak file descritors and since it it thousands of
> lines of code not likely to be fixed. So dontaudit leaked descriptors
> to unix_stream_socket
>
> Move unconfined_domain to optional block.
>
> - -files_etc_filetrans_etc_runtime(firstboot_t, { file dir })
> We dont want to do this. Firstboot should just edit etc files rather
> then mislabeling them
>
> Remove ancient cruft
I moved the stream socket part into its own interface and updated the
one caller. I dropped the xserver part since that interface doesn't
exist. The remainder is merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the refpolicy
mailing list