[refpolicy] services_snmp.patch
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 4 13:21:15 CST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Wed, 2008-12-03 at 18:09 -0500, Daniel J Walsh wrote:
>> Christopher J. PeBenito wrote:
>>> On Tue, 2008-11-25 at 16:23 -0500, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_snmp.patch
>>>>
>
>>>> Communicates with virtual machines and xen machines
>>> I put the kernel_*_xen_state() calls in with the other xen_*() calls.
>>>
>>> Merged with some other tweaks.
>>>
>> But the xen stuff is optional while the kernel* calls are not. So if
>> you used a policy without xen policy you still want to use the xen device.
>
> That doesn't make any sense to me. Why would it still be using the xen
> proc interfaces if there is no xen?
>
If I have xen devices defined but use some policy other the xen, say
initrc_t, or myxen or expanded virt whatever. The devices are defined
in device.te and other xen calls are defined in xen.if, they are not the
same.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk4LasACgkQrlYvE4MpobOLgwCgpL8yoeXsexzvi0Gr57gSc3+6
Bi0AnRrajphTVGCcuoo4hBCG3W+P/ats
=E5Oo
-----END PGP SIGNATURE-----
More information about the refpolicy
mailing list