[refpolicy] new_device_permissions.patch

Eamon Walsh ewalsh at tycho.nsa.gov
Mon Aug 17 14:16:14 CDT 2009


On 08/14/2009 01:20 PM, Christopher J. PeBenito wrote:
> On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote:
>    
>> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
>>      
>>> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
>>>
>>>        
>>>> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
>>>>
>>>>          
>>>>> Add a few new permissions to the "x_device" class to support the new
>>>>>
>>>>>            
>>>> XI2
>>>>
>>>>          
>>>>> functionality just merged to the X server.
>>>>>
>>>>>
>>>>>
>>>>>            
>>>> In the previous patch 2 x_device permission bits for the XI2
>>>> functionality were left out.
>>>>
>>>> Fixed with attached patch.
>>>>
>>>>          
>>> Whats the difference between add/remove and create/destroy?
>>>
>>>
>>>        
>>
>> The devices are in a kind of hierarchy.  You can now create one or more
>> "master devices" (mouse cursor and keyboard focus).  The physical input
>> devices are "slave devices" that attach to master devices.
>>
>> Add/remove controls the ability to add/remove slave devices from a
>> master device.  Create/destroy controls the ability to create new master
>> devices.
>>      
> Merged.  Are there any MLS constraints updates for these permissions?
>
>    


Yes, I did an X demo here last month and have some policy changes, I'm 
still working on cleaning them up for submission.

-- 
Eamon Walsh<ewalsh at tycho.nsa.gov>
National Security Agency



More information about the refpolicy mailing list