[refpolicy] kernel_domain.patch
Christopher J. PeBenito
cpebenito at tresys.com
Mon Jun 7 07:51:26 CDT 2010
On Fri, 2010-06-04 at 09:52 -0400, Daniel J Walsh wrote:
> On 06/04/2010 09:39 AM, Christopher J. PeBenito wrote:
> > On Wed, 2010-06-02 at 16:20 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_domain.patch
> >>
> >> Fix interface descriptions
> >>
> >> Lots of new domains.
> >>
> >> Added polydomain
> >
> > What is the purpose of polydomain?
> >
>
> If I have a polinstatiated homedir like on an MLS machine. When login
> programs creates the homedir it needs to populate it with content from
> /etc/skel. When it does this, it needs to relabel it to user homedir
> content.
That sounds like rules in auth_login_pgm_domain() that should already
exist.
> tunable_policy(`allow_polyinstantiation',`
> files_polyinstantiate_all(polydomain)
> userdom_manage_user_home_content_dirs(polydomain)
> userdom_manage_user_home_content_files(polydomain)
> userdom_relabelto_user_home_dirs(polydomain)
> userdom_relabelto_user_home_files(polydomain)
> '
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list