[refpolicy] kernel_domain.patch
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 7 08:27:40 CDT 2010
On 06/07/2010 08:51 AM, Christopher J. PeBenito wrote:
> On Fri, 2010-06-04 at 09:52 -0400, Daniel J Walsh wrote:
>> On 06/04/2010 09:39 AM, Christopher J. PeBenito wrote:
>>> On Wed, 2010-06-02 at 16:20 -0400, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_domain.patch
>>>>
>>>> Fix interface descriptions
>>>>
>>>> Lots of new domains.
>>>>
>>>> Added polydomain
>>>
>>> What is the purpose of polydomain?
>>>
>>
>> If I have a polinstatiated homedir like on an MLS machine. When login
>> programs creates the homedir it needs to populate it with content from
>> /etc/skel. When it does this, it needs to relabel it to user homedir
>> content.
>
> That sounds like rules in auth_login_pgm_domain() that should already
> exist.
>
>> tunable_policy(`allow_polyinstantiation',`
>> files_polyinstantiate_all(polydomain)
>> userdom_manage_user_home_content_dirs(polydomain)
>> userdom_manage_user_home_content_files(polydomain)
>> userdom_relabelto_user_home_dirs(polydomain)
>> userdom_relabelto_user_home_files(polydomain)
>> '
>
The rules do not exist there currently other then
files_polyinstantiate_all(polydomain)
We could move this there or eliminate it and use the attribute save
hundreds/thousands of rules.
More information about the refpolicy
mailing list