[refpolicy] admin_prelink.patch

Christopher J. PeBenito cpebenito at tresys.com
Fri Jun 18 13:08:19 CDT 2010


On Wed, 2010-06-02 at 15:51 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_prelink.patch
> 
> Prelink has new directory under /var/lib

The files_search_var_lib() should be redundant due to the
files_var_lib_filetrans().

> dontaudit leaks from domains that transition
> 
> 
> 
> prelink needs to manage executables in the users homedir.

NAK  Prelink is highly trusted to manage system libraries.  This is too
easy of a way for users to compromise prelink, which could lead to
compromised system libraries.

> cron job looks at all mount points.

Otherwise merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com



More information about the refpolicy mailing list