[refpolicy] [patch 1/1] netutils: make ping working for confined users
guido at trentalancia.com
Fri Feb 18 23:08:11 CST 2011
Hello Miroslav !
On Fri, 18/02/2011 at 16.01 +0000, Miroslav Grepl wrote:
> * ping did not work for confined users which is fixed by these changes
> * allow netutils to read network state information and request the
> kernel to load a module
I have tested ping and traceroute from:
and they appear to be working fine for confined users with the latest
reference policy (provided that ping is setuid root, which is needed for
opening a raw socket).
Also, I do not suggest that you move files_read_usr_files(traceroute_t)
further up and away from its "nmap-commented" block. For example, I got
immediately confused, I went looking into traceroute source code and
couldn't find anything that it needs to do with usr files... What would
be very nice there is a boolean for the whole nmap-related block.
Is this series of messages just an acknowledgement of what is being done
on Fedora 15 ? I suppose it is so, as dev_write_usbmon_dev() does not
make sense in refpolicy.
More information about the refpolicy