[refpolicy] [PATCH 1/2] Asterisk admin must be able to run 'asterisk -r'

Sven Vermeulen sven.vermeulen at siphos.be
Tue Sep 27 12:28:29 CDT 2011


On Tue, Sep 27, 2011 at 07:02:52PM +0200, Dominick Grift wrote:
> *_admin() interfaces arent your average roles. (i guess thats why they
> dont call them *_admin_role())

Hmm, okay

[...]
> So, yes roles() should be called in the role layer modules but
> asterisk_admin or any other _admin interface is not such a role. its
> different, its specific to confined root.

Didn't know that, thanks. 

I think it is best to mark the binary as an application_exec_type then as
you suggested, and use the stream connect. I'll have it tested to see if
that works.

Wkr,
	Sven Vermeulen


More information about the refpolicy mailing list