[refpolicy] [PATCH 1/2] Label /var/run/mdadm/map as mdadm_map_t
dominick.grift at gmail.com
Thu Sep 13 11:09:28 CDT 2012
On Thu, 2012-09-13 at 11:36 -0400, Daniel J Walsh wrote:
> On 09/12/2012 12:49 PM, Dominick Grift wrote:
> > On Wed, 2012-09-12 at 01:31 +0200, Laurent Bigonville wrote:
> >> From: Laurent Bigonville <bigon at bigon.be>
> >> mdadm is now creating map file under /run/mdadm/map --- raid.fc | 1 +
> >> 1 file changed, 1 insertion(+)
> >> diff --git a/raid.fc b/raid.fc index ed9c70d..e3c8bfb 100644 ---
> >> a/raid.fc +++ b/raid.fc @@ -4,3 +4,4 @@ /sbin/mdmpd --
> >> gen_context(system_u:object_r:mdadm_exec_t,s0)
> >> /var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0)
> >> +/var/run/mdadm/map -- gen_context(system_u:object_r:mdadm_map_t,s0)
> > I think its probably best to drop mdadm_map_t and make it an alias of
> > mdadm_var_run_t instead
> > I have some changes from both myself and fedora for raid module in the
> > pipeline.
> > It sucks though because both fedora as well as refpolicy made mdadm_t a
> > unconfined type. That basically makes it almost impossible for us to
> > develop it further and receive feedback on it.
> > _______________________________________________ refpolicy mailing list
> > refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
> Dominick lets turn that off in Rawhide.
That is a good idea. I would like to hear pebenito' opinion about
removing it in refpolicy as well.
what caused refpolicy to make mdadm_t a unconfined domain in the first
More information about the refpolicy