Re: [refpolicy] dbus/lvm read domain state

From: Russell Coker <russell_at_nospam>
Date: Sun Mar 15 2009 - 23:23:38 GMT
To: Martin Orr <martin@martinorr.name>

On Mon, 16 Mar 2009, Martin Orr <martin@martinorr.name> wrote:
> +domain_read_all_domains_state(system_dbusd_t)

Do we really want all domains? I think it will do to allow system_dbusd_t to read all domains that talk to it. Why not modify dbus_system_bus_client() to have something like the following? allow system_dbusd_t $2:dir search; allow system_dbusd_t $2:file read_file_perms; -- russell@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: Shaz: "Re: questions"
Previous message: Xavier Toth: "Re: adding LANG and XMODIFIER to newrole minimal environment"
In reply to: Martin Orr: "[refpolicy] dbus/lvm read domain state"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]