Bug 229159
Summary: | hald needs more privileges | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Zeuthen <davidz> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | mclasen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-22 14:17:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Zeuthen
2007-02-19 01:09:46 UTC
Btw, only /usr/libexec/hal-acl-tool needs to be able to do this. Is it possible to create a new domain e.g. hald_acl_tool_t just for this to ensure that only this program can add/remove ACL's on file in /dev? Yes, we could break this out. I will start separating it, and we can play with it on Friday if you are in the office. We can also talk about breaking out the hal policy package. my hesitation right now is how can we do initial installs. We need to get the policy labeling right during install. Fixed in selinux-policy-2.5.9-1.fc7 Should be fixed in the current release |