Red Hat Bugzilla – Bug 145870
x_client_macros.te: devpts_t dir search patch
Last modified: 2007-11-30 17:10:58 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8 Description of problem: I've added this to x_client_macros.te so derived domains (like mplayer) don't have to worry about it. Do you agree? If so, the dontaudit rule in gnome-games can be removed. # Access the terminal. +allow $1_$2_t devpts_t:dir { search } allow $1_$2_t $1_tty_device_t:chr_file rw_file_perms; allow $1_$2_t $1_devpts_t:chr_file rw_file_perms; Question: What exactly is the difference between a dontaudit rule and an allow rule? Which is to be used when? Version-Release number of selected component (if applicable): selinux-policy-strict-1.21.2-7 How reproducible: Didn't try Steps to Reproduce: Additional info:
If you want to make a change like this, it is probably better to discuss in the upstream SELinux world. Someone there might come down and say the world will end with this change :^). I will add it to policy anyways
Fixed in selinux-policy-strict-1.21.3-1