Bug 145870 - x_client_macros.te: devpts_t dir search patch
x_client_macros.te: devpts_t dir search patch
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-01-22 17:00 EST by Ivan Gyurdiev
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-27 01:47:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ivan Gyurdiev 2005-01-22 17:00:28 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
I've added this to x_client_macros.te so derived domains (like mplayer)
don't have to worry about it. Do you agree? If so,
the dontaudit rule in gnome-games can be removed.

 # Access the terminal.
+allow $1_$2_t devpts_t:dir { search }
 allow $1_$2_t $1_tty_device_t:chr_file rw_file_perms;
 allow $1_$2_t $1_devpts_t:chr_file rw_file_perms;

Question: What exactly is the difference between a dontaudit rule
and an allow rule? Which is to be used when?

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Steps to Reproduce:

Additional info:
Comment 1 Daniel Walsh 2005-01-24 14:03:51 EST
If you want to make a change like this, it is probably better to
discuss in the upstream SELinux world.  Someone there might come down
and say the world will end with this change :^).

I will add it to policy anyways
Comment 2 Daniel Walsh 2005-01-24 15:19:31 EST
Fixed in selinux-policy-strict-1.21.3-1

Note You need to log in before you can comment on or make changes to this bug.