Bug 145870 - x_client_macros.te: devpts_t dir search patch
Summary: x_client_macros.te: devpts_t dir search patch
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict   
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-22 22:00 UTC by Ivan Gyurdiev
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-27 06:47:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Ivan Gyurdiev 2005-01-22 22:00:28 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
I've added this to x_client_macros.te so derived domains (like mplayer)
don't have to worry about it. Do you agree? If so,
the dontaudit rule in gnome-games can be removed.

 # Access the terminal.
+allow $1_$2_t devpts_t:dir { search }
 allow $1_$2_t $1_tty_device_t:chr_file rw_file_perms;
 allow $1_$2_t $1_devpts_t:chr_file rw_file_perms;

Question: What exactly is the difference between a dontaudit rule
and an allow rule? Which is to be used when?



Version-Release number of selected component (if applicable):
selinux-policy-strict-1.21.2-7

How reproducible:
Didn't try

Steps to Reproduce:
    

Additional info:

Comment 1 Daniel Walsh 2005-01-24 19:03:51 UTC
If you want to make a change like this, it is probably better to
discuss in the upstream SELinux world.  Someone there might come down
and say the world will end with this change :^).

I will add it to policy anyways

Comment 2 Daniel Walsh 2005-01-24 20:19:31 UTC
Fixed in selinux-policy-strict-1.21.3-1


Note You need to log in before you can comment on or make changes to this bug.