Red Hat Bugzilla – Bug 459415
prelude domain modifications
Last modified: 2008-11-17 17:05:34 EST
Description of problem:
prelude domain policy requires policy.
Version-Release number of selected component (if applicable):
The optional policy block is wrong for corenetport... and file_search...
By the way: snort module is still not installed. Can we have policy for snort?
Fixes are in selinux-policy-3.5.5-1.fc10.src.rpm
, including snort. Which will be available as soon as Fedora Infrastructure is back up and running.
BTW, what is prelude searching for in /tmp?
good question, i am not sure. ill keep an eye on that and lets you know if i figure it out.
Well i went to #prelude and asked about it. Seems it has to do with the fact that the maintainer want prelude-manager to be able to run without user intervention.
It appears that there is a scenario where prelude-manager creates a socket in /tmp. Maybe if prelude manager is started by a user instead of root. Not really sure but i seems the maintainer prefers /tmp over /var/run for this.
Well the maintainer is wrong. System processes should not be creating things in /tmp. This is just asking for problems.
If a user can control a directory where a nother process is trying to create things, it is a recipe for mischief, to put it mildly.
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.