reconnecting USB p rinter
Russell Coker
russell at coker.com.au
Sun Sep 26 13:14:37 UTC 2004
On Sun, 26 Sep 2004 12:01, Tom London <selinux at gmail.com> wrote:
> Running strict/enforcing, w/USB printer.
>
> Reconnecting printer (after pulling the plug) yields the following:
allow hald_t urandom_device_t:chr_file { read };
The above line should go unconditionally in hald.te not in cups.te. The
reason is that hald might access urandom_device_t for many things other than
printer configuration, and we don't want the other things to suddenly stop
working if we remove the cups policy.
Also for neat policy I think it's best not to put {} around a single item.
I've attached a diff between the policy in my tree for hal and cups and that
of the CVS. Please note that removing the dontaudit from cups.te is
deliberate, there is a matching allow rule later in the same file.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-diff
Size: 1626 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040926/791e1af9/attachment.bin>
More information about the fedora-selinux-list
mailing list