reconnecting USB p rinter

Russell Coker russell at coker.com.au
Sun Sep 26 21:27:44 UTC 2004


On Mon, 27 Sep 2004 04:28, Tom London <selinux at gmail.com> wrote:
> That's not right, is it? Shouldn't cupsd be running in cupsd_t?

Correct.

> The following patch adds a
> domain_auto_trans(hald_t, cupsd_exec_t, cupsd_t)
> to cups.te

Good work, I've put that in my tree.

Also we should remove the can_exec_any() from hald.te ASAP, it's a time bomb 
allowing large numbers of undesired programs to run in hald_t.

> This makes the 'new' cupsd run in cupsd_t.
> This doesn't fix everything, as there are still about 170 AVCs.
>
> Do we need to add a bunch of 'domain_auto_trans' rules for
> hald_t (for apmd_t, crond_t, ......)?  dontaudits?

I'll look into that later.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



More information about the fedora-selinux-list mailing list