Stephen Smalley sds at
Mon Jul 25 14:18:53 UTC 2005

On Thu, 2005-07-21 at 21:42 +1000, Russell Coker wrote:
> The attached patch is needed for correct functionality of ainit with the 
> latest strict policy when running reasonably recent rawhide packages.
> Is this really what we want?  Having a system process allocate shared memory 
> that can be used by any user processes?  Also it seems likely that other 
> sound programs will need to access the shared memory in question.

Not a good idea.  Look at nscd handling for its shmem interface; we use
an attribute to allow certain domains such access, but most domains are
limited to the socket IPC-based interface.  This program should likewise
have some kind of fallback to an IPC-based interface if the shmem
interface isn't allowed.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list