What changed that allows xguest to go on AOL?
fluffie
adriangolding at gmail.com
Mon May 11 10:37:42 UTC 2009
i read the article from :
http://magazine.redhat.com/2008/07/02/writing-policy-for-confined-selinux-users/
and i recently installed setools to (hopefully) understand more about
SELinux.
in the article, it is shown (and i tried) that xguest_t role cannot
communicate using AOL. the xguest_t can launch pidgin in /usr/bin/ though.
AOL uses the port 5190 and that port has the 'aol_port_t' type.
so i created the new policy rule as per the tutorial and now my xguest_t can
use pidgin and talk on AOL.
if i were to use 'apol' to understand the changes made by the new policy
change, how should i do it?
i tried to do a 'domain transition analysis', starting from the xguest_t
type and then see how many ways xguest_t can transit to the aol_port_t type,
and tried to compare the 'before' and 'after' policy addition. But i could
not tell any difference.
so i guess my question is more of how to use 'apol' to obtain meaningful
information such as this. i cannot help but feel overwhelmed using apol
because there are so many options and so much information coming back at me.
thank you
--
View this message in context: http://www.nabble.com/What-changed-that-allows-xguest-to-go-on-AOL--tp23480891p23480891.html
Sent from the Fedora SELinux List mailing list archive at Nabble.com.
More information about the fedora-selinux-list
mailing list