[DSE-Dev] [martin at martinorr.name: /selinux getattr messages]

Erich Schubert erich at debian.org
Fri Nov 16 14:40:49 UTC 2007


Hi,
> selinux_get_fs_mount(fsadm_t)
> -> ./policy/modules/system/fstools.te
> 
> selinux_get_fs_mount(mount_t)
> -> ./policy/modules/system/mount.te

> Is such solution ok and acceptable upstream (conditionaly for
> Debian distro or so)?

That is a well-defined access control switch, so I figure it's okay, at
least if it has been checked that these aren't due to some bug in the
programs doing these commands.

You might also want to browse the changes I did to my policy.
They're all in SVN at
http://svn.debian.org/wsvn/selinux/refpolicy/branches/debian/

If you want, I can give you write access to that repository.
All you need is an alioth account and join the SELinux project there.

>From the changelog you can see that upstream revision 2337 was the last
one I merged, so you should be able to get a clean diff via SVN by
comparing that revision from upstream with my 'HEAD' revision.
I don't know if I did something to fix that audit error. Maybe I
modified one of the other macros instead to include this getattr.

best regards,
Erich Schubert
-- 
    erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C   (o_
                 Friends are those who reach out for                //\
                   your hand but touch your heart.                  V_/_
   Es ist beschämender seinen Freunden zu mißtrauen als von ihnen
        getäuscht zu werden. --- François de la Rochefoucauld




More information about the SELinux-devel mailing list