[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: Patch for strict policy
From:       Russell Coker <russell () coker ! com ! au>
Date:       2004-09-29 11:28:18
Message-ID: 200409292128.18559.russell () coker ! com ! au
[Download RAW message or body]

On Tue, 28 Sep 2004 06:55, Thomas Bleher <bleher@informatik.uni-muenchen.de> 
wrote:
> * Daniel J Walsh <dwalsh@redhat.com> [2004-09-27 21:12]:
> > diff --exclude-from=exclude -N -u -r
> > nsapolicy/domains/misc/screensaver.te
> > policy-1.17.22/domains/misc/screensaver.te ---
> > nsapolicy/domains/misc/screensaver.te 1969-12-31 19:00:00.000000000 -0500
> > +++ policy-1.17.22/domains/misc/screensaver.te 2004-09-27
> > 10:19:13.000000000 -0400 @@ -0,0 +1,18 @@
> > +#
> > +# Alias file to stop blow up during policy upgrade, since
> > +# screensaver policy is being removed.
>
> How will screensavers be able to authenticate users (think screen lock)
> if this policy is removed? screensavers had the auth_chkpwd attribute to
> do this; I do not think that we should grant this capability to user_t.

In macros/base_user_macros.te:
ifdef(`chkpwd.te', `chkpwd_domain($1)')

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]