fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: pipefs AVC

Re: pipefs AVC

From: Mr Dash Four <mr.dash.four_at_nospam>
Date: Sun Aug 29 2010 - 11:45:48 GMT
To: Dominick Grift <domg472@gmail.com>

> its a fifo_file on device pipefs with name/path: pipe:[11951]
>
> This type of internal communication is very common. We use the following
> policy for this:
>
> allow voip_sandbox_t self:fifo_file rw_fifo_file_perms;
>
Is 'rw_fifo_file_perms' custom-defined somewhere?

All I can see on the fifo_file is { append create execute getattr ioctl
link lock mounton quotaon read relabelfrom relabelto rename setattr
swapon unlink write }, of which, 'read' and 'write' are the relevant
ones. If I do 'allow voip_sandbox_t self:fifo_file { read write }' would
that be the same thing or am I missing something?

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux