Re: pipefs AVC

From: Mr Dash Four <mr.dash.four_at_nospam>
Date: Sun Aug 29 2010 - 11:45:48 GMT
To: Dominick Grift <domg472@gmail.com>

> its a fifo_file on device pipefs with name/path: pipe:[11951]
>
> This type of internal communication is very common. We use the following
> policy for this:
>
> allow voip_sandbox_t self:fifo_file rw_fifo_file_perms;
>
Is 'rw_fifo_file_perms' custom-defined somewhere?

All I can see on the fifo_file is { append create execute getattr ioctl
link lock mounton quotaon read relabelfrom relabelto rename setattr
swapon unlink write }, of which, 'read' and 'write' are the relevant
ones. If I do 'allow voip_sandbox_t self:fifo_file { read write }' would
that be the same thing or am I missing something?

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

This message: [ Message body ]
Next message: Dominick Grift: "Re: pipefs AVC"
Previous message: Mr Dash Four: "Re: netif labelling"
In reply to: Dominick Grift: "Re: pipefs AVC"
Next in thread: Dominick Grift: "Re: pipefs AVC"
Reply: Dominick Grift: "Re: pipefs AVC"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]