On Wed, 21 Jul 2004 04:15, Tom London selinux@comcast.net wrote:
ifdef(`usbmodules.te', ` r_dir_file(ptal_t, usbdevfs_t) ')
I think that the above will be needed even without usbmodules.te. Also note that usbdevfs_t is defined in types/file.te so you won't have any compile errors, which is the main reason for ifdef's. I'll add that to my policy without the ifdef.
file_type_auto_trans(ptal_t, var_run_t, ptal_var_run_t)
This isn't what we want. It allows ptal_t to directly create sock_file, lnk_file, fifo_file, and dir entries under /var/run which is more access than it needs. Fixing the bug in cups.fc as described in my previous message will solve the problem.