selinux-refpolicy.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lukas Vrabec <lvrabec@redhat.com>
To: selinux-refpolicy@vger.kernel.org
Subject: New boolean for using bluetooth
Date: Thu, 25 Apr 2019 18:58:27 +0200	[thread overview]
Message-ID: <87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com> (raw)


[-- Attachment #1.1: Type: text/plain, Size: 914 bytes --]

Hi All,

I added new SELinux boolean[1][2] to Fedora SELinux policy called
deny_bluetooth.

I would like to push it also to refpolicy, however, refpolicy is not
using bluetooth_socket at all, it's defined in policy but not used by
any SELinux domain. Can I create patch also with adding these rules from
Fedora policy? And also, for some reason my colleagues didn't follow
name conventions of global booleans with refpolicy (I didn't find any
deny_* boolean in refpolicy). So if it make sense to add these kind of
boolean also to refpolicy, should I defined it as allow_bluetooth ?

[1]https://github.com/fedora-selinux/selinux-policy/commit/54c05f2645a660c545ec406558b42687df2552a7
[2]
https://github.com/fedora-selinux/selinux-policy-contrib/commit/5a0561d7b67ae8403d4e1a44acfc8db40ee269a5

Thanks,
Lukas.

-- 
Lukas Vrabec
Senior Software Engineer, Security Technologies
Red Hat, Inc.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

             reply	other threads:[~2019-04-25 16:58 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-25 16:58 Lukas Vrabec [this message]
2019-04-26  0:04 ` New boolean for using bluetooth Russell Coker
2019-04-26  9:02 ` Jason Zaman
2019-04-26  9:23   ` Lukas Vrabec

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com \
    --to=lvrabec@redhat.com \
    --cc=selinux-refpolicy@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).