From mboxrd@z Thu Jan  1 00:00:00 1970
From: russell@coker.com.au (Russell Coker)
Date: Wed, 3 Aug 2016 12:31:26 +1000
Subject: [refpolicy] [PATCH] policy for "mon" network monitoring
In-Reply-To: <246b3e68-c54f-0454-97f1-8d8684f13d0c@ieee.org>
References: <20160731090959.fihe7ytiorwwfjno@athena.coker.com.au>
	<246b3e68-c54f-0454-97f1-8d8684f13d0c@ieee.org>
Message-ID: <201608031231.26961.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 3 Aug 2016 10:25:57 AM Chris PeBenito wrote:
> > We could consider setting up multiple domains for tests, for example one
> > domain for talking to the Internet and another for local checks.  But I
> 
> That would be a good thing to move towards as the network access on top 
> of sudo doesn't inspire me with much confidence.

Well it's not nearly as bad as the daemons that have net access and 
capabilities like setuid.

> > think that the current policy is good enough to be included at the moment
> > and we can discuss changes later.
> 
> The mon_test_t rules need some style cleanup, then I think we can look 
> at merging it with its current domain set.

What type of style issues?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/