From mboxrd@z Thu Jan  1 00:00:00 1970
From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 6 Aug 2016 15:54:50 -0400
Subject: [refpolicy] [PATCH] policy for "mon" network monitoring
In-Reply-To: <201608031231.26961.russell@coker.com.au>
References: <20160731090959.fihe7ytiorwwfjno@athena.coker.com.au>
	<246b3e68-c54f-0454-97f1-8d8684f13d0c@ieee.org>
	<201608031231.26961.russell@coker.com.au>
Message-ID: <7c41ca85-990f-83de-ec09-50866d49c3f3@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/02/16 22:31, Russell Coker wrote:
> On Wed, 3 Aug 2016 10:25:57 AM Chris PeBenito wrote:
>>> We could consider setting up multiple domains for tests, for example one
>>> domain for talking to the Internet and another for local checks.  But I
>>
>> That would be a good thing to move towards as the network access on top
>> of sudo doesn't inspire me with much confidence.
>
> Well it's not nearly as bad as the daemons that have net access and
> capabilities like setuid.
>
>>> think that the current policy is good enough to be included at the moment
>>> and we can discuss changes later.
>>
>> The mon_test_t rules need some style cleanup, then I think we can look
>> at merging it with its current domain set.
>
> What type of style issues?

Minor.  Primarily the mon_test_t rules are one big block that needs to 
be broken up, grouped, and sorted in a similar way to the mon_t ones.

-- 
Chris PeBenito