SELinux-Refpolicy Archive on lore.kernel.org
 help / Atom feed
From: Lukas Vrabec <lvrabec@redhat.com>
To: selinux-refpolicy@vger.kernel.org
Subject: New boolean for using bluetooth
Date: Thu, 25 Apr 2019 18:58:27 +0200
Message-ID: <87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com> (raw)

[-- Attachment #1.1: Type: text/plain, Size: 914 bytes --]

Hi All,

I added new SELinux boolean[1][2] to Fedora SELinux policy called
deny_bluetooth.

I would like to push it also to refpolicy, however, refpolicy is not
using bluetooth_socket at all, it's defined in policy but not used by
any SELinux domain. Can I create patch also with adding these rules from
Fedora policy? And also, for some reason my colleagues didn't follow
name conventions of global booleans with refpolicy (I didn't find any
deny_* boolean in refpolicy). So if it make sense to add these kind of
boolean also to refpolicy, should I defined it as allow_bluetooth ?

[1]https://github.com/fedora-selinux/selinux-policy/commit/54c05f2645a660c545ec406558b42687df2552a7
[2]
https://github.com/fedora-selinux/selinux-policy-contrib/commit/5a0561d7b67ae8403d4e1a44acfc8db40ee269a5

Thanks,
Lukas.

-- 
Lukas Vrabec
Senior Software Engineer, Security Technologies
Red Hat, Inc.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

             reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-25 16:58 Lukas Vrabec [this message]
2019-04-26  0:04 ` Russell Coker
2019-04-26  9:02 ` Jason Zaman
2019-04-26  9:23   ` Lukas Vrabec

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com \
    --to=lvrabec@redhat.com \
    --cc=selinux-refpolicy@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

SELinux-Refpolicy Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \
		selinux-refpolicy@vger.kernel.org selinux-refpolicy@archiver.kernel.org
	public-inbox-index selinux-refpolicy


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy


AGPL code for this site: git clone https://public-inbox.org/ public-inbox