On 09/26/2015 09:05 PM, Alec Leamas wrote:
On 21/09/15 19:39, Alec Leamas wrote:
On 21/09/15 18:59, Miroslav Grepl wrote:
On 09/21/2015 02:13 PM, Daniel J Walsh wrote:
Adding Miroslav Grepl, current maintainer of selinux-policy in RHEL, Fedora, Centos.
Miroslav I guess it looks like we are not shipping licrd.pp
About what system are we talking?
We definitely ship lircd in Fedora/RHEL.
# semodule -l |grep lircd lircd
https://github.com/fedora-selinux/selinux-policy/blob/f23-contrib/lircd.te
So if you see some issues and you use Fedora/RHEL, please open a new bug or a new pull request against
Hm... for the lircd module I think I now understand why it exists. It's defined in for kernel and describes permissions for the /dev/lirc[0-9] devices, defining the type *lirc_device_t*. All this looks fine.
However, I think the kernel module name lircd is, well, "not ideal". lircd is a user space daemon which basically isn't related to the kernel devices in any specific way (although it is the primary user of this interface). IMHO, the kernel selinux module should be named lirc, leaving the *lircd* name open for the lircd user space daemon.
If it's complicated to change the kernel module name, we need a new name for the lircd user-space daemon selinux module. It should _not_ be the same as the kernel stuff since they are unrelated.
That makes sense. lircd is not a correct module name. The problem is we would need to rename all lircd interfaces and mark them as deprecated. But it is possible. Could you please open a new bug against selinux-policy component where we could discuss it also with upstream folks.
Thank you.
Thoughts?
Cheers!
--alec