reassign 463835 leafnode
severity 463835 normal
user [EMAIL PROTECTED]
usertags 463835 selinux
thanks
Hi,
> permission for leafnode to be started. Since the people working on
> SELinux in Debian have decided to do all SELinux policy work outside of
> the relevant packages any issues like this should be directed to the
> SELinux intainers.
1. selinux-basics doesn't contain SELinux policy, but is a mere utility
package, and thus the bug is not related to it.
2. leafnode _could_ ship a SELinux policy module itself, this does not
need to be included with the regular policy package (it's just easier to
keep policy in sync with upstream by shipping all upstream-provided
policy in one package). Therefore, the correct address is upstream and
the maintainer of the leafnode package. Albeit they're encouraged to
submit their policy to SELinux upstream, for inclusion in the policy
repository.
I'm adding the SELinux tracking usertag, to keep track of this bug
report. Feel free to add a "help" tag, too.
P.S. audit2why is not really well-suited for automatically generating a
policy. In your case, it would treat leafnode as being part of the
inetd. I've never used audit2why, but you'd probably need to do some
file labeling first, then apply audit2why to the generated errors. You
should also use it in permissive mode first, because otherwise it can't
find all required privileges immediately; leafnode will probably quit
once it had the first access denials.
Using the INN policy as a starting point probably is a good idea.
They'll probably overlap a bit anyway (e.g. both access /var/spool/news
I guess?)
best regards,
Erich Schubert
--
erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_
The best things in life are free: Friendship and Love. //\
Jemanden zu lieben heißt glücklich zu sein, ihn glücklich zu sehen. V_/_
