* [refpolicy] flask_access_vectors.patch
@ 2009-03-03 21:50 Daniel J Walsh
2009-03-05 14:34 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-03-03 21:50 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/flask_access_vectors.patch
Please add
nlmsg_tty_audit
Needed for keystroke auditing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmtpiMACgkQrlYvE4MpobOXGgCfVOT3YEdgfHFScX9d9Ha5QWwA
K9wAnir2HxFy9THh6EsG4hWdKi9ciH+U
=QENE
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
2009-03-03 21:50 [refpolicy] flask_access_vectors.patch Daniel J Walsh
@ 2009-03-05 14:34 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-03-05 14:34 UTC (permalink / raw)
To: refpolicy
On Tue, 2009-03-03 at 16:50 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/flask_access_vectors.patch
>
> Please add
> nlmsg_tty_audit
>
> Needed for keystroke auditing.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
2009-11-12 20:55 Daniel J Walsh
@ 2009-11-19 13:52 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-11-19 13:52 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 15:55 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/flask_access_vectors.patch
>
> New access vector module_request used to indicate the app asked the
> kernel to load a module.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
@ 2009-11-12 20:55 Daniel J Walsh
2009-11-19 13:52 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:55 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/flask_access_vectors.patch
New access vector module_request used to indicate the app asked the kernel to load a module.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
[not found] ` <200810061710.53807.sgrubb@redhat.com>
@ 2008-10-08 19:49 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2008-10-08 19:49 UTC (permalink / raw)
To: refpolicy
On Mon, 2008-10-06 at 17:10 -0400, Steve Grubb wrote:
> On Monday 06 October 2008 03:52:11 pm Daniel J Walsh wrote:
> > Christopher J. PeBenito wrote:
> > > On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote:
> > >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors
> > >>.patch
> > >>
> > >> Add nlmsg_tty_audit for netlink_audit_socket.
> > >
> > > Is there a reference for this? I don't remember seeing anything on the
> > > main SELinux list.
> >
> > This comes from the new auditing keystroke patch to the kernel. Not sure
> > if this was talked about on selinux or just audit list.
> >
> > Added sgrubb since I am not sure he is on the refpolicy list.
>
> No I am not on that list. I sent a patch
>
> http://article.gmane.org/gmane.comp.security.selinux/6759
>
> a long time ago allowing better control of TTY audit because the alternative
> is to allow setting audit rules on processes that we only need to send tty
> info. So, this should reduce the capabilities required for some processes and
> keep the audit system better protected.
>
> This is a more detailed description of what the audit side is:
>
> https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html
>
> Everything is in place to use this except SE Linux policy.
So the permission is in Linus' tree? or James'?
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
2008-10-06 18:35 ` Christopher J. PeBenito
@ 2008-10-06 19:52 ` Daniel J Walsh
[not found] ` <200810061710.53807.sgrubb@redhat.com>
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2008-10-06 19:52 UTC (permalink / raw)
To: refpolicy
Christopher J. PeBenito wrote:
> On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors.patch
>>
>> Add nlmsg_tty_audit for netlink_audit_socket.
>
> Is there a reference for this? I don't remember seeing anything on the
> main SELinux list.
>
This comes from the new auditing keystroke patch to the kernel. Not sure
if this was talked about on selinux or just audit list.
Added sgrubb since I am not sure he is on the refpolicy list.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
2008-09-24 20:53 Daniel J Walsh
@ 2008-10-06 18:35 ` Christopher J. PeBenito
2008-10-06 19:52 ` Daniel J Walsh
0 siblings, 1 reply; 8+ messages in thread
From: Christopher J. PeBenito @ 2008-10-06 18:35 UTC (permalink / raw)
To: refpolicy
On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors.patch
>
> Add nlmsg_tty_audit for netlink_audit_socket.
Is there a reference for this? I don't remember seeing anything on the
main SELinux list.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch
@ 2008-09-24 20:53 Daniel J Walsh
2008-10-06 18:35 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:53 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors.patch
Add nlmsg_tty_audit for netlink_audit_socket.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjaqK4ACgkQrlYvE4MpobNKSgCeJNFJeI1zyEPptE2SFpob3g3N
jUIAnj85ztp+yVBuXQYpk/StiaSpi0Wt
=6GGK
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-11-19 13:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-03 21:50 [refpolicy] flask_access_vectors.patch Daniel J Walsh
2009-03-05 14:34 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2009-11-12 20:55 Daniel J Walsh
2009-11-19 13:52 ` Christopher J. PeBenito
2008-09-24 20:53 Daniel J Walsh
2008-10-06 18:35 ` Christopher J. PeBenito
2008-10-06 19:52 ` Daniel J Walsh
[not found] ` <200810061710.53807.sgrubb@redhat.com>
2008-10-08 19:49 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.