* [refpolicy] kernel_corecommands.patch
@ 2009-03-04 21:28 Daniel J Walsh
2009-03-05 15:06 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Daniel J Walsh @ 2009-03-04 21:28 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
Additional labels
Change some labels in /etc/selinux/network-scripts so that
network-manager can manage them
bin_t scattered all over the file system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmu8pIACgkQrlYvE4MpobNjrgCfVYiVAxt+FNg0F14KLalotRh/
8JsAn1ppdPffD5n/dt0Q9E4EZuMYoyWc
=1mpe
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2009-03-04 21:28 [refpolicy] kernel_corecommands.patch Daniel J Walsh
@ 2009-03-05 15:06 ` Christopher J. PeBenito
0 siblings, 0 replies; 15+ messages in thread
From: Christopher J. PeBenito @ 2009-03-05 15:06 UTC (permalink / raw)
To: refpolicy
On Wed, 2009-03-04 at 16:28 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
>
> Additional labels
>
> Change some labels in /etc/selinux/network-scripts so that
> network-manager can manage them
>
> bin_t scattered all over the file system
Merged. I think we should clean up some more redhat-specific entries,
like /etc/sysconfig/*, and move them into distro_redhat's.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
@ 2010-08-26 22:45 Daniel J Walsh
0 siblings, 0 replies; 15+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:45 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_corecommands.patch
Lots of bin_t files
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEUEARECAAYFAkx27okACgkQrlYvE4MpobMj3gCXZpKfw5azjGCJOx/0BNf8Lzua
NACfR2vwdLfOX1bcxosu5hYl/CH9bEA=
=hFHF
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2010-06-02 20:18 Daniel J Walsh
@ 2010-06-07 13:04 ` Christopher J. PeBenito
0 siblings, 0 replies; 15+ messages in thread
From: Christopher J. PeBenito @ 2010-06-07 13:04 UTC (permalink / raw)
To: refpolicy
On Wed, 2010-06-02 at 16:18 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_corecommands.patch
>
> Lots of new places to stick bin_t files
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
@ 2010-06-02 20:18 Daniel J Walsh
2010-06-07 13:04 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Daniel J Walsh @ 2010-06-02 20:18 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_corecommands.patch
Lots of new places to stick bin_t files
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2010-02-23 21:33 Daniel J Walsh
@ 2010-03-05 15:54 ` Christopher J. PeBenito
0 siblings, 0 replies; 15+ messages in thread
From: Christopher J. PeBenito @ 2010-03-05 15:54 UTC (permalink / raw)
To: refpolicy
On Tue, 2010-02-23 at 16:33 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_corecommands.patch
>
> Lots of places need to be labeled bin_t
>
> +corecmd_read_all_executables(abrt_t)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
@ 2010-02-23 21:33 Daniel J Walsh
2010-03-05 15:54 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:33 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_corecommands.patch
Lots of places need to be labeled bin_t
+corecmd_read_all_executables(abrt_t)
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2009-11-12 20:57 Daniel J Walsh
@ 2009-11-23 18:47 ` Christopher J. PeBenito
0 siblings, 0 replies; 15+ messages in thread
From: Christopher J. PeBenito @ 2009-11-23 18:47 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 15:57 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_corecommands.patch
>
> Lots of new places to hide binaries.
>
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
@ 2009-11-12 20:57 Daniel J Walsh
2009-11-23 18:47 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:57 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_corecommands.patch
Lots of new places to hide binaries.
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2009-05-21 15:13 Daniel J Walsh
@ 2009-06-11 15:39 ` Christopher J. PeBenito
0 siblings, 0 replies; 15+ messages in thread
From: Christopher J. PeBenito @ 2009-06-11 15:39 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-05-21 at 11:13 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
>
> Lots of nice new locations for binaries.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
@ 2009-05-21 15:13 Daniel J Walsh
2009-06-11 15:39 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Daniel J Walsh @ 2009-05-21 15:13 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
Lots of nice new locations for binaries.
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2008-12-06 13:00 ` Martin Orr
@ 2008-12-09 13:43 ` Daniel J Walsh
0 siblings, 0 replies; 15+ messages in thread
From: Daniel J Walsh @ 2008-12-09 13:43 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Orr wrote:
> On 02/12/08 22:51, Christopher J. PeBenito wrote:
>> On Tue, 2008-11-25 at 16:35 -0500, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
>>>
>>> Add bin_t for ConsoleKit scripts
>> Merged, with some rearrangement.
>
> It is not clear to me - why should these be labelled as bin_t instead of
> consolekit_exec_t? Are they run by anything other than consolekit?
>
> Best wishes,
>
not currently, but we do not always label all binaries with a context
that can cause a transition. And theoretically these scripts could be
used by another application. Just because a script is labeled bin_t and
can be executed by a confined domain, does not mean it adds any privs to
the confined domain. bin_t apps will execute in the current domain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk+dfYACgkQrlYvE4MpobOefACfUaDejpp4pNWIVfF8CkID3in4
72wAnRJbvS4BZoUiINyDFr2lfdhIoXqN
=xek3
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2008-12-02 22:51 ` Christopher J. PeBenito
@ 2008-12-06 13:00 ` Martin Orr
2008-12-09 13:43 ` Daniel J Walsh
0 siblings, 1 reply; 15+ messages in thread
From: Martin Orr @ 2008-12-06 13:00 UTC (permalink / raw)
To: refpolicy
On 02/12/08 22:51, Christopher J. PeBenito wrote:
> On Tue, 2008-11-25 at 16:35 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
>>
>> Add bin_t for ConsoleKit scripts
>
> Merged, with some rearrangement.
It is not clear to me - why should these be labelled as bin_t instead of
consolekit_exec_t? Are they run by anything other than consolekit?
Best wishes,
--
Martin Orr
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
2008-11-25 21:35 Daniel J Walsh
@ 2008-12-02 22:51 ` Christopher J. PeBenito
2008-12-06 13:00 ` Martin Orr
0 siblings, 1 reply; 15+ messages in thread
From: Christopher J. PeBenito @ 2008-12-02 22:51 UTC (permalink / raw)
To: refpolicy
On Tue, 2008-11-25 at 16:35 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
>
> Add bin_t for several cups binaries.
>
> Move some for Brother to a higher level
>
> Add bin_t for ConsoleKit scripts
Merged, with some rearrangement.
> Add bin_t for pam_krb5_storegtmp
Conflicts with pam_exec_t labeling.
> Add sys_chroot capability to corecmd_exec_chroot interface
While I agree in principle, I would want to remove it from unprivileged
users.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] kernel_corecommands.patch
@ 2008-11-25 21:35 Daniel J Walsh
2008-12-02 22:51 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Daniel J Walsh @ 2008-11-25 21:35 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_corecommands.patch
Add bin_t for several cups binaries.
Move some for Brother to a higher level
Add bin_t for ConsoleKit scripts
Add bin_t for pam_krb5_storegtmp
Add sys_chroot capability to corecmd_exec_chroot interface
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkksb5IACgkQrlYvE4MpobMgBACghZEE/FYb8aLrluhmayh9Z5Rd
juoAn2vQnHJQcL5WeToZhzdyD2e+19Zx
=tc/L
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2010-08-26 22:45 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-04 21:28 [refpolicy] kernel_corecommands.patch Daniel J Walsh
2009-03-05 15:06 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 22:45 Daniel J Walsh
2010-06-02 20:18 Daniel J Walsh
2010-06-07 13:04 ` Christopher J. PeBenito
2010-02-23 21:33 Daniel J Walsh
2010-03-05 15:54 ` Christopher J. PeBenito
2009-11-12 20:57 Daniel J Walsh
2009-11-23 18:47 ` Christopher J. PeBenito
2009-05-21 15:13 Daniel J Walsh
2009-06-11 15:39 ` Christopher J. PeBenito
2008-11-25 21:35 Daniel J Walsh
2008-12-02 22:51 ` Christopher J. PeBenito
2008-12-06 13:00 ` Martin Orr
2008-12-09 13:43 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.