All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] apps_seunshare.patch
@ 2009-08-28 20:16 Daniel J Walsh
  2009-09-28 19:55 ` Christopher J. PeBenito
  0 siblings, 1 reply; 7+ messages in thread
From: Daniel J Walsh @ 2009-08-28 20:16 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/apps_seunshare.patch

New setuid helper app to be used with sandbox -X.  uses namespace to replace $HOME and /tmp with files a sandbox can write too.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] apps_seunshare.patch
  2009-08-28 20:16 [refpolicy] apps_seunshare.patch Daniel J Walsh
@ 2009-09-28 19:55 ` Christopher J. PeBenito
  0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-09-28 19:55 UTC (permalink / raw)
  To: refpolicy

On Fri, 2009-08-28 at 16:16 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/apps_seunshare.patch
> 
> New setuid helper app to be used with sandbox -X.  uses namespace to
> replace $HOME and /tmp with files a sandbox can write too.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] apps_seunshare.patch
@ 2010-08-26 22:42 Daniel J Walsh
  0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:42 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_seunshare.patch

seunshare needs to be a template so you can run a sandbox in your own
domain.

Lots of fixes for sandboxes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx27ewACgkQrlYvE4MpobNFWACgsw6Z0PJ8XnJ5nf9iOJj/E/yA
nsMAn3qiJ/ZAMwqUEDr6OsWrWVLhQB+Y
=GKnz
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] apps_seunshare.patch
@ 2010-06-02 20:13 Daniel J Walsh
  0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-06-02 20:13 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_seunshare.patch

seunshare policy needs to be enhanced for use with sandbox.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] apps_seunshare.patch
@ 2010-02-23 21:32 Daniel J Walsh
  0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:32 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F13/apps_seunshare.patch

Added seunshare_role_template so that staff_t can use seunshare and stay 
in staff_t domain.

Allows level change using seunshare

dontaudit leaks

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] apps_seunshare.patch
  2009-11-12 20:54 Daniel J Walsh
@ 2009-12-01 15:32 ` Christopher J. PeBenito
  0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-12-01 15:32 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-11-12 at 15:54 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/apps_seunshare.patch
> 
> Fixes for seunshare policy
> 
> seunshare needs to be killable by calling apps
> 
> Since it is called by firefox and freinds lots of leaks need to be
> dontaudited
> 
> seunshare needs setuid, dav_override and sys_admin to mount /home
> and /tmp
> 
> sends syslog messages
> 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] apps_seunshare.patch
@ 2009-11-12 20:54 Daniel J Walsh
  2009-12-01 15:32 ` Christopher J. PeBenito
  0 siblings, 1 reply; 7+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:54 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/apps_seunshare.patch

Fixes for seunshare policy

seunshare needs to be killable by calling apps

Since it is called by firefox and freinds lots of leaks need to be dontaudited

seunshare needs setuid, dav_override and sys_admin to mount /home and /tmp

sends syslog messages

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-08-26 22:42 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-08-28 20:16 [refpolicy] apps_seunshare.patch Daniel J Walsh
2009-09-28 19:55 ` Christopher J. PeBenito
2009-11-12 20:54 Daniel J Walsh
2009-12-01 15:32 ` Christopher J. PeBenito
2010-02-23 21:32 Daniel J Walsh
2010-06-02 20:13 Daniel J Walsh
2010-08-26 22:42 Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.