* [refpolicy] kernel_storage.patch
@ 2009-03-04 21:33 Daniel J Walsh
2009-03-05 16:12 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2009-03-04 21:33 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
Additonal file context
Allow management of fixed_disk_device_t chr_file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmu86YACgkQrlYvE4MpobNkUgCfQTTagZy4JCtoLM4/yCAFAq/t
P1gAoMt8zPO41q0BrQZXnZWmdDa32iJ/
=xZHs
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-03-04 21:33 [refpolicy] kernel_storage.patch Daniel J Walsh
@ 2009-03-05 16:12 ` Christopher J. PeBenito
2009-03-05 17:28 ` Daniel J Walsh
0 siblings, 1 reply; 23+ messages in thread
From: Christopher J. PeBenito @ 2009-03-05 16:12 UTC (permalink / raw)
To: refpolicy
On Wed, 2009-03-04 at 16:33 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
>
> Additonal file context
>
> Allow management of fixed_disk_device_t chr_file
Are you sure about the MLS change of the FUSE device to system low, from
system high?
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-03-05 16:12 ` Christopher J. PeBenito
@ 2009-03-05 17:28 ` Daniel J Walsh
2009-03-05 18:18 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2009-03-05 17:28 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Wed, 2009-03-04 at 16:33 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
>>
>> Additonal file context
>>
>> Allow management of fixed_disk_device_t chr_file
>
> Are you sure about the MLS change of the FUSE device to system low, from
> system high?
>
> Otherwise merged.
>
fuse file systems are mounted on users home directories by default in
F10/F11 so a MLS login as a user will only work if this is SystemLow.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmwC78ACgkQrlYvE4MpobOE1ACfUUhjqh5NEwdTvc/brUd7Lq+m
OHYAn0gq/dCrp14b3cUtkGuogza/qt/i
=gxs+
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-03-05 17:28 ` Daniel J Walsh
@ 2009-03-05 18:18 ` Christopher J. PeBenito
2009-03-05 19:17 ` Daniel J Walsh
0 siblings, 1 reply; 23+ messages in thread
From: Christopher J. PeBenito @ 2009-03-05 18:18 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-03-05 at 12:28 -0500, Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
> > On Wed, 2009-03-04 at 16:33 -0500, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
> >>
> >> Additonal file context
> >>
> >> Allow management of fixed_disk_device_t chr_file
> >
> > Are you sure about the MLS change of the FUSE device to system low, from
> > system high?
> >
> > Otherwise merged.
> >
> fuse file systems are mounted on users home directories by default in
> F10/F11 so a MLS login as a user will only work if this is SystemLow.
Can you describe more fully what the scenario is? I'm having trouble
seeing where the MLS issue is. It seems like mount should be able to
handle this fine.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-03-05 18:18 ` Christopher J. PeBenito
@ 2009-03-05 19:17 ` Daniel J Walsh
0 siblings, 0 replies; 23+ messages in thread
From: Daniel J Walsh @ 2009-03-05 19:17 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Thu, 2009-03-05 at 12:28 -0500, Daniel J Walsh wrote:
>> Christopher J. PeBenito wrote:
>>> On Wed, 2009-03-04 at 16:33 -0500, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
>>>>
>>>> Additonal file context
>>>>
>>>> Allow management of fixed_disk_device_t chr_file
>>> Are you sure about the MLS change of the FUSE device to system low, from
>>> system high?
>>>
>>> Otherwise merged.
>>>
>> fuse file systems are mounted on users home directories by default in
>> F10/F11 so a MLS login as a user will only work if this is SystemLow.
>
> Can you describe more fully what the scenario is? I'm having trouble
> seeing where the MLS issue is. It seems like mount should be able to
> handle this fine.
>
I am not logged in as MLS right now so, I can't regenerate. It could be
that some app during the login was not running ranged and could not
execute a ranged mount.
Hold off on the label, and I will see try MLS on my laptop again and see
if I can get more info.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmwJVUACgkQrlYvE4MpobPHBgCfShVtHRF3AhaUDLR/vPzH82TC
KCkAmwf16O5oxKiZvPBU+uRYhElOOdH8
=NYUV
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2010-08-26 23:20 Daniel J Walsh
0 siblings, 0 replies; 23+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:20 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_storage.patch
Add mknod to interface for creating fixed disk
Allow reading of fixed_disk link files
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx29qkACgkQrlYvE4MpobMQXACeJfDs4K/2nlGwXMyYWfMkUrkg
zWEAn0DcgjDEKmQAOZoKyV+EWgGN995J
=qxGH
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2010-06-02 20:26 Daniel J Walsh
2010-06-04 13:44 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2010-06-02 20:26 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_storage.patch
Add /dev/hwcdrom
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2010-02-23 19:36 Daniel J Walsh
2010-03-04 19:23 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2010-02-23 19:36 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_storage.patch
Add files context for /dev/etherd
Dontaudit attempts to relable lnk_files.
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2010-02-23 19:36 Daniel J Walsh
@ 2010-03-04 19:23 ` Christopher J. PeBenito
2010-03-05 16:05 ` Daniel J Walsh
2010-03-05 16:06 ` Daniel J Walsh
0 siblings, 2 replies; 23+ messages in thread
From: Christopher J. PeBenito @ 2010-03-04 19:23 UTC (permalink / raw)
To: refpolicy
On Tue, 2010-02-23 at 14:36 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_storage.patch
>
> Add files context for /dev/etherd
Merged.
> Dontaudit attempts to relable lnk_files.
Not so sure about this; it doesn't seem like it would be a general
problem, rather, a broken behavior of a particular program. Since
relabeling means there is some SELinux awareness, it shouldn't be tough
to track this down.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2010-03-04 19:23 ` Christopher J. PeBenito
@ 2010-03-05 16:05 ` Daniel J Walsh
2010-03-05 16:06 ` Daniel J Walsh
1 sibling, 0 replies; 23+ messages in thread
From: Daniel J Walsh @ 2010-03-05 16:05 UTC (permalink / raw)
To: refpolicy
On 03/04/2010 02:23 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 14:36 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_storage.patch
>>
>> Add files context for /dev/etherd
>>
> Merged.
>
>
>> Dontaudit attempts to relable lnk_files.
>>
> Not so sure about this; it doesn't seem like it would be a general
> problem, rather, a broken behavior of a particular program. Since
> relabeling means there is some SELinux awareness, it shouldn't be tough
> to track this down.
>
>
I think some of these are caused by the cp command.
./services/virt.te:storage_relabel_fixed_disk(virtd_t)
./system/lvm.te:storage_relabel_fixed_disk(clvmd_t)
./system/lvm.te:storage_relabel_fixed_disk(lvm_t)
If you execute cp -p it causes this AVC to happen when it tries to set
the context.
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2010-03-04 19:23 ` Christopher J. PeBenito
2010-03-05 16:05 ` Daniel J Walsh
@ 2010-03-05 16:06 ` Daniel J Walsh
2010-03-05 16:09 ` Christopher J. PeBenito
1 sibling, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2010-03-05 16:06 UTC (permalink / raw)
To: refpolicy
On 03/04/2010 02:23 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 14:36 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_storage.patch
>>
>> Add files context for /dev/etherd
>>
> Merged.
>
>
>> Dontaudit attempts to relable lnk_files.
>>
> Not so sure about this; it doesn't seem like it would be a general
> problem, rather, a broken behavior of a particular program. Since
> relabeling means there is some SELinux awareness, it shouldn't be tough
> to track this down.
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=525119
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2010-03-05 16:06 ` Daniel J Walsh
@ 2010-03-05 16:09 ` Christopher J. PeBenito
0 siblings, 0 replies; 23+ messages in thread
From: Christopher J. PeBenito @ 2010-03-05 16:09 UTC (permalink / raw)
To: refpolicy
On Fri, 2010-03-05 at 11:06 -0500, Daniel J Walsh wrote:
> On 03/04/2010 02:23 PM, Christopher J. PeBenito wrote:
> > On Tue, 2010-02-23 at 14:36 -0500, Daniel J Walsh wrote:
> >
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_storage.patch
> >>
> >> Add files context for /dev/etherd
> >>
> > Merged.
> >
> >
> >> Dontaudit attempts to relable lnk_files.
> >>
> > Not so sure about this; it doesn't seem like it would be a general
> > problem, rather, a broken behavior of a particular program. Since
> > relabeling means there is some SELinux awareness, it shouldn't be tough
> > to track this down.
> >
> >
> https://bugzilla.redhat.com/show_bug.cgi?id=525119
In the last comment, it says that the bug went away in F12, so it sounds
like that the dontaudit can be dropped.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2009-11-12 21:04 Daniel J Walsh
2009-11-19 14:03 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:04 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_storage.patch
add /dev/mtd*
Fix a couple of interfaces
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-11-12 21:04 Daniel J Walsh
@ 2009-11-19 14:03 ` Christopher J. PeBenito
2009-11-19 14:19 ` Daniel J Walsh
0 siblings, 1 reply; 23+ messages in thread
From: Christopher J. PeBenito @ 2009-11-19 14:03 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 16:04 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_storage.patch
>
> add /dev/mtd*
>
> Fix a couple of interfaces
I don't understand why there would be a relabelto fixed_disk_device_t.
That implies the program is SELinux-aware, so this sounds like a bug
somewhere else. Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-11-19 14:03 ` Christopher J. PeBenito
@ 2009-11-19 14:19 ` Daniel J Walsh
2009-11-19 14:51 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2009-11-19 14:19 UTC (permalink / raw)
To: refpolicy
On 11/19/2009 09:03 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 16:04 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_storage.patch
>>
>> add /dev/mtd*
>>
>> Fix a couple of interfaces
>
> I don't understand why there would be a relabelto fixed_disk_device_t.
> That implies the program is SELinux-aware, so this sounds like a bug
> somewhere else. Otherwise merged.
>
>
I believe the app is doing a mknod and then running restorecon which would cause this?
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
2009-11-19 14:19 ` Daniel J Walsh
@ 2009-11-19 14:51 ` Christopher J. PeBenito
0 siblings, 0 replies; 23+ messages in thread
From: Christopher J. PeBenito @ 2009-11-19 14:51 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-19 at 09:19 -0500, Daniel J Walsh wrote:
> On 11/19/2009 09:03 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-11-12 at 16:04 -0500, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_storage.patch
> >>
> >> add /dev/mtd*
> >>
> >> Fix a couple of interfaces
> >
> > I don't understand why there would be a relabelto fixed_disk_device_t.
> > That implies the program is SELinux-aware, so this sounds like a bug
> > somewhere else. Otherwise merged.
> >
> >
> I believe the app is doing a mknod and then running restorecon which would cause this?
But mknod would result in a device node, not a symlink, which is what is
being dontaudited for relabelto.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2009-05-21 15:28 Daniel J Walsh
2009-06-08 17:17 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2009-05-21 15:28 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
/dev/fuse should be s0 not mls_high
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2008-11-25 21:51 Daniel J Walsh
0 siblings, 0 replies; 23+ messages in thread
From: Daniel J Walsh @ 2008-11-25 21:51 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
rawctl has moved
+/dev/(raw/)?rawctl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkksc2cACgkQrlYvE4MpobNBxwCgzsAksfWF9hqMJOYc/mGiD4TY
0hAAnj9ct+R/oj/XQ+fhpz127M/Il2mX
=KHHg
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 23+ messages in thread
* [refpolicy] kernel_storage.patch
@ 2008-09-24 20:52 Daniel J Walsh
2008-10-06 17:31 ` Christopher J. PeBenito
0 siblings, 1 reply; 23+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:52 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/kernel_storage.patch
Add patch for /dev/mspblk.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjaqJEACgkQrlYvE4MpobPGFwCeJPs1xSHjAKOIROxS1WrbtAm0
uAEAn2tv8sDIbMvamC5z6fIaNDMz4qv0
=6lVt
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2010-08-26 23:20 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-04 21:33 [refpolicy] kernel_storage.patch Daniel J Walsh
2009-03-05 16:12 ` Christopher J. PeBenito
2009-03-05 17:28 ` Daniel J Walsh
2009-03-05 18:18 ` Christopher J. PeBenito
2009-03-05 19:17 ` Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 23:20 Daniel J Walsh
2010-06-02 20:26 Daniel J Walsh
2010-06-04 13:44 ` Christopher J. PeBenito
2010-02-23 19:36 Daniel J Walsh
2010-03-04 19:23 ` Christopher J. PeBenito
2010-03-05 16:05 ` Daniel J Walsh
2010-03-05 16:06 ` Daniel J Walsh
2010-03-05 16:09 ` Christopher J. PeBenito
2009-11-12 21:04 Daniel J Walsh
2009-11-19 14:03 ` Christopher J. PeBenito
2009-11-19 14:19 ` Daniel J Walsh
2009-11-19 14:51 ` Christopher J. PeBenito
2009-05-21 15:28 Daniel J Walsh
2009-06-08 17:17 ` Christopher J. PeBenito
2009-06-09 10:33 ` Daniel J Walsh
2008-11-25 21:51 Daniel J Walsh
2008-09-24 20:52 Daniel J Walsh
2008-10-06 17:31 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.