All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] admin_netutils.patch
@ 2009-03-05 15:53 Daniel J Walsh
  2009-03-10 19:57 ` Christopher J. PeBenito
  2009-03-10 19:57 ` Christopher J. PeBenito
  0 siblings, 2 replies; 13+ messages in thread
From: Daniel J Walsh @ 2009-03-05 15:53 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_netutils.patch

ping looks at system state, tends to have it stdout redirected to log
files and pipes.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmv9YAACgkQrlYvE4MpobMT7QCg4oGKGwROQGU81BX+qK7HtRGh
a/0AmwTK85fsiyHcNawZOgTK8Py+NwAe
=cT1e
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
  2009-03-05 15:53 [refpolicy] admin_netutils.patch Daniel J Walsh
@ 2009-03-10 19:57 ` Christopher J. PeBenito
  2009-03-10 19:57 ` Christopher J. PeBenito
  1 sibling, 0 replies; 13+ messages in thread
From: Christopher J. PeBenito @ 2009-03-10 19:57 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-03-05 at 11:53 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_netutils.patch
> 
> ping looks at system state, tends to have it stdout redirected to log
> files and pipes.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
  2009-03-05 15:53 [refpolicy] admin_netutils.patch Daniel J Walsh
  2009-03-10 19:57 ` Christopher J. PeBenito
@ 2009-03-10 19:57 ` Christopher J. PeBenito
  1 sibling, 0 replies; 13+ messages in thread
From: Christopher J. PeBenito @ 2009-03-10 19:57 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-03-05 at 11:53 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_netutils.patch
> 
> ping looks at system state, tends to have it stdout redirected to log
> files and pipes.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
@ 2010-08-26 20:34 Daniel J Walsh
  0 siblings, 0 replies; 13+ messages in thread
From: Daniel J Walsh @ 2010-08-26 20:34 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch

Fix user_ping boolean.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx2z8AACgkQrlYvE4MpobNB9wCeLwKT39mFbfQRcBCoI71AM9kq
0/sAnjfKcFQz7GtAtzkeufTqPXQp0Nzr
=dwAQ
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
  2010-06-17 14:17 ` Christopher J. PeBenito
@ 2010-06-17 17:47   ` Daniel J Walsh
  0 siblings, 0 replies; 13+ messages in thread
From: Daniel J Walsh @ 2010-06-17 17:47 UTC (permalink / raw)
  To: refpolicy

On 06/17/2010 10:17 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 15:49 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch
>>
>> ping gets leaked log descriptor from nagios.
>>
>> Label send_arp as ping_exec_t
>
> Merged.
>
>> Everyone wants to talk to terminals.
>
> Which terminals?  Its already allowed to use user terminals.  Also, the
> user_ping tunable isn't necessary since it can already unconditionally
> use user terminals; that part of the change is a reversal.
>
if ping is executed from a daemon or a dbus service, it will use a 
tty_device_t, for example.

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
  2010-06-02 19:49 Daniel J Walsh
@ 2010-06-17 14:17 ` Christopher J. PeBenito
  2010-06-17 17:47   ` Daniel J Walsh
  0 siblings, 1 reply; 13+ messages in thread
From: Christopher J. PeBenito @ 2010-06-17 14:17 UTC (permalink / raw)
  To: refpolicy

On Wed, 2010-06-02 at 15:49 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch
> 
> ping gets leaked log descriptor from nagios.
> 
> Label send_arp as ping_exec_t

Merged.

> Everyone wants to talk to terminals.

Which terminals?  Its already allowed to use user terminals.  Also, the
user_ping tunable isn't necessary since it can already unconditionally
use user terminals; that part of the change is a reversal.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
@ 2010-06-02 19:49 Daniel J Walsh
  2010-06-17 14:17 ` Christopher J. PeBenito
  0 siblings, 1 reply; 13+ messages in thread
From: Daniel J Walsh @ 2010-06-02 19:49 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_netutils.patch

ping gets leaked log descriptor from nagios.

Label send_arp as ping_exec_t


Everyone wants to talk to terminals.

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
@ 2010-02-23 19:09 Daniel J Walsh
  0 siblings, 0 replies; 13+ messages in thread
From: Daniel J Walsh @ 2010-02-23 19:09 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F13/admin_netutils.patch

netutils creates default sockets
dontaudit use of console by netutils

ping and traceroute use tty

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
@ 2009-11-12 20:31 Daniel J Walsh
  0 siblings, 0 replies; 13+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:31 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_netutils.patch\

netutils creates a "socket" 

And attempts to use console on zseries.

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
  2009-05-21 14:12 Daniel J Walsh
@ 2009-06-11 15:39 ` Christopher J. PeBenito
  0 siblings, 0 replies; 13+ messages in thread
From: Christopher J. PeBenito @ 2009-06-11 15:39 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-05-21 at 10:12 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_netutils.patch

Merged.

> netutils needs to read all kernel sysctls

I moved this part into the hide_broken_symptoms.

> nagios is leaking file descriptors, probably from http.



-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
@ 2009-05-21 14:12 Daniel J Walsh
  2009-06-11 15:39 ` Christopher J. PeBenito
  0 siblings, 1 reply; 13+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:12 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_netutils.patch

netutils needs to read all kernel sysctls

nagios is leaking file descriptors, probably from http.

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
  2008-10-10 21:12 Daniel J Walsh
@ 2008-10-13 15:10 ` Christopher J. PeBenito
  0 siblings, 0 replies; 13+ messages in thread
From: Christopher J. PeBenito @ 2008-10-13 15:10 UTC (permalink / raw)
  To: refpolicy

On Fri, 2008-10-10 at 17:12 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_netutils.patch
> 
> netutils, traceroute, ping,  uses getpw* needs auth_use_nsswitch
> 
> netutils reads sysctl
> 
> netutils appends to vmware log
> 
> Ping create a netlink_route_socket
> 
> ping needs to be able to raw bind to all nodes
> 
> traceroute reads the routing table.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 13+ messages in thread
* [refpolicy] admin_netutils.patch
@ 2008-10-10 21:12 Daniel J Walsh
  2008-10-13 15:10 ` Christopher J. PeBenito
  0 siblings, 1 reply; 13+ messages in thread
From: Daniel J Walsh @ 2008-10-10 21:12 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_netutils.patch

netutils, traceroute, ping,  uses getpw* needs auth_use_nsswitch

netutils reads sysctl

netutils appends to vmware log

Ping create a netlink_route_socket

ping needs to be able to raw bind to all nodes

traceroute reads the routing table.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjvxUQACgkQrlYvE4MpobPTvwCfSfC4Eby1FcyNg9fbxNNhONl8
efwAoJqZePvaNwku0CMwU7WYrwaSU7G7
=+t60
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 13+ messages in thread
end of thread, other threads:[~2010-08-26 20:34 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-05 15:53 [refpolicy] admin_netutils.patch Daniel J Walsh
2009-03-10 19:57 ` Christopher J. PeBenito
2009-03-10 19:57 ` Christopher J. PeBenito
  -- strict thread matches above, loose matches on Subject: below --
2010-08-26 20:34 Daniel J Walsh
2010-06-02 19:49 Daniel J Walsh
2010-06-17 14:17 ` Christopher J. PeBenito
2010-06-17 17:47   ` Daniel J Walsh
2010-02-23 19:09 Daniel J Walsh
2009-11-12 20:31 Daniel J Walsh
2009-05-21 14:12 Daniel J Walsh
2009-06-11 15:39 ` Christopher J. PeBenito
2008-10-10 21:12 Daniel J Walsh
2008-10-13 15:10 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.