All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] admin_usermanage.patch
@ 2009-03-05 16:01 Daniel J Walsh
  2009-03-19 18:21 ` Christopher J. PeBenito
  0 siblings, 1 reply; 9+ messages in thread
From: Daniel J Walsh @ 2009-03-05 16:01 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_usermanage.patch


Multiple fixes to passwd and usermanage.

smbd_t sends sigkill to passwd_t

Any confined domain that transitions to another confined domain and can
use run from a user role needs to add the run domain_run command for
other domains, in it's _run function to set up RBAC correctly.

Samba domain controller uses useradd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmv92MACgkQrlYvE4MpobM2+ACaAhkDLeQc8Hi3kX/STjDGl7E1
gOEAoOlSjBRJcuSFr5lFmAolzc+ltUnA
=quyS
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
  2009-03-05 16:01 [refpolicy] admin_usermanage.patch Daniel J Walsh
@ 2009-03-19 18:21 ` Christopher J. PeBenito
  0 siblings, 0 replies; 9+ messages in thread
From: Christopher J. PeBenito @ 2009-03-19 18:21 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-03-05 at 12:01 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_usermanage.patch
> 
> 
> Multiple fixes to passwd and usermanage.
> 
> smbd_t sends sigkill to passwd_t
> 
> Any confined domain that transitions to another confined domain and
> can
> use run from a user role needs to add the run domain_run command for
> other domains, in it's _run function to set up RBAC correctly.
> 
> Samba domain controller uses useradd

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
  2010-06-02 19:59 Daniel J Walsh
@ 2010-07-06 14:24 ` Christopher J. PeBenito
  0 siblings, 0 replies; 9+ messages in thread
From: Christopher J. PeBenito @ 2010-07-06 14:24 UTC (permalink / raw)
  To: refpolicy

On 06/02/10 15:59, Daniel J Walsh wrote:
> Broken leaks of sockets
>
> useradd runs semanage for -Z.
>
> passwd_t needs sys_nice
>
> useradd run within a samba_controler needs to append to the samba log.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
@ 2010-06-02 19:59 Daniel J Walsh
  2010-07-06 14:24 ` Christopher J. PeBenito
  0 siblings, 1 reply; 9+ messages in thread
From: Daniel J Walsh @ 2010-06-02 19:59 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_usermanage.patch

Broken leaks of sockets

useradd runs semanage for -Z.

passwd_t needs sys_nice

useradd run within a samba_controler needs to append to the samba log.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
@ 2009-11-12 20:39 Daniel J Walsh
  0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:39 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_usermanage.patch

Lots of fixes for usermanagement mainly around implementing /etc/skel routines.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
  2009-08-28 19:52 Daniel J Walsh
@ 2009-09-10 12:42 ` Christopher J. PeBenito
  0 siblings, 0 replies; 9+ messages in thread
From: Christopher J. PeBenito @ 2009-09-10 12:42 UTC (permalink / raw)
  To: refpolicy

On Fri, 2009-08-28 at 15:52 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_usermanage.patch
> 
> useradd transitions to semanage
> 
> Needs to be able to create any file in the users homedir
> 
> groupadd reads /usr/tmp for some reason.
> 
> useradd and groupadd are not running checkpwd?

Some of your confusion is due to this patch reversing commit
02e594d5dcfa7a91a62fa56c81b510c19bde618a

> When samba_domain_controller is running useradd output is appended to
> samba log files.



-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
@ 2009-08-28 19:52 Daniel J Walsh
  2009-09-10 12:42 ` Christopher J. PeBenito
  0 siblings, 1 reply; 9+ messages in thread
From: Daniel J Walsh @ 2009-08-28 19:52 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_usermanage.patch

useradd transitions to semanage

Needs to be able to create any file in the users homedir

groupadd reads /usr/tmp for some reason.

useradd and groupadd are not running checkpwd?

When samba_domain_controller is running useradd output is appended to samba log files.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
@ 2009-05-21 14:32 Daniel J Walsh
  0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:32 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_usermanage.patch

If you turn on samba_domain_controller useradd stdout is set to a samba 
log file.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [refpolicy] admin_usermanage.patch
@ 2009-03-20 17:01 Daniel J Walsh
  0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2009-03-20 17:01 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_usermanage.patch


passwd being changed via gui has output reset to user domain stream.

Samba_domain_controller redirects useradd output to its log files.

^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2010-07-06 14:24 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-05 16:01 [refpolicy] admin_usermanage.patch Daniel J Walsh
2009-03-19 18:21 ` Christopher J. PeBenito
2009-03-20 17:01 Daniel J Walsh
2009-05-21 14:32 Daniel J Walsh
2009-08-28 19:52 Daniel J Walsh
2009-09-10 12:42 ` Christopher J. PeBenito
2009-11-12 20:39 Daniel J Walsh
2010-06-02 19:59 Daniel J Walsh
2010-07-06 14:24 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.