* [refpolicy] services_hal.patch
@ 2010-08-26 21:19 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:19 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_hal.patch
Hal fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx22moACgkQrlYvE4MpobOJ3QCeMhRrmw3RCvZRVU2Bt0Ds4LiM
JYMAniHzsvGD08g+b0TTx0X8R6MPqR8y
=EXZD
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
@ 2010-02-23 20:15 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:15 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_hal.patch
Lots of random access for hal.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
2009-11-12 21:34 Daniel J Walsh
@ 2010-02-11 13:44 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2010-02-11 13:44 UTC (permalink / raw)
To: refpolicy
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_hal.patch
>
>New labels for hal
>new leaks for hal
Merged. Added the ftps ports to the ftp type rather than creating a new type.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
@ 2009-11-12 21:34 Daniel J Walsh
2010-02-11 13:44 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:34 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_hal.patch
New labels for hal
new leaks for hal
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
2009-07-27 14:19 ` Christopher J. PeBenito
@ 2009-07-27 14:44 ` Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2009-07-27 14:44 UTC (permalink / raw)
To: refpolicy
On 07/27/2009 10:19 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-06-08 at 20:37 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_hal.patch
>>
>> Add policy for hal-dccm
>>
>> Lots of new interfaces
>>
>> Manages dos/fusefs files
>
> Why?
I would guess it opens files/directories for read/write. Perhaps some kind of config file.
>
>> Starts dhcpc
>>
>> Interfacts with ppp and uses policykit
>>
>>
>>
>> Hald acl gets and sets fixed disk attributes
>>
>
> Renamed hal_create_log() to hal_manage_log() to match up the permissions
> allowed.
>
> ########################################
> ## <summary>
> +## Allo read/write to a hal unix datagram socket.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`hal_rw_dgram_sockets',`
> + gen_require(`
> + type hald_t;
> + ')
> +
> + dontaudit $1 hald_t:unix_dgram_socket { read write };
> +')
> +
>
> Is this supposed to be allow or dontaudit? the interface name and
> implementation conflict.
>
I would say it is supposed to be dontaudit, since it looks like a leak.
> Otherwise merged.
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
2009-06-09 0:37 Daniel J Walsh
@ 2009-07-27 14:19 ` Christopher J. PeBenito
2009-07-27 14:44 ` Daniel J Walsh
0 siblings, 1 reply; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-07-27 14:19 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-06-08 at 20:37 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_hal.patch
>
> Add policy for hal-dccm
>
> Lots of new interfaces
>
> Manages dos/fusefs files
Why?
> Starts dhcpc
>
> Interfacts with ppp and uses policykit
>
>
>
> Hald acl gets and sets fixed disk attributes
>
Renamed hal_create_log() to hal_manage_log() to match up the permissions
allowed.
########################################
## <summary>
+## Allo read/write to a hal unix datagram socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`hal_rw_dgram_sockets',`
+ gen_require(`
+ type hald_t;
+ ')
+
+ dontaudit $1 hald_t:unix_dgram_socket { read write };
+')
+
Is this supposed to be allow or dontaudit? the interface name and
implementation conflict.
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
@ 2009-06-09 0:37 Daniel J Walsh
2009-07-27 14:19 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-06-09 0:37 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_hal.patch
Add policy for hal-dccm
Lots of new interfaces
Manages dos/fusefs files
Starts dhcpc
Interfacts with ppp and uses policykit
Hald acl gets and sets fixed disk attributes
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
@ 2009-03-24 13:36 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2009-03-24 13:36 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_hal.patch
Lots of new privs for hal
Many interfaces added for confined domains.
Added policy for dccm
hald needs to mount dos file systems (usb devices)
hal can start network
uses polkit
hald_mac sends syslog messages needs sys_admin
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
2008-10-14 20:36 Daniel J Walsh
@ 2008-11-19 15:35 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2008-11-19 15:35 UTC (permalink / raw)
To: refpolicy
On Tue, 2008-10-14 at 15:36 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_hal.patch
>
> Additioinal labels for hald_mac
>
> Label log files
>
> Add hald_log and hald_var_run
>
> Use policykit
>
>
> acl sends syslog
>
> mac writes to log files
> sonypic writes to log files
> keymap writes to log files
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_hal.patch
@ 2008-10-14 20:36 Daniel J Walsh
2008-11-19 15:35 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:36 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_hal.patch
Additioinal labels for hald_mac
Label log files
Add hald_log and hald_var_run
Use policykit
acl sends syslog
mac writes to log files
sonypic writes to log files
keymap writes to log files
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj1AtUACgkQrlYvE4MpobOO5wCdHi+IUWrva4C4Fh3W0yNgBLfu
9XcAn2FwLbOrYCyUwcpEyXQpEuIrWGnK
=94SB
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-08-26 21:19 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-26 21:19 [refpolicy] services_hal.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 20:15 Daniel J Walsh
2009-11-12 21:34 Daniel J Walsh
2010-02-11 13:44 ` Christopher J. PeBenito
2009-06-09 0:37 Daniel J Walsh
2009-07-27 14:19 ` Christopher J. PeBenito
2009-07-27 14:44 ` Daniel J Walsh
2009-03-24 13:36 Daniel J Walsh
2008-10-14 20:36 Daniel J Walsh
2008-11-19 15:35 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.