* [refpolicy] services_oddjob.patch
@ 2010-08-26 22:03 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:03 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_oddjob.patch
oddjob_mkhomedir moved
Can leak fifo file to shutdown.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx25MkACgkQrlYvE4MpobMMoACgxBPAC24Bsmu1SICb8et+kKGd
c2QAoMjq+0F/9uB+Phrka+B0NS38MVrl
=Vil6
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_oddjob.patch
@ 2010-02-23 20:30 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:30 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_oddjob.patch
Policy for oddjob_mkhomedir
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_oddjob.patch
@ 2009-11-12 21:47 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:47 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_oddjob.patch
Add domain_user_exemtion to oddjob interface to change user component.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_oddjob.patch
2009-06-09 0:54 Daniel J Walsh
@ 2009-07-27 14:52 ` Christopher J. PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-07-27 14:52 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-06-08 at 20:54 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_oddjob.patch
>
> Policy for mkhomedir on 64 bit platform.
>
> Needs user_execmption_target
> Lots of fixes for mkhomedir
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_oddjob.patch
@ 2009-06-09 0:54 Daniel J Walsh
2009-07-27 14:52 ` Christopher J. PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Daniel J Walsh @ 2009-06-09 0:54 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_oddjob.patch
Policy for mkhomedir on 64 bit platform.
Needs user_execmption_target
Lots of fixes for mkhomedir
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_oddjob.patch
@ 2009-03-05 16:49 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2009-03-05 16:49 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_oddjob.patch
If you run oddjob you need user_exemption.
mkhomedir needs obj_id_ exception to create files with the correct label.
oddjob_t needs to run ranged.
mkhomedir needs capabilities to create files with the right ownership
and label.
Calls getpw, reads system state sends syslog_msg
Uses SELinux to create homedir with the correct labels.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmwApMACgkQrlYvE4MpobPzfACgrVCVaWroLQNeyr3TelIdlsNI
PYAAoKy2CKbkLktp/SRUE+fiFCmU4HSb
=aUfg
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_oddjob.patch
@ 2008-10-14 20:12 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:12 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_oddjob.patch
Fix labeling on /usr/lib(64)?/oddjob/mkhomedir
Oddjob will change the user on behalf of the caller, so the caller needs
the + domain_user_exemption_target($1)
Add interface to run mkhomedir
Oddjob sets user and role
Needs to be run with all mcs range
mkhomedir needs chown fowner fsetid dac_override to create homedir
contents
Calls setfscreate to make sure things are labeled correctly
Reads kernel state and calls getpw so needs auth_use_nsswitch
Sends syslog messages
Validates file context
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj0/SIACgkQrlYvE4MpobPU1gCfY5/ihfa9K64Uk6xtBIwFTc0y
VQUAnRTrj4RGxwivjSEVrYuVpElEh9dh
=ztmK
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-08-26 22:03 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-26 22:03 [refpolicy] services_oddjob.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 20:30 Daniel J Walsh
2009-11-12 21:47 Daniel J Walsh
2009-06-09 0:54 Daniel J Walsh
2009-07-27 14:52 ` Christopher J. PeBenito
2009-03-05 16:49 Daniel J Walsh
2008-10-14 20:12 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.