All of lore.kernel.org
 help / color / mirror / Atom feed
* CIL: question with regard to CIL ioctl filtering support and neverallow
@ 2015-11-13 15:28 Dominick Grift
  2015-11-13 15:40 ` Steve Lawrence
  0 siblings, 1 reply; 2+ messages in thread
From: Dominick Grift @ 2015-11-13 15:28 UTC (permalink / raw)
  To: selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


This commit added iotctl whitelisting support to CIL:
https://github.com/SELinuxProject/selinux/commit/ef93dfe0393c4a60483c3f7729dd98a2f886606a

then later CIL whitelisting was extended with neverallow support here:
https://github.com/SELinuxProject/selinux/commit/99fc177b5af4e1e8855d42d2d01cb93ac7f9d14b

would the CIL ioctl whitelisting support have to be extended with the
ioctl whitelisting neverallow support as well?


- -- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCgAGBQJWRgGZAAoJENAR6kfG5xmcZQQL/1ZzGHtKxJRYeyXn9rdrihG3
p5RgNiqNYrdlTHv2OF6E8YrTQ9pr6Qcg06x3aIMyewT3X/MekVN8B4Ren09oEqdR
50Oxw10/qPGSGglyU8o/jg+/gTUXHBUS3WYMIRtnTO0FkeZ+qEarF9FA/eNK1md+
AQ+ZLBVzXrU3Y386+AoBmi9MbE2YpVZ2D1O+3W4yssK15vsZatt3fTxs43K05rdX
9LrSPk2yl9RoICqWfPyvDPvgI3XCDynHktxs2mwuHkitnpAzWnKGPt1okaLVkrEu
lgLcum4aPHAGy+hBNCi+p7lVSa9+J4kCYCQ89Q1jno9Dj6mDt+SqECFMB/peeAN0
GCdotRhsf/lf1pi3fl0oS2UhUMOe6585ac0v/iPX+pEdJ7Tn/Kqqz4j78FSmpqbu
tO0RJa7v6+Ud5f5YiL84+ikzMe7DeVoeP1MM/laPBjB+Jg8/Lp9Bid9Iuk2yZjOd
xQBsvYuYowA8SfjNYafGAqfr477poW4L6lEPGdVVTg==
=JKo/
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: CIL: question with regard to CIL ioctl filtering support and neverallow
  2015-11-13 15:28 CIL: question with regard to CIL ioctl filtering support and neverallow Dominick Grift
@ 2015-11-13 15:40 ` Steve Lawrence
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Lawrence @ 2015-11-13 15:40 UTC (permalink / raw)
  To: selinux

On 11/13/2015 10:28 AM, Dominick Grift wrote:
> 
> This commit added iotctl whitelisting support to CIL:
> https://github.com/SELinuxProject/selinux/commit/ef93dfe0393c4a60483c3f7729dd98a2f886606a
> 
> then later CIL whitelisting was extended with neverallow support here:
> https://github.com/SELinuxProject/selinux/commit/99fc177b5af4e1e8855d42d2d01cb93ac7f9d14b
> 
> would the CIL ioctl whitelisting support have to be extended with the
> ioctl whitelisting neverallow support as well?

Yes, that is something we are working on. It should be upstreamed
sometime in the next couple of weeks.

- Steve

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-13 15:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-13 15:28 CIL: question with regard to CIL ioctl filtering support and neverallow Dominick Grift
2015-11-13 15:40 ` Steve Lawrence

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.