* New patches
@ 2013-04-03 13:06 Jeff Squyres (jsquyres)
0 siblings, 0 replies; 6+ messages in thread
From: Jeff Squyres (jsquyres) @ 2013-04-03 13:06 UTC (permalink / raw)
To: linux-rdma-u79uwXL29TY76Z2rM5mHXA
I'm about to send some patches for libibverbs and Roland's infiniband kernel git tree. The patches fit into two general categories:
1. Add enums for Cisco's Ethernet Virtual NIC (it's not an RNIC and therefore doesn't fit the RNIC/IWARP enums). Also add enums for 1500 and 9000 MTUs.
2. Minor modernization of the GNU Autotools usage in libibverbs.
--
Jeff Squyres
jsquyres-FYB4Gu1CFyUAvxtiuMwx3w@public.gmane.org
For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: New patches
2005-01-16 20:49 VeNoMouS
@ 2005-01-18 2:53 ` Rusty Russell
0 siblings, 0 replies; 6+ messages in thread
From: Rusty Russell @ 2005-01-18 2:53 UTC (permalink / raw)
To: VeNoMouS; +Cc: Netfilter development mailing list
On Mon, 2005-01-17 at 09:49 +1300, VeNoMouS wrote:
> Ive written a bidirectional matching patch and rewritten the quota
> patch to include packet header length as well into the quota these
> patches can be found at http://www.gen-x.co.nz/patches/ Ive included a
> patch for iptables-1.2.11 for the bidirectional match perhaps these
> can be entered into PoM?
OK, first step is to grab the latest subversion tree and patch against
that. Secondly, I'd suggest:
1) Rename to "bidir" since "bidirectional" is a little long,
2) Use a single structure, rather than separating into two.
3) Don't define "IP", use *flags = 1, and you don't need to check
for it anywhere else.
You might want to consider the merits of allow TCP/UDP ports, too. I
don't know if this is a good idea or even has clear semantics.
Cheers,
Rusty.
--
A bad analogy is like a leaky screwdriver -- Richard Braakman
^ permalink raw reply [flat|nested] 6+ messages in thread
* New patches
@ 2005-01-16 20:49 VeNoMouS
2005-01-18 2:53 ` Rusty Russell
0 siblings, 1 reply; 6+ messages in thread
From: VeNoMouS @ 2005-01-16 20:49 UTC (permalink / raw)
To: netfilter-devel
Ive written a bidirectional matching patch and rewritten the quota patch to include packet header length as well into the quota these patches can be found at http://www.gen-x.co.nz/patches/ Ive included a patch for iptables-1.2.11 for the bidirectional match perhaps these can be entered into PoM?
VeNoMouS.
^ permalink raw reply [flat|nested] 6+ messages in thread
* new patches
@ 2004-11-12 14:39 Ferenci Daniel
0 siblings, 0 replies; 6+ messages in thread
From: Ferenci Daniel @ 2004-11-12 14:39 UTC (permalink / raw)
To: linux-x25
Hi all x25 linux people,
I would like to contribute with some patches.
- hdlc_bridge patch - creates new hdlc stack and I found it usable for
hdlc sniffer (within 2 hdlc devices)
- x25_forward patch - extends capabilities of current x25 stack
stack is then able to forward
x25 packets which are not originated from local maschine or not roted to
local maschine
I found it usable with tap
devices forward traffic through maschine (x25 router)
- updated version of sethdlc.c
All this you can find at
http://www.dafe.net/x25/
Regards
Daniel Ferenci.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: New Patches
2004-10-14 3:25 ` New Patches Daniel J Walsh
@ 2004-10-15 15:14 ` James Carter
0 siblings, 0 replies; 6+ messages in thread
From: James Carter @ 2004-10-15 15:14 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SELinux
Merged.
On Wed, 2004-10-13 at 23:25, Daniel J Walsh wrote:
> Many changes to rlogin, ftpd.
>
> Fixes to arpwatch
>
> Fixed for removable_t
--
James Carter <jwcart2@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* New Patches
2004-10-13 20:18 ` howl James Carter
@ 2004-10-14 3:25 ` Daniel J Walsh
2004-10-15 15:14 ` James Carter
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2004-10-14 3:25 UTC (permalink / raw)
To: jwcart2; +Cc: Russell Coker, SELinux
[-- Attachment #1: Type: text/plain, Size: 73 bytes --]
Many changes to rlogin, ftpd.
Fixes to arpwatch
Fixed for removable_t
[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 19150 bytes --]
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.17.31/domains/program/crond.te
--- nsapolicy/domains/program/crond.te 2004-10-07 08:02:01.000000000 -0400
+++ policy-1.17.31/domains/program/crond.te 2004-10-13 23:15:03.823373511 -0400
@@ -203,3 +203,11 @@
r_dir_file(system_crond_t, file_context_t)
can_getsecurity(system_crond_t)
}
+allow system_crond_t removable_t:filesystem { getattr };
+#
+# Required for webalizer
+#
+ifdef(`apache.te', `
+allow system_crond_t httpd_log_t:file { getattr read };
+')
+dontaudit crond_t self:capability { sys_tty_config };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.17.31/domains/program/login.te
--- nsapolicy/domains/program/login.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/login.te 2004-10-13 23:15:03.824373398 -0400
@@ -130,6 +130,7 @@
can_ypbind($1_login_t)
allow $1_login_t mouse_device_t:chr_file { getattr setattr };
+dontaudit $1_login_t init_t:fd { use };
')dnl end login_domain macro
#################################
#
@@ -206,5 +207,5 @@
# Relabel ptys created by rlogind.
allow remote_login_t rlogind_devpts_t:chr_file { relabelfrom relabelto };
')
-allow remote_login_t ptyfile:chr_file { getattr relabelfrom relabelto };
-
+allow remote_login_t ptyfile:chr_file { getattr relabelfrom relabelto ioctl };
+allow remote_login_t fs_t:filesystem { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.17.31/domains/program/ssh.te
--- nsapolicy/domains/program/ssh.te 2004-10-09 21:06:13.000000000 -0400
+++ policy-1.17.31/domains/program/ssh.te 2004-10-13 23:15:03.824373398 -0400
@@ -241,3 +241,5 @@
allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms;
allow ssh_keygen_t sysadm_tty_device_t:chr_file { read write };
allow ssh_keygen_t urandom_device_t:chr_file { getattr read };
+dontaudit sshd_t local_login_t:fd { use };
+dontaudit sshd_t sysadm_tty_device_t:chr_file { read write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/syslogd.te policy-1.17.31/domains/program/syslogd.te
--- nsapolicy/domains/program/syslogd.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/syslogd.te 2004-10-13 23:15:03.825373285 -0400
@@ -94,4 +94,5 @@
# /initrd is not umounted before minilog starts
#
dontaudit syslogd_t file_t:dir search;
-allow syslogd_t devpts_t:dir { search };
+allow syslogd_t { tmpfs_t devpts_t }:dir { search };
+dontaudit syslogd_t unlabeled_t:file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/acct.te policy-1.17.31/domains/program/unused/acct.te
--- nsapolicy/domains/program/unused/acct.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/unused/acct.te 2004-10-13 23:15:03.826373172 -0400
@@ -23,7 +23,7 @@
ifdef(`logrotate.te', `
can_exec(acct_t, logrotate_exec_t)
-r_dir_file(logrotate_t, acct_data_t)
+rw_dir_file(logrotate_t, acct_data_t)
')
type acct_data_t, file_type, sysadmfile;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/arpwatch.te policy-1.17.31/domains/program/unused/arpwatch.te
--- nsapolicy/domains/program/unused/arpwatch.te 2004-10-13 14:26:54.000000000 -0400
+++ policy-1.17.31/domains/program/unused/arpwatch.te 2004-10-13 23:21:24.229512909 -0400
@@ -20,3 +20,9 @@
allow arpwatch_t arpwatch_t:unix_stream_socket create_stream_socket_perms;
create_dir_file(arpwatch_t,arpwatch_data_t)
allow arpwatch_t tmp_t:dir { search };
+tmp_domain(arpwatch)
+allow arpwatch_t net_conf_t:file { getattr read };
+allow arpwatch_t netif_lo_t:netif { udp_send };
+allow arpwatch_t sbin_t:dir { search };
+allow arpwatch_t sbin_t:lnk_file { read };
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bootloader.te policy-1.17.31/domains/program/unused/bootloader.te
--- nsapolicy/domains/program/unused/bootloader.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/unused/bootloader.te 2004-10-13 23:15:03.827373060 -0400
@@ -121,7 +121,7 @@
allow bootloader_t proc_t:dir { getattr search };
allow bootloader_t proc_t:file r_file_perms;
allow bootloader_t proc_t:lnk_file { getattr read };
-allow bootloader_t proc_mdstat_t:file { getattr read };
+allow bootloader_t proc_mdstat_t:file r_file_perms;
allow bootloader_t self:dir { getattr search read };
allow bootloader_t sysctl_kernel_t:dir search;
allow bootloader_t sysctl_kernel_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/canna.te policy-1.17.31/domains/program/unused/canna.te
--- nsapolicy/domains/program/unused/canna.te 2004-09-01 11:17:48.000000000 -0400
+++ policy-1.17.31/domains/program/unused/canna.te 2004-10-13 23:15:03.827373060 -0400
@@ -15,7 +15,8 @@
logdir_domain(canna)
var_lib_domain(canna)
-allow canna_t self:capability { setgid setuid };
+allow canna_t self:capability { setgid setuid net_bind_service };
+allow canna_t tmp_t:dir { search };
allow canna_t self:unix_stream_socket { connectto create_stream_socket_perms};
allow canna_t self:unix_dgram_socket create_stream_socket_perms;
allow canna_t etc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.17.31/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/unused/cups.te 2004-10-13 23:15:03.828372947 -0400
@@ -20,7 +20,6 @@
can_network(cupsd_t)
can_ypbind(cupsd_t)
-dbusd_client(system, cupsd_t)
logdir_domain(cupsd)
tmp_domain(cupsd)
@@ -188,13 +187,18 @@
can_tcp_connect(cupsd_config_t, cupsd_t)
allow cupsd_config_t self:fifo_file rw_file_perms;
-dbusd_client(system, cupsd_config_t)
allow cupsd_config_t self:unix_stream_socket create_socket_perms;
+ifdef(`dbusd.te', `
+dbusd_client(system, cupsd_t)
+dbusd_client(system, cupsd_config_t)
allow cupsd_config_t userdomain:dbus { send_msg };
allow userdomain cupsd_config_t:dbus { send_msg };
allow cupsd_config_t hald_t:dbus { send_msg };
allow hald_t cupsd_config_t:dbus { send_msg };
-
+allow cupsd_t userdomain:dbus { send_msg };
+allow cupsd_t hald_t:dbus { send_msg };
+allow hald_t cupsd_t:dbus { send_msg };
+')
can_exec(cupsd_config_t, { bin_t sbin_t shell_exec_t })
allow cupsd_config_t { bin_t sbin_t }:dir { search getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.17.31/domains/program/unused/ftpd.te
--- nsapolicy/domains/program/unused/ftpd.te 2004-10-09 21:06:14.000000000 -0400
+++ policy-1.17.31/domains/program/unused/ftpd.te 2004-10-13 23:21:35.811208827 -0400
@@ -69,9 +69,8 @@
# Append to /var/log/wtmp.
allow ftpd_t wtmp_t:file { getattr append };
-
-# allow access to /home
-allow ftpd_t home_root_t:dir { getattr search };
+#kerberized ftp requires the following
+allow ftpd_t wtmp_t:file { write lock };
# Create and modify /var/log/xferlog.
type xferlog_t, file_type, sysadmfile, logfile;
@@ -97,10 +96,22 @@
# Allow ftp to read/write files in the user home directories.
bool ftp_home_dir false;
-ifdef(`nfs_home_dirs', `
if (ftp_home_dir) {
+ifdef(`nfs_home_dirs', `
allow ftpd_t nfs_t:dir r_dir_perms;
allow ftpd_t nfs_t:file r_file_perms;
-}
+# dont allow access to /home
+dontaudit ftpd_t home_root_t:dir { getattr search };
')dnl end if nfs_home_dirs
+}
+else
+{
+# allow access to /home
+allow ftpd_t home_root_t:dir { getattr search };
+}
dontaudit ftpd_t selinux_config_t:dir { search };
+#
+# Type for access to anon ftp
+#
+type ftpd_anon_t, file_type, sysadmfile;
+r_dir_file(ftpd_t,ftpd_anon_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.17.31/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/unused/hald.te 2004-10-13 23:15:03.829372834 -0400
@@ -63,3 +63,4 @@
dontaudit hald_t selinux_config_t:dir { search };
allow hald_t initrc_t:dbus { send_msg };
allow initrc_t hald_t:dbus { send_msg };
+allow hald_t etc_runtime_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/innd.te policy-1.17.31/domains/program/unused/innd.te
--- nsapolicy/domains/program/unused/innd.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/unused/innd.te 2004-10-13 23:15:03.830372722 -0400
@@ -21,7 +21,7 @@
r_dir_file(userdomain, { news_spool_t innd_var_lib_t innd_etc_t })
can_exec(initrc_t, innd_etc_t)
-can_exec(innd_t, { innd_exec_t bin_t })
+can_exec(innd_t, { innd_exec_t bin_t shell_exec_t })
ifdef(`hostname.te', `
can_exec(innd_t, hostname_exec_t)
')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.17.31/domains/program/unused/ntpd.te
--- nsapolicy/domains/program/unused/ntpd.te 2004-10-09 21:06:14.000000000 -0400
+++ policy-1.17.31/domains/program/unused/ntpd.te 2004-10-13 23:15:03.831372609 -0400
@@ -50,7 +50,7 @@
can_exec(ntpd_t, initrc_exec_t)
allow ntpd_t self:fifo_file { read write getattr };
allow ntpd_t etc_runtime_t:file r_file_perms;
-can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t ntpd_exec_t })
+can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t logrotate_exec_t ntpd_exec_t })
allow ntpd_t { sbin_t bin_t }:dir search;
allow ntpd_t bin_t:lnk_file read;
allow ntpd_t sysctl_kernel_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.17.31/domains/program/unused/postfix.te
--- nsapolicy/domains/program/unused/postfix.te 2004-10-13 22:41:57.000000000 -0400
+++ policy-1.17.31/domains/program/unused/postfix.te 2004-10-13 23:15:03.831372609 -0400
@@ -124,7 +124,7 @@
allow postfix_master_t postfix_spool_maildrop_t:file { unlink rename getattr };
allow postfix_master_t postfix_prng_t:file getattr;
allow postfix_master_t privfd:fd use;
-allow postfix_master_t etc_aliases_t:file r_file_perms;
+allow postfix_master_t etc_aliases_t:file rw_file_perms;
ifdef(`saslauthd.te',`
allow postfix_smtpd_t saslauthd_var_run_t:dir { search getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rlogind.te policy-1.17.31/domains/program/unused/rlogind.te
--- nsapolicy/domains/program/unused/rlogind.te 2004-10-09 21:06:14.000000000 -0400
+++ policy-1.17.31/domains/program/unused/rlogind.te 2004-10-13 23:15:03.832372496 -0400
@@ -14,6 +14,7 @@
role system_r types rlogind_t;
uses_shlib(rlogind_t)
can_network(rlogind_t)
+can_ypbind(rlogind_t)
type rlogind_exec_t, file_type, sysadmfile, exec_type;
domain_auto_trans(inetd_t, rlogind_exec_t, rlogind_t)
ifdef(`tcpd.te', `
@@ -32,7 +33,7 @@
allow rlogind_t inetd_t:tcp_socket rw_stream_socket_perms;
# Use capabilities.
-allow rlogind_t rlogind_t:capability { net_bind_service setuid setgid fowner fsetid chown dac_override };
+allow rlogind_t rlogind_t:capability { net_bind_service setuid setgid fowner fsetid chown dac_override sys_tty_config };
# so telnetd can start a child process for the login
allow rlogind_t self:process { fork signal_perms };
@@ -74,3 +75,12 @@
# Modify /var/log/wtmp.
allow rlogind_t var_log_t:dir search;
allow rlogind_t wtmp_t:file rw_file_perms;
+allow rlogind_t krb5_conf_t:file { getattr read };
+dontaudit rlogind_t krb5_conf_t:file write;
+allow rlogind_t urandom_device_t:chr_file { getattr read };
+dontaudit rlogind_t selinux_config_t:dir search;
+allow rlogind_t staff_home_dir_t:dir search;
+allow rlogind_t proc_t:file read;
+allow rlogind_t self:file { getattr read };
+allow rlogind_t self:fifo_file rw_file_perms;
+allow rlogind_t fs_t:filesystem { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rshd.te policy-1.17.31/domains/program/unused/rshd.te
--- nsapolicy/domains/program/unused/rshd.te 2004-10-09 21:06:14.000000000 -0400
+++ policy-1.17.31/domains/program/unused/rshd.te 2004-10-13 23:15:03.833372383 -0400
@@ -26,3 +26,13 @@
can_network(rshd_t)
can_ypbind(rshd_t)
+allow rshd_t etc_t:file { getattr read };
+read_locale(rshd_t)
+allow rshd_t self:unix_dgram_socket create_socket_perms;
+allow rshd_t self:unix_stream_socket create_stream_socket_perms;
+allow rshd_t { home_root_t home_dir_type }:dir { search getattr };
+allow rshd_t krb5_conf_t:file { getattr read };
+dontaudit rshd_t krb5_conf_t:file write;
+allow rshd_t tmp_t:dir { search };
+allow rshd_t rlogind_tmp_t:file rw_file_perms;
+allow rshd_t urandom_device_t:chr_file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/tftpd.te policy-1.17.31/domains/program/unused/tftpd.te
--- nsapolicy/domains/program/unused/tftpd.te 2004-10-13 22:41:58.000000000 -0400
+++ policy-1.17.31/domains/program/unused/tftpd.te 2004-10-13 23:15:03.833372383 -0400
@@ -16,7 +16,7 @@
type tftp_port_t, port_type, reserved_port_type;
# tftpdir_t is the type of files in the /tftpboot directories.
-type tftpdir_t, file_type, sysadmfile;
+type tftpdir_t, file_type, root_dir_type, sysadmfile;
r_dir_file(tftpd_t, tftpdir_t)
domain_auto_trans(inetd_t, tftpd_exec_t, tftpd_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.17.31/domains/program/unused/xdm.te
--- nsapolicy/domains/program/unused/xdm.te 2004-10-06 09:18:32.000000000 -0400
+++ policy-1.17.31/domains/program/unused/xdm.te 2004-10-13 23:15:03.834372271 -0400
@@ -310,7 +310,7 @@
allow xdm_t var_log_t:file { read };
dontaudit xdm_t krb5_conf_t:file { write };
allow xdm_t krb5_conf_t:file { getattr read };
-allow xdm_t xdm_t:capability { sys_nice sys_rawio };
+allow xdm_t self:capability { sys_nice sys_rawio net_bind_service };
allow xdm_t xdm_t:process { setrlimit };
allow xdm_t wtmp_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ftpd.fc policy-1.17.31/file_contexts/program/ftpd.fc
--- nsapolicy/file_contexts/program/ftpd.fc 2004-03-17 13:26:06.000000000 -0500
+++ policy-1.17.31/file_contexts/program/ftpd.fc 2004-10-13 23:15:03.835372158 -0400
@@ -12,3 +12,4 @@
/var/log/xferlog.* -- system_u:object_r:xferlog_t
/var/log/xferreport.* -- system_u:object_r:xferlog_t
/etc/cron\.monthly/proftpd -- system_u:object_r:ftpd_exec_t
+/var/ftp(/.*)? system_u:object_r:ftpd_anon_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/kerberos.fc policy-1.17.31/file_contexts/program/kerberos.fc
--- nsapolicy/file_contexts/program/kerberos.fc 2004-08-30 16:13:29.000000000 -0400
+++ policy-1.17.31/file_contexts/program/kerberos.fc 2004-10-13 23:15:03.835372158 -0400
@@ -9,3 +9,4 @@
/var/log/krb5kdc.log system_u:object_r:krb5kdc_log_t
/var/log/kadmind.log system_u:object_r:kadmind_log_t
/usr(/local)?/bin/ksu -- system_u:object_r:su_exec_t
+/usr/kerberos/sbin/login.krb5 -- system_u:object_r:login_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/snmpd.fc policy-1.17.31/file_contexts/program/snmpd.fc
--- nsapolicy/file_contexts/program/snmpd.fc 2004-06-16 13:33:37.000000000 -0400
+++ policy-1.17.31/file_contexts/program/snmpd.fc 2004-10-13 23:15:03.836372045 -0400
@@ -5,4 +5,5 @@
/usr/share/snmp/mibs/\.index -- system_u:object_r:snmpd_var_lib_t
/var/run/snmpd\.pid -- system_u:object_r:snmpd_var_run_t
/var/run/snmpd -d system_u:object_r:snmpd_var_run_t
-/var/log/snmbd.log -- system_u:object_r:snmpd_log_t
+/var/net-snmp(/.*) system_u:object_r:snmpd_var_lib_t
+/var/log/snmpd.log -- system_u:object_r:snmpd_log_t
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.17.31/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2004-10-13 22:41:58.000000000 -0400
+++ policy-1.17.31/macros/base_user_macros.te 2004-10-13 23:15:03.836372045 -0400
@@ -281,6 +281,7 @@
# Get attributes of file systems.
allow $1_t fs_type:filesystem getattr;
+allow $1_t removable_t:filesystem getattr;
# Read and write /dev/tty and /dev/null.
allow $1_t devtty_t:chr_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mount_macros.te policy-1.17.31/macros/program/mount_macros.te
--- nsapolicy/macros/program/mount_macros.te 2004-05-21 16:12:23.000000000 -0400
+++ policy-1.17.31/macros/program/mount_macros.te 2004-10-13 23:15:03.837371932 -0400
@@ -56,6 +56,8 @@
allow $2_t home_root_t:dir { search };
allow $2_t $1_home_dir_t:dir { search };
allow $2_t noexattrfile:filesystem { mount unmount };
+allow $2_t fs_t:filesystem { getattr };
+allow $2_t removable_t:filesystem { mount unmount };
allow $2_t mnt_t:dir { mounton search };
allow $2_t sbin_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.17.31/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2004-08-20 13:57:29.000000000 -0400
+++ policy-1.17.31/tunables/distro.tun 2004-10-13 23:15:03.837371932 -0400
@@ -5,7 +5,7 @@
# appropriate ifdefs.
-dnl define(`distro_redhat')
+define(`distro_redhat')
dnl define(`distro_suse')
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.17.31/tunables/tunable.tun
--- nsapolicy/tunables/tunable.tun 2004-09-27 20:48:36.000000000 -0400
+++ policy-1.17.31/tunables/tunable.tun 2004-10-13 23:15:03.838371820 -0400
@@ -1,42 +1,39 @@
# Allow all domains to connect to nscd
-dnl define(`nscd_all_connect')
+define(`nscd_all_connect')
# Allow users to control network interfaces (also needs USERCTL=true)
dnl define(`user_net_control')
# Allow users to execute the mount command
-dnl define(`user_can_mount')
+define(`user_can_mount')
# Allow rpm to run unconfined.
-dnl define(`unlimitedRPM')
+define(`unlimitedRPM')
# Allow privileged utilities like hotplug and insmod to run unconfined.
-dnl define(`unlimitedUtils')
+define(`unlimitedUtils')
# Support NFS home directories
-dnl define(`nfs_home_dirs')
+define(`nfs_home_dirs')
# Allow users to run games
-dnl define(`use_games')
-
-# Allow ypbind to run with NIS
-dnl define(`allow_ypbind')
+define(`use_games')
# Allow rc scripts to run unconfined, including any daemon
# started by an rc script that does not have a domain transition
# explicitly defined.
-dnl define(`unlimitedRC')
+define(`unlimitedRC')
# Allow sysadm_t to directly start daemons
define(`direct_sysadm_daemon')
# Do not audit things that we know to be broken but which
# are not security risks
-dnl define(`hide_broken_symptoms')
+define(`hide_broken_symptoms')
# Allow user_r to reach sysadm_r via su, sudo, or userhelper.
# Otherwise, only staff_r can do so.
-dnl define(`user_canbe_sysadm')
+define(`user_canbe_sysadm')
# Allow xinetd to run unconfined, including any services it starts
# that do not have a domain transition explicitly defined.
diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.17.31/types/file.te
--- nsapolicy/types/file.te 2004-09-22 16:19:14.000000000 -0400
+++ policy-1.17.31/types/file.te 2004-10-13 23:15:03.839371707 -0400
@@ -301,3 +301,4 @@
# removable_t is the default type of all removable media
type removable_t, file_type, sysadmfile, usercanread;
+allow removable_t self:filesystem associate;
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-04-03 13:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-03 13:06 New patches Jeff Squyres (jsquyres)
-- strict thread matches above, loose matches on Subject: below --
2005-01-16 20:49 VeNoMouS
2005-01-18 2:53 ` Rusty Russell
2004-11-12 14:39 new patches Ferenci Daniel
2004-10-13 10:25 howl Russell Coker
2004-10-13 20:18 ` howl James Carter
2004-10-14 3:25 ` New Patches Daniel J Walsh
2004-10-15 15:14 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.