All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libselinux MLS range context contains for PAM/cron
@ 2006-11-07 21:57 James Antill
  2006-11-09 15:37 ` Stephen Smalley
  2006-11-14  0:14 ` Stephen Smalley
  0 siblings, 2 replies; 4+ messages in thread
From: James Antill @ 2006-11-07 21:57 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: redhat-lspp, SE Linux


[-- Attachment #1.1: Type: text/plain, Size: 146 bytes --]


 Here is the libselinux changes needed to do the security context
contains checks for PAM and cron.

-- 
James Antill <jantill@redhat.com>

[-- Attachment #1.2: libselinux MLS range checking bits, for cron and PAM --]
[-- Type: text/x-patch, Size: 987 bytes --]

Index: libselinux/include/selinux/av_permissions.h
===================================================================
--- libselinux/include/selinux/av_permissions.h	(revision 2076)
+++ libselinux/include/selinux/av_permissions.h	(working copy)
@@ -896,3 +896,4 @@
 #define KEY__SETATTR                              0x00000020UL
 #define KEY__CREATE                               0x00000040UL
 #define CONTEXT__TRANSLATE                        0x00000001UL
+#define CONTEXT__CONTAINS                         0x00000002UL
Index: libselinux/src/av_perm_to_string.h
===================================================================
--- libselinux/src/av_perm_to_string.h	(revision 2076)
+++ libselinux/src/av_perm_to_string.h	(working copy)
@@ -266,3 +266,4 @@
     S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
     S_(SECCLASS_KEY, KEY__CREATE, "create")
     S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+    S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] libselinux MLS range context contains for PAM/cron
  2006-11-07 21:57 [PATCH] libselinux MLS range context contains for PAM/cron James Antill
@ 2006-11-09 15:37 ` Stephen Smalley
  2006-11-09 16:49   ` Christopher J. PeBenito
  2006-11-14  0:14 ` Stephen Smalley
  1 sibling, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2006-11-09 15:37 UTC (permalink / raw)
  To: James Antill; +Cc: redhat-lspp, SE Linux, Christopher J. PeBenito

On Tue, 2006-11-07 at 16:57 -0500, James Antill wrote:
>  Here is the libselinux changes needed to do the security context
> contains checks for PAM and cron.

Index: libselinux/include/selinux/av_permissions.h
===================================================================
--- libselinux/include/selinux/av_permissions.h	(revision 2076)
+++ libselinux/include/selinux/av_permissions.h	(working copy)
@@ -896,3 +896,4 @@
 #define KEY__SETATTR                              0x00000020UL
 #define KEY__CREATE                               0x00000040UL
 #define CONTEXT__TRANSLATE                        0x00000001UL
+#define CONTEXT__CONTAINS                         0x00000002UL
Index: libselinux/src/av_perm_to_string.h
===================================================================
--- libselinux/src/av_perm_to_string.h	(revision 2076)
+++ libselinux/src/av_perm_to_string.h	(working copy)
@@ -266,3 +266,4 @@
     S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
     S_(SECCLASS_KEY, KEY__CREATE, "create")
     S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+    S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")


This patch is obviously fine as long as the corresponding policy patch is accepted.

Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] libselinux MLS range context contains for PAM/cron
  2006-11-09 15:37 ` Stephen Smalley
@ 2006-11-09 16:49   ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2006-11-09 16:49 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: James Antill, redhat-lspp, SE Linux

On Thu, 2006-11-09 at 10:37 -0500, Stephen Smalley wrote:
> On Tue, 2006-11-07 at 16:57 -0500, James Antill wrote:
> >  Here is the libselinux changes needed to do the security context
> > contains checks for PAM and cron.
> 
> Index: libselinux/include/selinux/av_permissions.h
[cut]
> +#define CONTEXT__CONTAINS                         0x00000002UL
> Index: libselinux/src/av_perm_to_string.h
[cut]
> +    S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
> 
> This patch is obviously fine as long as the corresponding policy patch
> is accepted.

The policy patch is fine, I was just waiting for the code to be accepted
and committed.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] libselinux MLS range context contains for PAM/cron
  2006-11-07 21:57 [PATCH] libselinux MLS range context contains for PAM/cron James Antill
  2006-11-09 15:37 ` Stephen Smalley
@ 2006-11-14  0:14 ` Stephen Smalley
  1 sibling, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2006-11-14  0:14 UTC (permalink / raw)
  To: James Antill; +Cc: redhat-lspp, SE Linux

On Tue, 2006-11-07 at 16:57 -0500, James Antill wrote:
>  Here is the libselinux changes needed to do the security context
> contains checks for PAM and cron.

Thanks, merged.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-11-14  0:14 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-07 21:57 [PATCH] libselinux MLS range context contains for PAM/cron James Antill
2006-11-09 15:37 ` Stephen Smalley
2006-11-09 16:49   ` Christopher J. PeBenito
2006-11-14  0:14 ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.