From: guido@trentalancia.com (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] RFC: patch to update git reference policy
Date: Wed, 19 Jan 2011 01:40:30 +0100 [thread overview]
Message-ID: <1295397630.3377.10.camel@tesla.lan> (raw)
Hello,
I have created a set of two patches to update the git reference policy
to run on a generic modern Linux system.
Most changes are relative to the dbus system (send_msg capability). Some
interfaces and a few file contexts have also been added for convenience.
In particular /sbin/upstart is now labelled correctly (many
distributions nowadays link /sbin/init to /sbin/upstart to leave some
choice, so it is necessary to label the latter appropriately).
Please send your comments and feel free to test intensively. Thanks.
Regards,
Guido
diff -pruN refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-new/policy/modules/services/dbus.fc
--- refpolicy-git-18012011/policy/modules/services/dbus.fc 2011-01-08 19:07:21.238740722 +0100
+++ refpolicy-git-18012011-new/policy/modules/services/dbus.fc 2011-01-17 20:53:01.132703217 +0100
@@ -1,11 +1,24 @@
/etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+
/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
diff -pruN refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-new/policy/modules/system/init.fc
--- refpolicy-git-18012011/policy/modules/system/init.fc 2011-01-08 19:07:21.350758412 +0100
+++ refpolicy-git-18012011-new/policy/modules/system/init.fc 2011-01-17 20:35:02.785918606 +0100
@@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
# /sbin
#
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
+# because nowadays, /sbin/init is often a symlink to /sbin/upstart
+/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
ifdef(`distro_gentoo', `
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
diff -pruN -x .git refpolicy-git-18012011/policy/modules/admin/readahead.te refpolicy-git-18012011-minimum-update/policy/modules/admin/readahead.te
--- refpolicy-git-18012011/policy/modules/admin/readahead.te 2011-01-08 19:07:21.165729194 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/admin/readahead.te 2011-01-18 23:13:49.754846681 +0100
@@ -79,6 +79,7 @@ term_dontaudit_use_console(readahead_t)
auth_dontaudit_read_shadow(readahead_t)
+init_read_fifo_file(readahead_t)
init_use_fds(readahead_t)
init_use_script_ptys(readahead_t)
init_getattr_initctl(readahead_t)
diff -pruN -x .git refpolicy-git-18012011/policy/modules/kernel/corecommands.if refpolicy-git-18012011-minimum-update/policy/modules/kernel/corecommands.if
--- refpolicy-git-18012011/policy/modules/kernel/corecommands.if 2011-01-08 19:07:21.197734248 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/kernel/corecommands.if 2011-01-18 23:13:49.755846822 +0100
@@ -808,6 +808,27 @@ interface(`corecmd_check_exec_shell',`
########################################
## <summary>
+## Allow mmap_file_perms on a shell
+## executable.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corecmd_mmap_file_exec_shell',`
+ gen_require(`
+ type bin_t, shell_exec_t;
+ ')
+
+ list_dirs_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ allow $1 shell_exec_t:file mmap_file_perms;
+')
+
+########################################
+## <summary>
## Execute shells in the caller domain.
## </summary>
## <desc>
diff -pruN -x .git refpolicy-git-18012011/policy/modules/kernel/files.if refpolicy-git-18012011-minimum-update/policy/modules/kernel/files.if
--- refpolicy-git-18012011/policy/modules/kernel/files.if 2011-01-08 19:07:21.203735196 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/kernel/files.if 2011-01-18 23:13:49.759847386 +0100
@@ -4131,6 +4131,126 @@ interface(`files_purge_tmp',`
########################################
## <summary>
+## Set the attributes of the /bin directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_setattr_bin_dirs',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ allow $1 bin_t:dir setattr;
+')
+
+########################################
+## <summary>
+## Search the content of /bin.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_search_bin',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ allow $1 bin_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Get the attributes of files in /bin.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_getattr_bin_files',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ getattr_files_pattern($1, bin_t, bin_t)
+')
+
+########################################
+## <summary>
+## Read generic files in /bin.
+## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to read generic
+## files in /bin. These files are various program
+## files that do not have more specific SELinux types.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+interface(`files_read_bin_files',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ allow $1 bin_t:dir list_dir_perms;
+ read_files_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+')
+
+########################################
+## <summary>
+## Execute generic programs in /bin in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_exec_bin_files',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ allow $1 bin_t:dir list_dir_perms;
+ exec_files_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+')
+
+########################################
+## <summary>
+## Read symbolic links in /bin.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_read_bin_symlinks',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ read_lnk_files_pattern($1, bin_t, bin_t)
+')
+
+########################################
+## <summary>
## Set the attributes of the /usr directory.
## </summary>
## <param name="domain">
@@ -4149,7 +4269,7 @@ interface(`files_setattr_usr_dirs',`
########################################
## <summary>
-## Search the content of /etc.
+## Search the content of /usr.
## </summary>
## <param name="domain">
## <summary>
@@ -5070,6 +5190,196 @@ interface(`files_manage_mounttab',`
')
########################################
+## <summary>
+## Get the attributes of the /var/log directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_getattr_var_log_dirs',`
+ gen_require(`
+ type var_t, var_log_t;
+ ')
+
+ getattr_dirs_pattern($1, var_t, var_log_t)
+')
+
+########################################
+## <summary>
+## Search the /var/log directory.
+## </summary>
+## <desc>
+## <p>
+## Search the /var/log directory. This is
+## necessary to access files or directories under
+## /var/log that have a private type. For example, a
+## domain accessing a private log file in the
+## /var/log directory:
+## </p>
+## <p>
+## allow mydomain_t mylogfile_t:file read_file_perms;
+## files_search_var_log(mydomain_t)
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+#
+interface(`files_search_var_log',`
+ gen_require(`
+ type var_t, var_log_t;
+ ')
+
+ search_dirs_pattern($1, var_t, var_log_t)
+')
+
+########################################
+## <summary>
+## Do not audit attempts to search the
+## contents of /var/log.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+#
+interface(`files_dontaudit_search_var_log',`
+ gen_require(`
+ type var_log_t;
+ ')
+
+ dontaudit $1 var_log_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## List the contents of the /var/log directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_list_var_log',`
+ gen_require(`
+ type var_t, var_log_t;
+ ')
+
+ list_dirs_pattern($1, var_t, var_log_t)
+')
+
+###########################################
+## <summary>
+## Read-write /var/log directories
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_rw_var_log_dirs',`
+ gen_require(`
+ type var_log_t;
+ ')
+
+ rw_dirs_pattern($1, var_log_t, var_log_t)
+')
+
+###########################################
+## <summary>
+## Append to files in the /var/log directories
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_var_log_append',`
+ gen_require(`
+ type var_log_t;
+ ')
+
+ append_files_pattern($1, var_log_t, var_log_t)
+')
+
+########################################
+## <summary>
+## Create objects in the /var/log directory
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="file_type">
+## <summary>
+## The type of the object to be created
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## The object class.
+## </summary>
+## </param>
+#
+interface(`files_var_log_filetrans',`
+ gen_require(`
+ type var_t, var_log_t;
+ ')
+
+ allow $1 var_t:dir search_dir_perms;
+ filetrans_pattern($1, var_log_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Read generic files in /var/log.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_read_var_log_files',`
+ gen_require(`
+ type var_t, var_log_t;
+ ')
+
+ allow $1 var_log_t:dir list_dir_perms;
+ read_files_pattern($1, { var_t var_log_t }, var_log_t)
+')
+
+########################################
+## <summary>
+## Read generic symbolic links in /var/log
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_read_var_log_symlinks',`
+ gen_require(`
+ type var_t, var_log_t;
+ ')
+
+ read_lnk_files_pattern($1, { var_t var_log_t }, var_log_t)
+')
+
+########################################
## <summary>
## Search the locks directory (/var/lock).
## </summary>
diff -pruN -x .git refpolicy-git-18012011/policy/modules/kernel/kernel.if refpolicy-git-18012011-minimum-update/policy/modules/kernel/kernel.if
--- refpolicy-git-18012011/policy/modules/kernel/kernel.if 2011-01-17 19:36:10.808130722 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/kernel/kernel.if 2011-01-18 23:13:49.763847950 +0100
@@ -1406,6 +1406,26 @@ interface(`kernel_dontaudit_list_all_pro
########################################
## <summary>
+## Allows to search the base
+## directory of sysctls.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+##
+#
+interface(`kernel_search_sysctl',`
+ gen_require(`
+ type sysctl_t;
+ ')
+
+ allow $1 sysctl_t:dir search;
+')
+
+########################################
+## <summary>
## Do not audit attempts by caller to search
## the base directory of sysctls.
## </summary>
@@ -1873,6 +1893,24 @@ interface(`kernel_rw_kernel_sysctl',`
')
########################################
+## <summary>
+## Allow caller to search filesystem sysctls.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kernel_search_fs_sysctl',`
+ gen_require(`
+ type proc_t, sysctl_t, sysctl_fs_t;
+ ')
+
+ search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
+')
+
+########################################
## <summary>
## Read filesystem sysctls.
## </summary>
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/avahi.if refpolicy-git-18012011-minimum-update/policy/modules/services/avahi.if
--- refpolicy-git-18012011/policy/modules/services/avahi.if 2011-01-08 19:07:21.224738512 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/avahi.if 2011-01-18 23:38:58.297498219 +0100
@@ -75,6 +75,25 @@ interface(`avahi_signull',`
########################################
## <summary>
+## Send a dbus message to avahi.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`avahi_dbus_send',`
+ gen_require(`
+ type avahi_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 avahi_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## avahi over dbus.
## </summary>
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/avahi.te refpolicy-git-18012011-minimum-update/policy/modules/services/avahi.te
--- refpolicy-git-18012011/policy/modules/services/avahi.te 2011-01-08 19:07:21.224738512 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/avahi.te 2011-01-19 01:20:50.132124585 +0100
@@ -104,9 +104,17 @@ optional_policy(`
')
optional_policy(`
+ ntp_dbus_send(avahi_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(avahi_t)
')
optional_policy(`
udev_read_db(avahi_t)
')
+
+optional_policy(`
+ xserver_xdm_dbus_send(avahi_t)
+')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/consolekit.if refpolicy-git-18012011-minimum-update/policy/modules/services/consolekit.if
--- refpolicy-git-18012011/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/consolekit.if 2011-01-18 23:13:49.767848514 +0100
@@ -20,6 +20,26 @@ interface(`consolekit_domtrans',`
########################################
## <summary>
+## Send a dbus message to
+## consolekit.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`consolekit_dbus_send',`
+ gen_require(`
+ type consolekit_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 consolekit_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## consolekit over dbus.
## </summary>
@@ -93,5 +113,6 @@ interface(`consolekit_read_pid_files',`
')
files_search_pids($1)
+ allow $1 consolekit_var_run_t:dir list_dir_perms;
read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/dbus.te refpolicy-git-18012011-minimum-update/policy/modules/services/dbus.te
--- refpolicy-git-18012011/policy/modules/services/dbus.te 2011-01-08 19:07:21.238740722 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/dbus.te 2011-01-18 23:13:49.790851763 +0100
@@ -52,7 +52,7 @@ ifdef(`enable_mls',`
# dac_override: /var/run/dbus is owned by messagebus on Debian
# cjp: dac_override should probably go in a distro_debian
-allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
+allow system_dbusd_t self:capability { dac_override setgid setpcap setuid sys_ptrace };
dontaudit system_dbusd_t self:capability sys_tty_config;
allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap };
allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
@@ -115,9 +115,14 @@ corecmd_read_bin_sockets(system_dbusd_t)
domain_use_interactive_fds(system_dbusd_t)
domain_read_all_domains_state(system_dbusd_t)
+files_search_default(system_dbusd_t)
+files_read_default_files(system_dbusd_t)
files_read_etc_files(system_dbusd_t)
files_list_home(system_dbusd_t)
-files_read_usr_files(system_dbusd_t)
+files_exec_bin_files(system_dbusd_t)
+files_exec_usr_files(system_dbusd_t)
+files_read_var_lib_files(system_dbusd_t)
+files_var_log_append(system_dbusd_t)
init_use_fds(system_dbusd_t)
init_use_script_ptys(system_dbusd_t)
@@ -141,6 +146,24 @@ optional_policy(`
')
optional_policy(`
+ consolekit_read_pid_files(system_dbusd_t)
+ consolekit_dbus_send(system_dbusd_t)
+')
+
+optional_policy(`
+ devicekit_dbus_send_disk(system_dbusd_t)
+ devicekit_dbus_send_power(system_dbusd_t)
+')
+
+optional_policy(`
+ networkmanager_dbus_send(system_dbusd_t)
+')
+
+optional_policy(`
+ ntp_dbus_chat(system_dbusd_t)
+')
+
+optional_policy(`
policykit_dbus_chat(system_dbusd_t)
policykit_domtrans_auth(system_dbusd_t)
policykit_search_lib(system_dbusd_t)
@@ -154,6 +177,10 @@ optional_policy(`
udev_read_db(system_dbusd_t)
')
+optional_policy(`
+ xserver_xdm_dbus_chat(system_dbusd_t)
+')
+
########################################
#
# Unconfined access to this module
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/devicekit.if refpolicy-git-18012011-minimum-update/policy/modules/services/devicekit.if
--- refpolicy-git-18012011/policy/modules/services/devicekit.if 2011-01-08 19:07:21.240741038 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/devicekit.if 2011-01-18 23:13:49.791851900 +0100
@@ -39,6 +39,25 @@ interface(`devicekit_dgram_send',`
########################################
## <summary>
+## Send a dbus message to devicekit.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`devicekit_dbus_send',`
+ gen_require(`
+ type devicekit_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 devicekit_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## devicekit over dbus.
## </summary>
@@ -60,6 +79,25 @@ interface(`devicekit_dbus_chat',`
########################################
## <summary>
+## Send a dbus message to devicekit disk.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`devicekit_dbus_send_disk',`
+ gen_require(`
+ type devicekit_disk_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 devicekit_disk_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## devicekit disk over dbus.
## </summary>
@@ -99,6 +137,25 @@ interface(`devicekit_signal_power',`
########################################
## <summary>
+## Send a dbus message to devicekit power.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`devicekit_dbus_send_power',`
+ gen_require(`
+ type devicekit_power_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 devicekit_power_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## devicekit power over dbus.
## </summary>
@@ -183,3 +240,22 @@ interface(`devicekit_admin',`
admin_pattern($1, devicekit_var_run_t)
files_search_pids($1)
')
+
+########################################
+## <summary>
+## DeviceKit power getattr on APM
+## bios character device node files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`devicekit_getattr_apm_bios_files_power',`
+ gen_require(`
+ type apm_bios_t;
+ ')
+
+ getattr_chr_files_pattern($1, apm_bios_t, apm_bios_t)
+')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/devicekit.te refpolicy-git-18012011-minimum-update/policy/modules/services/devicekit.te
--- refpolicy-git-18012011/policy/modules/services/devicekit.te 2011-01-08 19:07:21.241741196 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/devicekit.te 2011-01-18 23:13:49.792852039 +0100
@@ -43,6 +43,7 @@ dev_read_sysfs(devicekit_t)
dev_read_urand(devicekit_t)
files_read_etc_files(devicekit_t)
+files_read_etc_runtime_files(devicekit_t)
miscfiles_read_localization(devicekit_t)
@@ -178,6 +179,10 @@ optional_policy(`
virt_manage_images(devicekit_disk_t)
')
+optional_policy(`
+ xserver_xdm_dbus_send(devicekit_disk_t)
+')
+
########################################
#
# DeviceKit-Power local policy
@@ -193,12 +198,15 @@ manage_dirs_pattern(devicekit_power_t, d
manage_files_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
files_var_lib_filetrans(devicekit_power_t, devicekit_var_lib_t, dir)
+kernel_search_fs_sysctl(devicekit_power_t)
+kernel_rw_vm_sysctls(devicekit_power_t)
kernel_read_network_state(devicekit_power_t)
kernel_read_system_state(devicekit_power_t)
kernel_rw_hotplug_sysctls(devicekit_power_t)
kernel_rw_kernel_sysctl(devicekit_power_t)
kernel_search_debugfs(devicekit_power_t)
kernel_write_proc_files(devicekit_power_t)
+kernel_setsched(devicekit_power_t)
corecmd_exec_bin(devicekit_power_t)
corecmd_exec_shell(devicekit_power_t)
@@ -215,9 +223,11 @@ dev_rw_sysfs(devicekit_power_t)
files_read_kernel_img(devicekit_power_t)
files_read_etc_files(devicekit_power_t)
+files_rw_etc_runtime_files(devicekit_power_t)
files_read_usr_files(devicekit_power_t)
fs_list_inotifyfs(devicekit_power_t)
+fs_remount_xattr_fs(devicekit_power_t)
term_use_all_terms(devicekit_power_t)
@@ -230,6 +240,11 @@ sysnet_domtrans_ifconfig(devicekit_power
userdom_read_all_users_state(devicekit_power_t)
+devicekit_getattr_apm_bios_files_power(devicekit_power_t)
+
+mount_exec_getattr(devicekit_power_t)
+mount_exec(devicekit_power_t)
+
optional_policy(`
bootloader_domtrans(devicekit_power_t)
')
@@ -276,9 +291,17 @@ optional_policy(`
')
optional_policy(`
+ storage_raw_read_fixed_disk(devicekit_power_t)
+')
+
+optional_policy(`
udev_read_db(devicekit_power_t)
')
optional_policy(`
vbetool_domtrans(devicekit_power_t)
')
+
+optional_policy(`
+ xserver_xdm_dbus_send(devicekit_power_t)
+')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/hal.te refpolicy-git-18012011-minimum-update/policy/modules/services/hal.te
--- refpolicy-git-18012011/policy/modules/services/hal.te 2011-01-08 19:07:21.252742934 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/hal.te 2011-01-18 23:13:49.794852319 +0100
@@ -338,6 +338,10 @@ optional_policy(`
virt_manage_images(hald_t)
')
+optional_policy(`
+ xserver_xdm_dbus_send(hald_t)
+')
+
########################################
#
# Hal acl local policy
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/networkmanager.if refpolicy-git-18012011-minimum-update/policy/modules/services/networkmanager.if
--- refpolicy-git-18012011/policy/modules/services/networkmanager.if 2011-01-08 19:07:21.269745618 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/networkmanager.if 2011-01-18 23:13:49.795852460 +0100
@@ -116,6 +116,25 @@ interface(`networkmanager_initrc_domtran
########################################
## <summary>
+## Send a dbus message to NetworkManager.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`networkmanager_dbus_send',`
+ gen_require(`
+ type NetworkManager_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 NetworkManager_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## NetworkManager over dbus.
## </summary>
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/networkmanager.te refpolicy-git-18012011-minimum-update/policy/modules/services/networkmanager.te
--- refpolicy-git-18012011/policy/modules/services/networkmanager.te 2011-01-08 19:07:21.269745618 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/networkmanager.te 2011-01-18 23:13:49.796852601 +0100
@@ -140,6 +140,7 @@ seutil_read_config(NetworkManager_t)
sysnet_domtrans_ifconfig(NetworkManager_t)
sysnet_domtrans_dhcpc(NetworkManager_t)
sysnet_signal_dhcpc(NetworkManager_t)
+sysnet_read_dhcpc_state(NetworkManager_t)
sysnet_read_dhcpc_pid(NetworkManager_t)
sysnet_delete_dhcpc_pid(NetworkManager_t)
sysnet_search_dhcp_state(NetworkManager_t)
@@ -265,6 +266,10 @@ optional_policy(`
vpn_signull(NetworkManager_t)
')
+optional_policy(`
+ xserver_xdm_dbus_send(NetworkManager_t)
+')
+
########################################
#
# wpa_cli local policy
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/ntp.if refpolicy-git-18012011-minimum-update/policy/modules/services/ntp.if
--- refpolicy-git-18012011/policy/modules/services/ntp.if 2011-01-08 19:07:21.272746092 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/ntp.if 2011-01-18 23:13:49.798852883 +0100
@@ -163,3 +163,62 @@ interface(`ntp_admin',`
files_list_pids($1)
admin_pattern($1, ntpd_var_run_t)
')
+
+########################################
+## <summary>
+## Send a dbus message to ntpd.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_dbus_send',`
+ gen_require(`
+ type ntpd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 ntpd_t:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Send and receive messages from
+## ntpd over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_dbus_chat',`
+ gen_require(`
+ type ntpd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 ntpd_t:dbus send_msg;
+ allow ntpd_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Connect to dbus using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_dbus_stream_connect',`
+ gen_require(`
+ type system_dbusd_t, system_dbusd_var_run_t;
+ ')
+
+ files_search_pids($1)
+ stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
+')
Binary files refpolicy-git-18012011/policy/modules/services/.ntp.if.swp and refpolicy-git-18012011-minimum-update/policy/modules/services/.ntp.if.swp differ
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/ntp.te refpolicy-git-18012011-minimum-update/policy/modules/services/ntp.te
--- refpolicy-git-18012011/policy/modules/services/ntp.te 2011-01-08 19:07:21.272746092 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/ntp.te 2011-01-18 23:40:27.459838030 +0100
@@ -125,11 +125,19 @@ userdom_dontaudit_use_unpriv_user_fds(nt
userdom_list_user_home_dirs(ntpd_t)
optional_policy(`
+ avahi_dbus_send(ntpd_t)
+')
+
+optional_policy(`
# for cron jobs
cron_system_entry(ntpd_t, ntpdate_exec_t)
')
optional_policy(`
+ ntp_dbus_stream_connect(ntpd_t)
+')
+
+optional_policy(`
gpsd_rw_shm(ntpd_t)
')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/plymouthd.te refpolicy-git-18012011-minimum-update/policy/modules/services/plymouthd.te
--- refpolicy-git-18012011/policy/modules/services/plymouthd.te 2011-01-08 19:07:21.280747356 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/plymouthd.te 2011-01-18 23:13:49.800853165 +0100
@@ -29,7 +29,7 @@ files_pid_file(plymouthd_var_run_t)
allow plymouthd_t self:capability { sys_admin sys_tty_config };
dontaudit plymouthd_t self:capability dac_override;
-allow plymouthd_t self:process signal;
+allow plymouthd_t self:process { signal getsched };
allow plymouthd_t self:fifo_file rw_fifo_file_perms;
allow plymouthd_t self:unix_stream_socket create_stream_socket_perms;
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/setroubleshoot.if refpolicy-git-18012011-minimum-update/policy/modules/services/setroubleshoot.if
--- refpolicy-git-18012011/policy/modules/services/setroubleshoot.if 2011-01-08 19:07:21.304751146 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/setroubleshoot.if 2011-01-18 23:13:49.801853306 +0100
@@ -42,6 +42,26 @@ interface(`setroubleshoot_dontaudit_stre
########################################
## <summary>
+## Send a dbus message to
+## setroubleshoot.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`setroubleshoot_dbus_send',`
+ gen_require(`
+ type setroubleshootd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 setroubleshootd_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
## setroubleshoot over dbus.
## </summary>
@@ -84,8 +104,28 @@ interface(`setroubleshoot_dontaudit_dbus
########################################
## <summary>
+## Send a dbus message to
+## setroubleshoot fixit.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`setroubleshoot_dbus_send_fixit',`
+ gen_require(`
+ type setroubleshoot_fixit_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 setroubleshoot_fixit_t:dbus send_msg;
+')
+
+########################################
+## <summary>
## Send and receive messages from
-## setroubleshoot over dbus.
+## setroubleshoot fixit over dbus.
## </summary>
## <param name="domain">
## <summary>
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/setroubleshoot.te refpolicy-git-18012011-minimum-update/policy/modules/services/setroubleshoot.te
--- refpolicy-git-18012011/policy/modules/services/setroubleshoot.te 2011-01-08 19:07:21.305751304 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/setroubleshoot.te 2011-01-18 23:13:49.802853447 +0100
@@ -125,12 +125,24 @@ optional_policy(`
')
optional_policy(`
+ locate_read_lib_files(setroubleshootd_t)
+')
+
+optional_policy(`
+ logging_dbus_send_dispatcher(setroubleshootd_t)
+')
+
+optional_policy(`
rpm_signull(setroubleshootd_t)
rpm_read_db(setroubleshootd_t)
rpm_dontaudit_manage_db(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
')
+optional_policy(`
+ xserver_xdm_dbus_send(setroubleshootd_t)
+')
+
########################################
#
# setroubleshoot_fixit local policy
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/smartmon.te refpolicy-git-18012011-minimum-update/policy/modules/services/smartmon.te
--- refpolicy-git-18012011/policy/modules/services/smartmon.te 2011-01-08 19:07:21.326754622 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/smartmon.te 2011-01-18 23:13:49.803853588 +0100
@@ -73,6 +73,8 @@ files_read_etc_runtime_files(fsdaemon_t)
# for config
files_read_etc_files(fsdaemon_t)
+files_read_usr_files(fsdaemon_t)
+
fs_getattr_all_fs(fsdaemon_t)
fs_search_auto_mountpoints(fsdaemon_t)
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/xserver.if refpolicy-git-18012011-minimum-update/policy/modules/services/xserver.if
--- refpolicy-git-18012011/policy/modules/services/xserver.if 2011-01-08 19:07:21.344757464 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/xserver.if 2011-01-18 23:13:49.804853729 +0100
@@ -1250,3 +1250,43 @@ interface(`xserver_unconfined',`
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
+
+########################################
+## <summary>
+## Send a dbus message to xdm.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_xdm_dbus_send',`
+ gen_require(`
+ type xdm_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 xdm_t:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Send and receive messages from
+## xdm over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_xdm_dbus_chat',`
+ gen_require(`
+ type xdm_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 xdm_t:dbus send_msg;
+ allow xdm_t $1:dbus send_msg;
+')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/services/xserver.te refpolicy-git-18012011-minimum-update/policy/modules/services/xserver.te
--- refpolicy-git-18012011/policy/modules/services/xserver.te 2011-01-08 19:07:21.344757464 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/services/xserver.te 2011-01-18 23:13:49.806854011 +0100
@@ -508,6 +508,10 @@ optional_policy(`
')
optional_policy(`
+ avahi_dbus_send(xdm_t)
+')
+
+optional_policy(`
consolekit_dbus_chat(xdm_t)
')
@@ -516,12 +520,21 @@ optional_policy(`
')
optional_policy(`
+ devicekit_dbus_send_disk(xdm_t)
+ devicekit_dbus_send_power(xdm_t)
+')
+
+optional_policy(`
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
')
optional_policy(`
+ hal_dbus_send(xdm_t)
+')
+
+optional_policy(`
hostname_exec(xdm_t)
')
@@ -539,10 +552,18 @@ optional_policy(`
')
optional_policy(`
+ networkmanager_dbus_send(xdm_t)
+')
+
+optional_policy(`
resmgr_stream_connect(xdm_t)
')
optional_policy(`
+ setroubleshoot_dbus_send(xdm_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(xdm_t)
')
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/authlogin.te refpolicy-git-18012011-minimum-update/policy/modules/system/authlogin.te
--- refpolicy-git-18012011/policy/modules/system/authlogin.te 2011-01-08 19:07:21.347757938 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/authlogin.te 2011-01-18 23:13:49.808854293 +0100
@@ -91,6 +91,8 @@ files_list_etc(chkpwd_t)
# is_selinux_enabled
kernel_read_system_state(chkpwd_t)
+kernel_search_sysctl(chkpwd_t)
+
domain_dontaudit_use_interactive_fds(chkpwd_t)
dev_read_rand(chkpwd_t)
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/init.if refpolicy-git-18012011-minimum-update/policy/modules/system/init.if
--- refpolicy-git-18012011/policy/modules/system/init.if 2011-01-08 19:07:21.351758570 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/init.if 2011-01-18 23:13:49.809854434 +0100
@@ -947,6 +947,24 @@ interface(`init_read_state',`
########################################
## <summary>
+## Read init fifo file.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_read_fifo_file',`
+ gen_require(`
+ attribute init_t;
+ ')
+
+ read_fifo_files_pattern($1, init_t, init_t)
+')
+
+########################################
+## <summary>
## Ptrace init
## </summary>
## <param name="domain">
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/logging.if refpolicy-git-18012011-minimum-update/policy/modules/system/logging.if
--- refpolicy-git-18012011/policy/modules/system/logging.if 2011-01-08 19:07:21.355759202 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/logging.if 2011-01-18 23:13:49.812854857 +0100
@@ -337,6 +337,47 @@ interface(`logging_stream_connect_dispat
########################################
## <summary>
+## Send a dbus message to the audit
+## dispatcher.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`logging_dbus_send_dispatcher',`
+ gen_require(`
+ type audisp_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 audisp_t:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Send and receive messages from
+## the audit dispatcher over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`logging_dbus_chat_dispatcher',`
+ gen_require(`
+ type audisp_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 audisp_t:dbus send_msg;
+ allow audisp_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
## Manage the auditd configuration files.
## </summary>
## <param name="domain">
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-minimum-update/policy/modules/system/logging.te
--- refpolicy-git-18012011/policy/modules/system/logging.te 2011-01-08 19:07:21.356759360 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/logging.te 2011-01-18 23:13:49.813854998 +0100
@@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
+allow audisp_t proc_t:file read_file_perms;
+
manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
@@ -246,6 +248,10 @@ optional_policy(`
dbus_system_bus_client(audisp_t)
')
+optional_policy(`
+ setroubleshoot_dbus_send(audisp_t)
+')
+
########################################
#
# Audit remote logger local policy
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/mount.if refpolicy-git-18012011-minimum-update/policy/modules/system/mount.if
--- refpolicy-git-18012011/policy/modules/system/mount.if 2011-01-08 19:07:21.358759676 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/mount.if 2011-01-18 23:13:49.814855139 +0100
@@ -51,6 +51,25 @@ interface(`mount_run',`
########################################
## <summary>
+## Get the attributes of mount
+## executable files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mount_exec_getattr',`
+ gen_require(`
+ type mount_exec_t;
+ ')
+
+ allow $1 mount_exec_t:file getattr;
+')
+
+########################################
+## <summary>
## Execute mount in the caller domain.
## </summary>
## <param name="domain">
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/mount.te refpolicy-git-18012011-minimum-update/policy/modules/system/mount.te
--- refpolicy-git-18012011/policy/modules/system/mount.te 2011-01-17 19:36:10.814131755 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/mount.te 2011-01-19 01:01:20.531005215 +0100
@@ -51,12 +51,17 @@ kernel_read_kernel_sysctls(mount_t)
kernel_dontaudit_getattr_core_if(mount_t)
kernel_dontaudit_write_debugfs_dirs(mount_t)
kernel_dontaudit_write_proc_dirs(mount_t)
+kernel_setsched(mount_t)
# To load binfmt_misc kernel module
kernel_request_load_module(mount_t)
# required for mount.smbfs
corecmd_exec_bin(mount_t)
+# required for mounting nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2
+# from initscripts
+corecmd_mmap_file_exec_shell(mount_t)
+
dev_getattr_all_blk_files(mount_t)
dev_list_all_dev_nodes(mount_t)
dev_read_sysfs(mount_t)
@@ -108,6 +113,8 @@ storage_raw_read_fixed_disk(mount_t)
storage_raw_write_fixed_disk(mount_t)
storage_raw_read_removable_device(mount_t)
storage_raw_write_removable_device(mount_t)
+# needed for example by ntfs-3g
+storage_rw_fuse(mount_t)
term_use_all_terms(mount_t)
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/sysnetwork.if refpolicy-git-18012011-minimum-update/policy/modules/system/sysnetwork.if
--- refpolicy-git-18012011/policy/modules/system/sysnetwork.if 2011-01-08 19:07:21.362760308 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/sysnetwork.if 2011-01-18 23:13:49.817855562 +0100
@@ -215,6 +215,24 @@ interface(`sysnet_rw_dhcp_config',`
########################################
## <summary>
+## Search dhcp client state directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sysnet_search_dhcpc_state',`
+ gen_require(`
+ type dhcpc_state_t;
+ ')
+
+ search_dirs_pattern($1, dhcpc_state_t, dhcpc_state_t)
+')
+
+########################################
+## <summary>
## Read dhcp client state files.
## </summary>
## <param name="domain">
diff -pruN -x .git refpolicy-git-18012011/policy/modules/system/sysnetwork.te refpolicy-git-18012011-minimum-update/policy/modules/system/sysnetwork.te
--- refpolicy-git-18012011/policy/modules/system/sysnetwork.te 2011-01-08 19:07:21.363760466 +0100
+++ refpolicy-git-18012011-minimum-update/policy/modules/system/sysnetwork.te 2011-01-18 23:13:49.818855703 +0100
@@ -325,6 +325,7 @@ ifdef(`hide_broken_symptoms',`
')
optional_policy(`
+ hal_read_pid_files(ifconfig_t)
hal_dontaudit_rw_pipes(ifconfig_t)
hal_dontaudit_rw_dgram_sockets(ifconfig_t)
')
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5186 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110119/fa7ea8bb/attachment-0001.bin
next reply other threads:[~2011-01-19 0:40 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-19 0:40 Guido Trentalancia [this message]
2011-01-20 13:18 ` [refpolicy] RFC: patch to update git reference policy Christopher J. PeBenito
2011-01-20 17:32 ` Guido Trentalancia
2011-01-21 12:37 ` Christopher J. PeBenito
2011-01-24 0:43 ` [refpolicy] [PATCH/RFC 0/19]: patch set to update the " Guido Trentalancia
2011-01-24 15:01 ` Dominick Grift
2011-01-24 15:56 ` Guido Trentalancia
2011-01-24 15:59 ` Dominick Grift
2011-01-24 21:01 ` Guido Trentalancia
2011-01-24 21:22 ` Dominick Grift
[not found] ` <4D471319.2000907@tresys.com>
2011-01-31 21:18 ` Guido Trentalancia
2011-02-02 23:52 ` Martin Orr
2011-02-03 0:04 ` Guido Trentalancia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1295397630.3377.10.camel@tesla.lan \
--to=guido@trentalancia.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.