[PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp handling

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp handling
@ 2011-09-15 19:42 Daniel J Walsh
  2011-09-16  6:10 ` Guido Trentalancia
  0 siblings, 1 reply; 3+ messages in thread
From: Daniel J Walsh @ 2011-09-15 19:42 UTC (permalink / raw)
  To: eparis; +Cc: selinux

[-- Attachment #1: Type: text/plain, Size: 346 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yVRIACgkQrlYvE4MpobNTogCaA/XBPxA2GRq8Mux9nab3urM8
ivwAoKLZXJs4tVfbRBNTpQMXnlEgnDYs
=3GvE
-----END PGP SIGNATURE-----

[-- Attachment #2: 0033-policycoreutils-sandbox-FIXME-rewrite-tmp-handling.patch --]
[-- Type: text/plain, Size: 0 bytes --]



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp handling
  2011-09-15 19:42 [PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp handling Daniel J Walsh
@ 2011-09-16  6:10 ` Guido Trentalancia
  2011-09-16 14:27   ` Daniel J Walsh
  0 siblings, 1 reply; 3+ messages in thread
From: Guido Trentalancia @ 2011-09-16  6:10 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: eparis, selinux

On Thu, 2011-09-15 at 15:42 -0400, Daniel J Walsh wrote:
> From 54ed5929b8f8ffac7bdc48d589c5cb38f6798530 Mon Sep 17 00:00:00 2001
> From: Eric Paris <eparis@redhat.com>
> Date: Mon, 15 Aug 2011 19:58:08 -0400
> Subject: [PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp
> handling
> 
> seunshare now creates a runtime temporary directory owned by root and
> with the sticky bit set properly.  Files from the user-specified
> directory
> are copied to the runtime directory and the changes synced back (using
> rsync)
> at the end of the seunshare run.
> 
> review needed to changelog correctness/completeness
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Acked-by: Dan Walsh <dwalsh@redhat.com>
> ---
>  policycoreutils/sandbox/sandbox     |    8 +-
>  policycoreutils/sandbox/seunshare.8 |    2 +-
>  policycoreutils/sandbox/seunshare.c |  488
> +++++++++++++++++++++++++++--------
>  3 files changed, 386 insertions(+), 112 deletions(-)

Is the above perhaps meant to fix CVE-2011-1011 ?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp handling
  2011-09-16  6:10 ` Guido Trentalancia
@ 2011-09-16 14:27   ` Daniel J Walsh
  0 siblings, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2011-09-16 14:27 UTC (permalink / raw)
  To: Guido Trentalancia; +Cc: eparis, selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2011 02:10 AM, Guido Trentalancia wrote:
> On Thu, 2011-09-15 at 15:42 -0400, Daniel J Walsh wrote:
>> From 54ed5929b8f8ffac7bdc48d589c5cb38f6798530 Mon Sep 17 00:00:00
>> 2001 From: Eric Paris <eparis@redhat.com> Date: Mon, 15 Aug 2011
>> 19:58:08 -0400 Subject: [PATCH 33/67] policycoreutils: sandbox:
>> FIXME rewrite /tmp handling
>> 
>> seunshare now creates a runtime temporary directory owned by root
>> and with the sticky bit set properly.  Files from the
>> user-specified directory are copied to the runtime directory and
>> the changes synced back (using rsync) at the end of the seunshare
>> run.
>> 
>> review needed to changelog correctness/completeness
>> 
>> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh
>> <dwalsh@redhat.com> --- policycoreutils/sandbox/sandbox     |
>> 8 +- policycoreutils/sandbox/seunshare.8 |    2 +- 
>> policycoreutils/sandbox/seunshare.c |  488 
>> +++++++++++++++++++++++++++-------- 3 files changed, 386
>> insertions(+), 112 deletions(-)
> 
> Is the above perhaps meant to fix CVE-2011-1011 ?
> 

Yes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5zXOMACgkQrlYvE4MpobM7EQCgkBGDChQayys3AGe0U85PYF9R
A6cAni11KI5MPSwxEc2zHfarZ4HkRorZ
=6c1p
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-09-16 14:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-15 19:42 [PATCH 33/67] policycoreutils: sandbox: FIXME rewrite /tmp handling Daniel J Walsh
2011-09-16  6:10 ` Guido Trentalancia
2011-09-16 14:27   ` Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.