From: "Török Edwin" <edwin@gurde.com>
To: selinux@tycho.nsa.gov
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Joshua Brindle <jbrindle@tresys.com>,
"Christopher J. PeBenito" <cpebenito@tresys.com>,
fireflier-devel@lists.sourceforge.net
Subject: Re: [2/4] Labeling only policy for fireflier (fireflier.pp)
Date: Mon, 1 May 2006 19:34:00 +0300 [thread overview]
Message-ID: <200605011934.00791.edwin@gurde.com> (raw)
In-Reply-To: <200605011917.54954.edwin@gurde.com>
[this policy (together with the base in mail [1/4]) is intended for systems
where there is no selinux by default. for selinux enabled systems i'll create
modules to be used with reference policy, i'll send that in a separate mail
when it will be ready]
Still I want to provide "some" protection against changing labels (it would be
just too easy to escape protection, but only for root, right?)
So I implemented something similar to what selinuxutil.te does to protect the
module store, and also restricted policy loading to only a few domains.
Also restricted policy loading/setbool/setenforce with booleans. Also
restricted module loading, and rawio.
I didn't use the unconfined interfaces from the reference policy, since they
allowed too much rights to programs (IMHO). So I modified them to fit my
needs, and put them in unconfined_norelabel.if.
So nobody besides a domain with policymanager attribute can load policy, and
nobody besides them are allowed to change the module store.
Any bypasses?
Of course if somebody replaces load_policy he can load any policy (but that
isn't possible with this policy, right?). If load_policy & friends aren't
statically linked, than someone can bypass it by changing libc, and
protecting against that brings me very close to strict policy. So let's
assume that load_policy would be statically linked, and it would get a
sanitized environment.
The module store is managed via semodule, so it has to have write access. The
problem is whom I allow to execute semodule, because anybody doing that will
override my policy. So I restricted transition to semanage_t only for
policymanager domains.
Last I have a program named policymanager, that will generate the policy
(doesn't exist yet). Obviously this will be the weakest link in the chain.
So in the end, I am not sure it is worth all this policy store protection,
maybe I could do with a simpler policy.
Maybe just using auditallow&allow for loading policy protected with a boolean
would be enough? (audit: so that the sysadmin thas the chance to know
somebody changed the policy, if he uses remote logging, otherwise all is lost
if somebody changes policy.) But then somebody could just replace the binary
policy, and have it loaded automatically on next reboot?
(why i don't want too much protection against root:
- if somebody didn't have selinux, with fireflier 1.1.x somebody could just
have deleted the iptables rules to bypass fireflier's protection. You can't
get real protection against this, unless you use a strict policy,right?
Also I don't intend to make fireflier an selinux rule management tool,besides
there are some nice tools from tresys that do that ;)
)
fireflier.te:
-----
policy_module(fireflier,0.1.0)
########################################
#
# Declarations
#
gen_require(`
type file_t;
type sbin_t;
bool secure_mode_policyload;
bool secure_mode;
type selinux_config_t;
')
bool dac_override_audit true;
type fireflier_unconfined_t;
attribute can_unconfined_sockets;
attribute fireflier_unconfined_domain;
attribute has_restricted_sockets;
fireflier_unconfined(fireflier_unconfined_t,file_t,can_unconfined_sockets)
domain_auto_trans(fireflier_unconfined_domain,file_t,fireflier_unconfined_t)
kernel_domtrans_to(fireflier_unconfined_t,sbin_t)
neverallow fireflier_unconfined_t file_type:file {relabelfrom relabelto};
attribute policymanager;
gen_policymanager_type(load_policy)
gen_policymanager_type(boolset)
gen_policymanager_type(semanage)
gen_policymanager_type(restorecon)
gen_policymanager_type(policy_manager)
domain_auto_trans(fireflier_unconfined_domain,policy_manager_exec_t,policy_manager_t)
attribute policy_config;
type policy_config_t;
typeattribute policy_config_t policy_config;
typeattribute selinux_config_t policy_config;
#avoiding files_type(policy_config_t), because unconfined domains have access
to all files
allow policy_config_t fs_t:filesystem associate;
allow selinux_config_t fs_t:filesystem associate;
type_transition domain policy_config_t:{dir file lnk_file} policy_config_t;
attribute can_relabelto_binary_policy;
neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
type semanage_lock_t;
allow semanage_lock_t fs_t:filesystem associate;
allow load_policy_t semanage_lock_t:file rw_file_perms;
allow load_policy_t selinux_config_t:file rw_file_perms;
allow fireflier_unconfined_domain semanage_lock_t:file rw_file_perms;
typeattribute restorecon_t can_relabelto_binary_policy;
allow restorecon_t self:capability { dac_override dac_read_search fowner };
allow restorecon_t self:fifo_file rw_file_perms;
allow fireflier_unconfined_domain policy_config :dir r_dir_perms;
allow fireflier_unconfined_domain policy_config :file r_file_perms;
allow fireflier_unconfined_domain policy_config :lnk_file r_file_perms;
allow fireflier_unconfined_domain policy_config:dir search;
if(!secure_mode_policyload) {
auditallow load_policy_t security_t:security {load_policy};
allow load_policy_t security_t:security {load_policy};
auditallow boolset_t security_t:security {setbool};
allow boolset_t security_t:security {setbool};
auditallow semanage_t policy_config_t:file { read write };
allow semanage_t policy_config_t:file { read write lock create unlink
rename};
allow semanage_t selinux_config_t:file { read write lock create unlink
rename};
allow semanage_t unlabeled_t:process sigchld;
allow semanage_t policy_config_t:dir { read write getattr unlink create
rename add_name remove_name rmdir};
allow semanage_t selinux_config_t:dir { read write getattr unlink create
rename add_name remove_name rmdir};
}
if(!secure_mode) {
auditallow restorecon_t {selinux_config_t policy_config_t file_type}:{dir
file} {relabelfrom relabelto};
allow restorecon_t {selinux_config_t policy_config_t file_type}:{dir file}
{relabelfrom relabelto};
}
#allow fireflier_unconfined_domain selinux_config_t:{dir file} *;
#from test_module
-----------
fireflier.if:
-------------
########################################
## <summary>
## Make the specified domain unconfined.
## Except that it does not allow it to change labels, and load policy
## </summary>
## <param name="domain">
## <summary>
## Domain to make unconfined.
## </summary>
## </param>
## <param name="entrypoint">
## <summary>
## File entry
## </summary>
## </param>
## <param name="attribute">
## <summary>
## Attribute needed to get access to socket
## </summary>
## </param>
#
interface(`fireflier_unconfined',`
gen_require(`
role system_r;
attribute fireflier_unconfined_domain;
type security_t;
bool secure_mode;
bool secure_mode_insmod;
bool dac_override_audit;
')
domain_type($1)
domain_entry_file($1,$2)
role system_r types $1;
role user_r types $1;
allow $1 self:capability ~{sys_module sys_rawio dac_override
dac_read_search};
if(!secure_mode && dac_override_audit) {
auditallow $1 self:capability {dac_override dac_read_search};
}
if (!secure_mode) {
allow $1 self:capability {dac_override dac_read_search};
}
allow $1 self:fifo_file create_file_perms;
allow $1 self:process transition;
allow $1 self:security ~{setenforce load_policy setbool setsecparam
setcheckreqprot};
allow $1 security_t:security ~{setenforce load_policy setbool setsecparam
setcheckreqprot};
kernel_unconfined_norelabel($1)
kernel_load_module_safe($1)
corenet_unconfined($1)
dev_unconfined_norawio($1)
domain_unconfined_norelabel($1)
domain_dontaudit_read_all_domains_state($1)
files_unconfined_norelabel($1)
fs_unconfined_norelabel($1)
typeattribute $1 $3;
neverallow $1 domain:{file sock_file} {relabelfrom relabelto};
neverallow ~$3 domain:{socket_class_set socket key_socket} *;
allow $1 self:process execheap;
allow $1 self:process execmem;
allow $1 self:process execstack;
allow $1 self:{socket_class_set socket key_socket} *;
allow $1 domain:process getattr;
allow $1 device_t:{chr_file blk_file} getattr;
allow $3 $1:{socket_class_set socket key_socket} *;
typeattribute $1 fireflier_unconfined_domain;
')
########################################
## <summary>
## Generates an unconfined domain.
## Except that it does not allow it to change labels, and load policy
## It will generate: $1_t,$1_exec_t,has_$1_socket_access
## </summary>
## <param name="domain">
## <summary>
## Base name
## </summary>
## </param>
#
interface(`fireflier_gen_unconfined_type',`
gen_require(`
attribute has_restricted_sockets;
type file_t;
type fireflier_unconfined_t;
')
type $1_t;
type $1_exec_t;
attribute has_$1_socket_access;
files_type($1_exec_t)
typeattribute $1_t has_restricted_sockets;
fireflier_unconfined($1_t,$1_exec_t,has_$1_socket_access)
domain_auto_trans(fireflier_unconfined_domain,$1_exec_t,$1_t)
# domain_auto_trans($1_t,file_t,fireflier_unconfined_t)
')
########################################
## <summary>
## Allows access for @domain to @restricted's sockets
## </summary>
## <param name="domain">
## <summary>
## The domain that needs access granted
## </summary>
## </param>
## <param name="restricted">
## <summary>
## The domain that has the restricted socket
## </summary>
## </param>
#
interface(`allow_access_to_socket',`
gen_require(`
attribute has_$1_socket_access;
type $2_t;
')
typeattribute $2_t has_$1_socket_access;
')
########################################
## <summary>
## Unconfined type, that can modify the policy somehow
## Cannot be executed from other unconfined domains
## </summary>
## <param name="base">
## <summary>
## The base name
## </summary>
#
interface(`gen_policymanager_type',`
gen_require(`
attribute policymanager;
')
type $1_t;
type $1_exec_t;
typeattribute $1_t policymanager;
attribute has_$1_socket_access;
fireflier_unconfined($1_t,$1_exec_t,has_$1_socket_access)
neverallow ~policymanager $1_t:process transition;
neverallow ~policymanager $1_exec_t:file {write unlink relabelfrom
relabelto};
domain_auto_trans(policymanager,$1_exec_t,$1_t)
')
---------------
fireflier.fc:
-------------
/etc/selinux/fireflier/modules/semanage.read.LOCK --
gen_context(system_u:object_r:semanage_lock_t,s0)
/etc/selinux/fireflier/modules/semanage.trans.LOCK --
gen_context(system_u:object_r:semanage_lock_t,s0)
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)?
gen_context(system_u:object_r:policy_config_t,s0)
/etc/selinux/([^/]*/)?policy(/.*)?
gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
/etc/selinux/([^/]*/)?seusers --
gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
/etc/selinux([^/]*/)?modules/(active|tmp|previous)(/.*)? --
gen_context(system_u:object_r:policy_config_t,s0)
/etc/selinux/([^/]*/)?users(/.*)? --
gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
/usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
/sbin/restorecon -- gen_context(system_u:object_r:restorecon_exec_t,s0)
/usr/sbin/semodule -- gen_context(system_u:object_r:semanage_exec_t,s0)
/usr/sbin/setsebool -- gen_context(system_u:object_r:boolset_exec_t,s0)
/usr/sbin/setenforce -- gen_context(system_u:object_r:load_policy_exec_t,s0)
/usr/sbin/policymanager --
gen_context(system_u:object_r:policy_manager_exec_t,s0)
unconfined_norelabel.if
----------
## <summary>fireflier policy generation</summary>
########################################
## <summary>
## Unconfined access to devices, except rawio
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_unconfined_norawio',`
gen_require(`
attribute device_node, memory_raw_write, memory_raw_read;
type mtrr_device_t;
')
allow $1 device_node:{ dir lnk_file sock_file fifo_file blk_file chr_file} *;
allow $1 mtrr_device_t:{ dir file } *;
')
########################################
## <summary>
## Unconfined access to domains, except relabeling
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`domain_unconfined_norelabel',`
gen_require(`
attribute domain, set_curr_context;
attribute has_restricted_sockets;
')
# Use/sendto/connectto sockets created by any domain.
allow $1 {domain - has_restricted_sockets}:{ socket_class_set socket
key_socket } *;
# Use descriptors and pipes created by any domain.
allow $1 domain:fd use;
allow $1 domain:fifo_file rw_file_perms;
# Act upon any other process.
allow $1 domain:process ~{ transition dyntransition execmem execstack
execheap setcurrent};
# Create/access any System V IPC objects.
allow $1 domain:{ sem msgq shm } *;
allow $1 domain:msg { send receive };
# For /proc/pid
allow $1 domain:dir r_dir_perms;
allow $1 {domain}:file r_file_perms;
allow $1 domain:lnk_file r_file_perms;
')
########################################
## <summary>
## Unconfined access to kernel module resources, except relabeling
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_unconfined_norelabel',`
gen_require(`
type kernel_t, unlabeled_t, sysctl_t;
attribute proc_type, sysctl_type;
attribute kern_unconfined;
attribute can_load_kernmodule, can_receive_kernel_messages;
')
allow $1 proc_type:{ dir file } ~{relabelfrom relabelto};
allow $1 sysctl_t:{ dir file } ~{relabelfrom relabelto};
allow $1 kernel_t:system *;
allow $1 unlabeled_t:dir_file_class_set ~{relabelfrom relabelto};
allow $1 unlabeled_t:filesystem *;
allow $1 unlabeled_t:association *;
typeattribute $1 can_load_kernmodule, can_receive_kernel_messages;
typeattribute $1 kern_unconfined;
kernel_rw_all_sysctls($1)
')
########################################
## <summary>
## Unconfined access to files, except relabeling
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`files_unconfined_norelabel',`
gen_require(`
attribute file_type;
')
# Create/access any file in a labeled filesystem;
allow $1 file_type:{ file chr_file} ~{ execmod relabelfrom
relabelto };
allow $1 file_type:{ dir lnk_file fifo_file blk_file } *;
# allow $1 {file_type -has_restricted_sockets}:sock_file *;
allow $1 file_type:sock_file *;
# Mount/unmount any filesystem with the context= option.
allow $1 file_type:filesystem *;
# Bind to any network address.
# cjp: need to check this, I dont think this has any effect.
allow $1 file_type:{ unix_stream_socket unix_dgram_socket } name_bind;
allow $1 file_type:file execmod;
')
########################################
## <summary>
## Unconfined access to filesystems, except relabeling
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_unconfined_norelabel',`
gen_require(`
attribute filesystem_type;
')
allow $1 filesystem_type:filesystem ~{relabelfrom relabelto};
# Create/access other files. fs_type is to pick up various
# pseudo filesystem types that are applied to both the filesystem
# and its files.
allow $1 filesystem_type:{ dir file lnk_file sock_file fifo_file }
~{relabelfrom relabelto};
allow $1 filesystem_type:{ blk_file chr_file } *;
')
########################################
## <summary>
## Allows caller to load kernel modules, if !secure_mode_insmod
## </summary>
## <param name="domain">
## <summary>
## The process type to allow to load kernel modules.
## </summary>
## </param>
#
interface(`kernel_load_module_safe',`
gen_require(`
attribute can_load_kernmodule;
')
if(!secure_mode_insmod) {
allow $1 self:capability sys_module;
}
typeattribute $1 can_load_kernmodule;
')
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-05-01 16:34 UTC|newest]
Thread overview: 272+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-02 9:40 [RFC] packet/socket owner match (fireflier) using skfilter Török Edwin
2006-04-03 15:18 ` James Morris
2006-04-03 15:39 ` Török Edwin
2006-04-05 15:06 ` Stephen Smalley
2006-04-07 17:34 ` Török Edwin
2006-04-07 18:24 ` [RFC][PATCH 0/7] fireflier LSM for labeling sockets based on its creator (owner) Török Edwin
2006-04-07 18:27 ` [RFC][PATCH 1/7] " Török Edwin
2006-04-12 19:11 ` Stephen Smalley
2006-04-14 20:02 ` Török Edwin
2006-04-07 18:38 ` [RFC][PATCH 2/7] implementation of LSM hooks Török Edwin
2006-04-12 17:42 ` Stephen Smalley
2006-04-14 20:01 ` [RESEND][RFC][PATCH " Török Edwin
2006-04-17 16:06 ` Stephen Smalley
2006-04-17 16:23 ` Christoph Hellwig
2006-04-17 17:03 ` Stephen Smalley
2006-04-17 17:08 ` Arjan van de Ven
2006-04-17 17:33 ` Christoph Hellwig
2006-04-17 18:02 ` Casey Schaufler
2006-04-17 18:15 ` Stephen Smalley
2006-04-17 19:26 ` Serge E. Hallyn
2006-04-17 19:31 ` James Morris
2006-04-17 19:47 ` Serge E. Hallyn
2006-04-17 20:02 ` Stephen Smalley
2006-04-19 14:52 ` David Safford
2006-04-19 15:26 ` Stephen Smalley
2006-04-19 17:57 ` Emily Ratliff
2006-04-19 18:33 ` Stephen Smalley
2006-04-20 12:27 ` Stephen Smalley
2006-04-19 15:47 ` Stephen Smalley
2006-04-17 22:15 ` Gerrit Huizenga
2006-04-17 22:48 ` Alan Cox
2006-04-17 22:58 ` James Morris
2006-04-18 2:00 ` Crispin Cowan
2006-04-17 22:55 ` Christoph Hellwig
2006-04-18 1:44 ` Gerrit Huizenga
2006-04-18 11:58 ` Christoph Hellwig
2006-04-18 16:50 ` Gerrit Huizenga
2006-04-18 17:27 ` Karl MacMillan
2006-04-18 19:31 ` Crispin Cowan
2006-04-18 19:50 ` Arjan van de Ven
2006-04-18 20:13 ` [Fireflier-devel] " Török Edwin
2006-04-18 20:31 ` Alan Cox
2006-04-18 19:33 ` [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementationof " David Lang
2006-04-18 20:42 ` [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementation of " Serge E. Hallyn
2006-04-18 20:23 ` Serge E. Hallyn
2006-04-19 18:32 ` Crispin Cowan
2006-04-19 18:48 ` Arjan van de Ven
2006-04-19 19:50 ` Jan Engelhardt
2006-04-19 18:50 ` Valdis.Kletnieks
2006-04-19 23:24 ` Tony Jones
2006-04-18 20:14 ` Stephen Smalley
2006-04-18 20:35 ` Crispin Cowan
2006-04-18 21:07 ` Greg KH
2006-04-19 12:22 ` Stephen Smalley
2006-04-18 20:26 ` Alan Cox
2006-04-18 20:57 ` Crispin Cowan
2006-04-18 21:36 ` James Morris
2006-04-18 23:09 ` Crispin Cowan
2006-04-18 23:27 ` Chris Wright
2006-04-18 23:57 ` James Morris
2006-04-19 1:48 ` Casey Schaufler
2006-04-19 6:40 ` Kyle Moffett
2006-04-19 6:56 ` Valdis.Kletnieks
2006-04-19 11:41 ` Serge E. Hallyn
2006-04-19 15:51 ` Valdis.Kletnieks
2006-04-19 16:00 ` Gene Heskett
2006-04-20 6:51 ` Kyle Moffett
2006-04-20 12:40 ` Stephen Smalley
2006-04-21 1:00 ` Nix
2006-04-21 14:24 ` Stephen Smalley
2006-04-24 8:14 ` Lars Marowsky-Bree
2006-04-25 0:19 ` Valdis.Kletnieks
2006-04-25 7:21 ` Nix
2006-04-19 7:44 ` Arjan van de Ven
2006-04-19 11:53 ` Serge E. Hallyn
2006-04-19 12:56 ` Stephen Smalley
2006-04-19 12:54 ` Stephen Smalley
2006-04-19 16:42 ` Casey Schaufler
2006-04-19 18:01 ` Stephen Smalley
2006-04-20 4:10 ` Casey Schaufler
2006-04-20 4:29 ` James Morris
2006-04-20 4:56 ` Chris Wright
2006-04-18 23:16 ` Casey Schaufler
2006-04-18 23:19 ` Christoph Hellwig
2006-04-19 5:22 ` Arjan van de Ven
2006-04-19 12:40 ` Stephen Smalley
2006-04-18 23:09 ` Casey Schaufler
2006-04-19 5:23 ` Arjan van de Ven
2006-04-18 18:46 ` Alan Cox
2006-04-18 19:59 ` Serge E. Hallyn
2006-04-18 20:20 ` Stephen Smalley
2006-04-18 20:36 ` Serge E. Hallyn
2006-04-18 23:00 ` Casey Schaufler
2006-04-19 9:03 ` Bernhard R. Link
2006-04-18 21:38 ` Kurt Garloff
2006-04-19 7:04 ` Valdis.Kletnieks
2006-04-19 7:36 ` Arjan van de Ven
2006-04-19 12:10 ` Serge E. Hallyn
2006-04-19 12:55 ` Yuichi Nakamura
2006-04-19 15:44 ` Greg KH
2006-04-19 16:02 ` Stephen Smalley
2006-04-19 16:06 ` Greg KH
2006-04-19 21:10 ` Crispin Cowan
2006-04-19 21:48 ` Yuichi Nakamura
2006-04-20 12:44 ` Karl MacMillan
2006-04-19 13:09 ` Stephen Smalley
2006-04-18 11:59 ` Stephen Smalley
2006-04-17 23:09 ` Chris Wright
2006-04-17 19:37 ` Stephen Smalley
2006-04-18 13:05 ` Kazuki Omo(Company)
2006-04-18 13:37 ` James Morris
2006-04-18 14:45 ` Greg KH
2006-04-18 15:51 ` Casey Schaufler
2006-04-18 16:07 ` Greg KH
2006-04-17 19:20 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) James Morris
2006-04-17 19:51 ` Greg KH
2006-04-17 20:08 ` Arjan van de Ven
2006-04-17 21:26 ` Alan Cox
2006-04-17 23:26 ` Casey Schaufler
2006-04-18 2:29 ` Valdis.Kletnieks
2006-04-18 12:22 ` Serge E. Hallyn
2006-04-18 12:59 ` Stephen Smalley
[not found] ` <20060418132121.GE7562@sergelap.austin.ibm.com>
2006-04-18 13:40 ` Stephen Smalley
2006-04-18 20:13 ` Crispin Cowan
2006-04-18 23:01 ` Valdis.Kletnieks
2006-04-20 0:19 ` Crispin Cowan
2006-04-20 15:27 ` Valdis.Kletnieks
2006-04-21 15:23 ` Ken Brush
2006-04-21 19:51 ` Valdis.Kletnieks
2006-04-22 20:52 ` Ken Brush
2006-04-23 9:45 ` Valdis.Kletnieks
2006-04-24 8:24 ` Lars Marowsky-Bree
2006-04-24 12:42 ` Alan Cox
2006-04-24 12:44 ` Lars Marowsky-Bree
2006-04-24 12:45 ` Olivier Galibert
2006-04-24 12:54 ` Arjan van de Ven
2006-04-24 13:09 ` Serge E. Hallyn
2006-04-24 13:16 ` Arjan van de Ven
2006-04-24 13:29 ` Serge E. Hallyn
2006-04-24 13:40 ` Arjan van de Ven
2006-04-24 13:54 ` Serge E. Hallyn
2006-04-24 14:07 ` Arjan van de Ven
2006-04-25 19:06 ` Serge E. Hallyn
2006-04-25 4:07 ` Casey Schaufler
2006-04-24 14:08 ` Olivier Galibert
2006-04-25 16:29 ` Stephen Smalley
2006-04-25 22:26 ` Olivier Galibert
2006-04-26 12:14 ` Stephen Smalley
2006-04-26 16:03 ` Olivier Galibert
2006-04-27 6:56 ` Thomas Bleher
2006-04-24 12:55 ` Serge E. Hallyn
2006-04-24 12:56 ` Serge E. Hallyn
2006-04-24 14:02 ` Alan Cox
2006-04-24 14:04 ` Serge E. Hallyn
2006-04-24 14:31 ` Alan Cox
2006-04-24 14:28 ` Serge E. Hallyn
2006-04-24 14:45 ` David Lang
2006-04-24 16:50 ` Arjan van de Ven
2006-04-25 16:31 ` Stephen Smalley
2006-04-25 16:23 ` Stephen Smalley
2006-04-25 2:06 ` Valdis.Kletnieks
2006-04-25 7:36 ` Lars Marowsky-Bree
2006-04-20 21:13 ` Pavel Machek
2006-04-23 3:50 ` Crispin Cowan
2006-04-23 9:33 ` Valdis.Kletnieks
2006-04-23 14:58 ` Thomas Bleher
2006-04-24 8:28 ` Lars Marowsky-Bree
2006-04-24 8:37 ` Arjan van de Ven
2006-04-24 8:54 ` Lars Marowsky-Bree
2006-04-24 9:12 ` Arjan van de Ven
2006-04-25 0:31 ` Valdis.Kletnieks
2006-04-20 17:46 ` Pavel Machek
2006-04-18 2:38 ` Valdis.Kletnieks
2006-04-19 8:16 ` Jan Engelhardt
2006-04-19 15:40 ` Greg KH
2006-04-19 16:33 ` James Morris
2006-04-19 18:10 ` Greg KH
2006-04-19 19:33 ` Chris Wright
2006-04-20 12:39 ` Stephen Smalley
2006-04-20 12:51 ` Serge E. Hallyn
2006-04-20 15:00 ` Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM) Greg KH
2006-04-20 14:20 ` Stephen Smalley
2006-04-20 16:15 ` Greg KH
2006-04-20 16:23 ` Christoph Hellwig
2006-04-20 16:34 ` Stephen Smalley
2006-04-20 16:46 ` Greg KH
2006-04-20 17:00 ` Stephen Smalley
2006-04-20 17:01 ` [PATCH] make security_ops EXPORT_SYMBOL_GPL() Greg KH
2006-04-20 18:08 ` Linus Torvalds
2006-04-20 19:34 ` Greg KH
2006-04-21 16:50 ` Greg KH
2006-04-21 17:34 ` Chris Wright
2006-04-20 17:02 ` Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM) Tony Jones
2006-04-20 20:14 ` Chris Wright
2006-04-19 19:22 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) Jan Engelhardt
2006-04-19 20:48 ` Greg KH
2006-04-19 20:59 ` Serge E. Hallyn
2006-04-19 21:08 ` Randy.Dunlap
2006-04-19 16:00 ` Arjan van de Ven
2006-04-19 19:06 ` Jan Engelhardt
2006-04-19 20:11 ` Greg KH
2006-04-19 20:52 ` Randy.Dunlap
2006-04-19 20:54 ` Arjan van de Ven
2006-04-19 21:05 ` Jan Engelhardt
2006-04-20 12:20 ` Stephen Smalley
2006-04-21 13:30 ` Jan Engelhardt
2006-04-21 15:05 ` Greg KH
2006-05-01 13:45 ` [PATCH 0/4] MultiAdmin LSM Jan Engelhardt
2006-05-01 13:48 ` [PATCH 1/4] security_cap_extra() and more Jan Engelhardt
2006-05-01 13:49 ` [PATCH 2/4] Use of capable_light() Jan Engelhardt
2006-05-01 13:49 ` [PATCH 3/4] task_post_setgid() Jan Engelhardt
2006-05-01 13:50 ` [PATCH 4/4] MultiAdmin module Jan Engelhardt
2006-05-01 14:56 ` James Morris
2006-05-01 15:05 ` Greg KH
2006-05-01 13:50 ` [PATCH 0/4] MultiAdmin LSM Arjan van de Ven
2006-05-01 16:03 ` [PATCH 4a/4] MultiAdmin LSM (LKCS'ed) Jan Engelhardt
2006-05-01 16:47 ` Greg KH
2006-05-01 17:42 ` Jan Engelhardt
2006-05-01 18:07 ` Greg KH
2006-05-01 20:19 ` Jan Engelhardt
2006-05-01 21:47 ` Adrian Bunk
2006-05-01 20:56 ` [PATCH 0/4] MultiAdmin LSM Pavel Machek
2006-05-02 4:22 ` James Morris
2006-04-21 16:25 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) Stephen Smalley
2006-04-21 18:57 ` Jan Engelhardt
2006-04-21 19:56 ` Stephen Smalley
2006-04-22 11:13 ` Jan Engelhardt
2006-04-20 23:41 ` Pavel Machek
2006-04-19 17:00 ` Valdis.Kletnieks
2006-04-17 20:20 ` Chris Wright
2006-04-17 20:24 ` Arjan van de Ven
2006-04-17 20:27 ` Time to remove LSM David S. Miller
2006-04-17 20:27 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) Chris Wright
2006-04-17 20:34 ` Greg KH
2006-04-17 20:38 ` Chris Wright
2006-04-17 20:43 ` Arjan van de Ven
2006-04-17 20:53 ` Chris Wright
2006-04-17 20:45 ` alan
[not found] ` <2e00cdfd0604171437g1d6c6923w5db82f317ed0f56@mail.gmail.com>
2006-04-17 22:07 ` Chris Wright
2006-04-17 22:10 ` Arjan van de Ven
2006-04-17 20:51 ` Adrian Bunk
2006-04-17 20:08 ` [RESEND][RFC][PATCH 2/7] implementation of LSM hooks David S. Miller
2006-04-17 18:20 ` Török Edwin
2006-04-23 19:58 ` Labeling only policy and problems with booleans Török Edwin
2006-04-26 13:37 ` Stephen Smalley
2006-04-26 14:13 ` Christopher J. PeBenito
2006-04-26 18:18 ` Török Edwin
2006-04-26 19:23 ` Christopher J. PeBenito
2006-04-26 18:13 ` Török Edwin
2006-04-26 19:26 ` Stephen Smalley
2006-04-26 20:08 ` Török Edwin
2006-04-27 19:17 ` Török Edwin
2006-04-27 19:53 ` Karl MacMillan
2006-05-01 16:06 ` [PATCH ] consistent labeling of block|character devices Török Edwin
2006-05-01 19:51 ` Stephen Smalley
2006-05-01 16:17 ` [1/4] Labeling only policy for fireflier Török Edwin
2006-05-01 16:34 ` Török Edwin [this message]
2006-05-01 16:38 ` [3/4] Labeling only policy for fireflier (example module) Török Edwin
2006-05-03 14:35 ` [2/4] Labeling only policy for fireflier (fireflier.pp) Christopher J. PeBenito
2006-05-01 16:43 ` [4/4] Labeling only policy for fireflier (install) Török Edwin
2006-05-01 18:55 ` [1/4] Labeling only policy for fireflier Christopher J. PeBenito
2006-05-02 15:36 ` Török Edwin
2006-04-07 18:39 ` [RFC][PATCH 3/7] sidtab - hashtable to store SIDs Török Edwin
2006-04-07 18:41 ` [RFC][PATCH 4/7] exports Török Edwin
2006-04-07 18:43 ` [RFC][PATCH 5/7] debugging/testing support Török Edwin
2006-04-07 18:44 ` [RFC][PATCH 6/7] userspace Török Edwin
2006-04-07 18:46 ` [RFC][PATCH 7/7] stacking support for capability module Török Edwin
2006-04-07 19:18 ` Serge E. Hallyn
2006-04-07 19:45 ` [RFC][PATCH 0/7] fireflier LSM for labeling sockets based on its creator (owner) Chris Wright
2006-04-08 7:41 ` edwin
2006-04-21 15:26 ` [RFC] packet/socket owner match (fireflier) using skfilter Mikado
2006-04-21 16:18 ` Török Edwin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200605011934.00791.edwin@gurde.com \
--to=edwin@gurde.com \
--cc=cpebenito@tresys.com \
--cc=fireflier-devel@lists.sourceforge.net \
--cc=jbrindle@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.