From: sven.vermeulen@siphos.be (Sven Vermeulen)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 0/13] Numerous dontaudits
Date: Thu, 22 Mar 2012 21:02:29 +0100 [thread overview]
Message-ID: <20120322200229.GA3387@siphos.be> (raw)
This set includes quite a few dontaudit updates on the policy that we have
running in Gentoo since the 20110726 policies and without feedback from
users that they are incorrect or that I'm missing something.
Now handling dontaudits isn't easy, it's often much easier to find out why
you need to allow something (as the application otherwise breaks) whereas
finding denials that do not seem to have any influence on the system is a
lot harder to pin down.
But still, I guess it's okay to bring out these dontaudits in refpolicy;
either others can find flaws or confirm that they too dontaudit these
settings.
next reply other threads:[~2012-03-22 20:02 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-22 20:02 Sven Vermeulen [this message]
2012-03-22 20:06 ` [refpolicy] [PATCH 1/13] Adding dontaudit interfaces for files module Sven Vermeulen
2012-04-20 20:10 ` Christopher J. PeBenito
2012-03-22 20:07 ` [refpolicy] [PATCH 2/13] Adding dontaudit on mozilla Sven Vermeulen
2012-04-20 20:12 ` Christopher J. PeBenito
2012-03-22 20:08 ` [refpolicy] [PATCH 3/13] Adding dontaudit on mta Sven Vermeulen
2012-04-20 20:10 ` Christopher J. PeBenito
2012-03-22 20:08 ` [refpolicy] [PATCH 4/13] Adding dontaudits for portage domains Sven Vermeulen
2012-04-20 20:12 ` Christopher J. PeBenito
2012-03-22 20:09 ` [refpolicy] [PATCH 5/6] Adding dontaudit for qemu Sven Vermeulen
2012-04-20 20:12 ` Christopher J. PeBenito
2012-04-21 16:12 ` Sven Vermeulen
2012-04-23 12:28 ` Christopher J. PeBenito
2012-03-22 20:10 ` [refpolicy] [PATCH 6/13] Adding dontaudit interfaces in sysnet Sven Vermeulen
2012-04-20 20:11 ` Christopher J. PeBenito
2012-03-22 20:10 ` [refpolicy] [PATCH 7/13] Adding dontaudits for xserver Sven Vermeulen
2012-04-20 20:11 ` Christopher J. PeBenito
2012-03-22 20:11 ` [refpolicy] [PATCH 8/13] Do not audit usage of a leaked file descriptor Sven Vermeulen
2012-04-20 20:12 ` Christopher J. PeBenito
2012-03-22 20:12 ` [refpolicy] [PATCH 9/13] Do not audit rw on dhcp client unix_stream_sockets Sven Vermeulen
2012-04-20 20:11 ` Christopher J. PeBenito
2012-03-22 20:12 ` [refpolicy] [PATCH 10/13] Adding dontaudits for mount Sven Vermeulen
2012-04-20 20:12 ` Christopher J. PeBenito
2012-03-22 20:13 ` [refpolicy] [PATCH 11/13] Adding dontaudits for selinuxutil Sven Vermeulen
2012-04-20 20:13 ` Christopher J. PeBenito
2012-03-22 20:13 ` [refpolicy] [PATCH 12/13] Adding dontaudit for sudo Sven Vermeulen
2012-04-20 20:13 ` Christopher J. PeBenito
2012-03-22 20:14 ` [refpolicy] [PATCH 13/13] Adding dontaudits for raid Sven Vermeulen
2012-04-20 20:13 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120322200229.GA3387@siphos.be \
--to=sven.vermeulen@siphos.be \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.