From: Daniel J Walsh <dwalsh@redhat.com>
To: jwcart2@epoch.ncsc.mil
Cc: SELinux <selinux@tycho.nsa.gov>
Subject: Re: ***SPAM*** Re: Latest policy
Date: Thu, 10 Mar 2005 16:47:34 -0500 [thread overview]
Message-ID: <4230C076.9000905@redhat.com> (raw)
In-Reply-To: <1110489782.662.15.camel@moss-lions.epoch.ncsc.mil>
James Carter wrote:
>Merged.
>
>I did notice that some of the changes to use read_sysctl() replaced
>statements like:
>allow foo_t sysctl_kernel_t:file r_file_perms;
>allow foo_t sysctl_kernel_t:dir r_dir_perms;
>instead of ones like:
>allow foo_t sysctl_kernel_t:dir search;
>allow foo_t sysctl_kernel_t:file read;
>This was the case for the following: fsadm.te, backup.te, clamav.te,
>gatekeeper.te, lvm.te, named.te, and clamav_macros.te.
>
>I didn't notice any problems though, so maybe they didn't need those
>permissions.
>
>
>
Yes I have not heard any complaints about this yet.
>Do we need to add this?
>cy-1.21.15/file_contexts/program/nrpe.fc
>--- nsapolicy/file_contexts/program/nrpe.fc 2005-02-24 14:51:09.000000000 -0500
>+++ policy-1.21.15/file_contexts/program/nrpe.fc 2005-03-07 09:36:55.000000000 -0500
>@@ -1,3 +1,5 @@
> # nrpe
> /usr/bin/nrpe -- system_u:object_r:nrpe_exec_t
> /etc/nagios/nrpe\.cfg -- system_u:object_r:nrpe_etc_t
>+/usr/lib(64)?/netsaint/plugins(/.*)? -- system_u:object_r:bin_t
>+/usr/lib(64)?/nagios/plugins(/.*)? -- system_u:object_r:bin_t
>
>
>
This is probably me missing a removal, since I have done nothing with
nrpe. So eliminate this.
>These same statements are also in nagios.fc
>
>
>On Wed, 2005-03-09 at 00:27 -0500, Daniel J Walsh wrote:
>
>
>>Lots of policy cleanup via Ivan's Patches
>> Use read_sysctl
>> Cleanup of homedir macros
>>
>>Fixes to allow amanda to read file system
>>
>>Change apache stream sockets to use create_stream_socket_perms
>>
>>Eliminate cyrus_r
>>
>>Cleanup dhcpc.te so it can be used in targeted policy
>>
>>Add ftpd_anon_rw_t so that upload can be made to work with anonymous ftp
>>sites.
>>
>>Additional rules to allow postfix to work correctly in targeted policy
>>
>>Allow snmpd to communicate with its own fifo_file
>>
>>
>>
>
>
>
>
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-03-10 21:55 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-09 5:27 Latest policy Daniel J Walsh
2005-03-10 21:23 ` James Carter
2005-03-10 21:47 ` Daniel J Walsh [this message]
2005-03-10 22:06 ` Thomas Bleher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4230C076.9000905@redhat.com \
--to=dwalsh@redhat.com \
--cc=jwcart2@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.