* dontaudit using firstboot fifo_file
@ 2007-03-23 20:37 Daniel J Walsh
0 siblings, 0 replies; 2+ messages in thread
From: Daniel J Walsh @ 2007-03-23 20:37 UTC (permalink / raw)
To: Christopher J. PeBenito, SE Linux
[-- Attachment #1: Type: text/plain, Size: 78 bytes --]
firstboot starts certain daemons (ntp) which attempt to access its fifo_file
[-- Attachment #2: firstboot.patch --]
[-- Type: text/x-patch, Size: 977 bytes --]
--- nsaserefpolicy/policy/modules/admin/firstboot.if 2007-01-02 12:57:51.000000000 -0500
+++ serefpolicy-2.5.10/policy/modules/admin/firstboot.if 2007-03-22 15:06:58.000000000 -0400
@@ -124,3 +124,21 @@
allow $1 firstboot_t:fifo_file { read write };
')
+
+########################################
+## <summary>
+## dontaudit Read and Write to a firstboot unnamed pipe.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`firstboot_dontaudit_rw_pipes',`
+ gen_require(`
+ type firstboot_t;
+ ')
+
+ dontaudit $1 firstboot_t:fifo_file { read write };
+')
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-03-20 23:38:08.000000000 -0400
+++ serefpolicy-2.5.10/policy/modules/services/ntp.te 2007-03-22 15:06:59.000000000 -0400
@@ -131,6 +131,7 @@
optional_policy(`
firstboot_dontaudit_use_fds(ntpd_t)
+ firstboot_dontaudit_rw_pipes(ntpd_t)
')
optional_policy(`
^ permalink raw reply [flat|nested] 2+ messages in thread[parent not found: <46042428.6080007@comcast.net>]
* Re: dontaudit using firstboot fifo_file
[not found] <46042428.6080007@comcast.net>
@ 2007-04-10 13:06 ` Christopher J. PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2007-04-10 13:06 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
On Fri, 2007-03-23 at 15:02 -0400, Daniel J Walsh wrote:
> firstboot starts certain daemons (ntp) which attempt to access its
> fifo_file
Merged.
>
>
>
>
>
>
> differences
> between files
> attachment
> (firstboot.patch), "firstboot.patch"
>
> --- nsaserefpolicy/policy/modules/admin/firstboot.if 2007-01-02
> 12:57:51.000000000 -0500
> +++
> serefpolicy-2.5.10/policy/modules/admin/firstboot.if 2007-03-22
> 15:06:58.000000000 -0400
> @@ -124,3 +124,21 @@
>
> allow $1 firstboot_t:fifo_file { read write };
> ')
> +
> +########################################
> +## <summary>
> +## dontaudit Read and Write to a firstboot unnamed pipe.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## The type of the process performing this action.
> +## </summary>
> +## </param>
> +#
> +interface(`firstboot_dontaudit_rw_pipes',`
> + gen_require(`
> + type firstboot_t;
> + ')
> +
> + dontaudit $1 firstboot_t:fifo_file { read write };
> +')
> --- nsaserefpolicy/policy/modules/services/ntp.te 2007-03-20
> 23:38:08.000000000 -0400
> +++ serefpolicy-2.5.10/policy/modules/services/ntp.te 2007-03-22
> 15:06:59.000000000 -0400
> @@ -131,6 +131,7 @@
>
> optional_policy(`
> firstboot_dontaudit_use_fds(ntpd_t)
> + firstboot_dontaudit_rw_pipes(ntpd_t)
> ')
>
> optional_policy(`
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-04-10 13:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-23 20:37 dontaudit using firstboot fifo_file Daniel J Walsh
[not found] <46042428.6080007@comcast.net>
2007-04-10 13:06 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.