More nsswitch changes.

All of lore.kernel.org
 help / color / mirror / Atom feed

* More nsswitch changes.
@ 2007-12-04 17:27 Daniel J Walsh
  2007-12-06 15:55 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2007-12-04 17:27 UTC (permalink / raw)
  To: Christopher J. PeBenito, SE Linux

[-- Attachment #1: Type: text/plain, Size: 0 bytes --]



[-- Attachment #2: diff.gz --]
[-- Type: application/x-gzip, Size: 2350 bytes --]

[-- Attachment #3: diff.gz.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: More nsswitch changes.
  2007-12-04 17:27 More nsswitch changes Daniel J Walsh
@ 2007-12-06 15:55 ` Christopher J. PeBenito
  2007-12-06 18:10   ` Daniel J Walsh
  0 siblings, 1 reply; 4+ messages in thread
From: Christopher J. PeBenito @ 2007-12-06 15:55 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: SE Linux

On Tue, 2007-12-04 at 12:27 -0500, Daniel J Walsh wrote:
>  policy/modules/admin/alsa.te          |    6 ++----
>  policy/modules/admin/vpn.te           |   10 ++--------
>  policy/modules/apps/thunderbird.if    |   15 ++-------------
>  policy/modules/services/apache.te     |    2 ++
>  policy/modules/services/mta.if        |   13 ++-----------
>  policy/modules/services/postgresql.te |   10 ++--------
>  policy/modules/services/rshd.te       |    8 ++------
>  policy/modules/services/samba.te      |   14 ++------------
>  policy/modules/services/sendmail.te   |   14 ++------------
>  policy/modules/services/xserver.te    |    5 -----
>  policy/modules/system/authlogin.te    |    8 --------
>  policy/modules/system/mount.te        |    4 ----
>  12 files changed, 18 insertions(+), 91 deletions(-)

I dropped the alsa, apache, because I think the nis/nscd that is
currently in those are potentially wrong.  Back in the example policy,
there was some liberal usage of nis an nscd, and I suspect these are
just carryovers.  The netlink_route_socket usage provides a little more
evidence.  The other ones are merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: More nsswitch changes.
  2007-12-06 15:55 ` Christopher J. PeBenito
@ 2007-12-06 18:10   ` Daniel J Walsh
  2007-12-06 18:42     ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2007-12-06 18:10 UTC (permalink / raw)
  To: Christopher J. PeBenito; +Cc: SE Linux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher J. PeBenito wrote:
> On Tue, 2007-12-04 at 12:27 -0500, Daniel J Walsh wrote:
>>  policy/modules/admin/alsa.te          |    6 ++----
>>  policy/modules/admin/vpn.te           |   10 ++--------
>>  policy/modules/apps/thunderbird.if    |   15 ++-------------
>>  policy/modules/services/apache.te     |    2 ++
>>  policy/modules/services/mta.if        |   13 ++-----------
>>  policy/modules/services/postgresql.te |   10 ++--------
>>  policy/modules/services/rshd.te       |    8 ++------
>>  policy/modules/services/samba.te      |   14 ++------------
>>  policy/modules/services/sendmail.te   |   14 ++------------
>>  policy/modules/services/xserver.te    |    5 -----
>>  policy/modules/system/authlogin.te    |    8 --------
>>  policy/modules/system/mount.te        |    4 ----
>>  12 files changed, 18 insertions(+), 91 deletions(-)
> 
> I dropped the alsa, apache, because I think the nis/nscd that is
> currently in those are potentially wrong.  Back in the example policy,
> there was some liberal usage of nis an nscd, and I suspect these are
> just carryovers.  The netlink_route_socket usage provides a little more
> evidence.  The other ones are merged.
> 
Ok, greping through the source of alsa-utils shows no getpw.  So I will
remove that policy and wait for the avc's.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHWDsFrlYvE4MpobMRAvL1AKC3r122CuFPNuo/2hhL+eRhxPHFKQCdHjtF
Jr8N/HK7V+fyD1VoqfVOXCM=
=n3Ke
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: More nsswitch changes.
  2007-12-06 18:10   ` Daniel J Walsh
@ 2007-12-06 18:42     ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2007-12-06 18:42 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: SE Linux

On Thu, 2007-12-06 at 13:10 -0500, Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
> > On Tue, 2007-12-04 at 12:27 -0500, Daniel J Walsh wrote:
> >>  policy/modules/admin/alsa.te          |    6 ++----
> >>  policy/modules/admin/vpn.te           |   10 ++--------
> >>  policy/modules/apps/thunderbird.if    |   15 ++-------------
> >>  policy/modules/services/apache.te     |    2 ++
> >>  policy/modules/services/mta.if        |   13 ++-----------
> >>  policy/modules/services/postgresql.te |   10 ++--------
> >>  policy/modules/services/rshd.te       |    8 ++------
> >>  policy/modules/services/samba.te      |   14 ++------------
> >>  policy/modules/services/sendmail.te   |   14 ++------------
> >>  policy/modules/services/xserver.te    |    5 -----
> >>  policy/modules/system/authlogin.te    |    8 --------
> >>  policy/modules/system/mount.te        |    4 ----
> >>  12 files changed, 18 insertions(+), 91 deletions(-)
> > 
> > I dropped the alsa, apache, because I think the nis/nscd that is
> > currently in those are potentially wrong.  Back in the example policy,
> > there was some liberal usage of nis an nscd, and I suspect these are
> > just carryovers.  The netlink_route_socket usage provides a little more
> > evidence.  The other ones are merged.
> > 
> Ok, greping through the source of alsa-utils shows no getpw.  So I will
> remove that policy and wait for the avc's.

Sounds good.  It'd be nice if we could get someone to verify the other
nsswitch usage in the policy.  Maybe we need some policy janitors... or
interns :)

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-12-06 18:42 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-04 17:27 More nsswitch changes Daniel J Walsh
2007-12-06 15:55 ` Christopher J. PeBenito
2007-12-06 18:10   ` Daniel J Walsh
2007-12-06 18:42     ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.