From: Daniel J Walsh <dwalsh@redhat.com>
To: "Christopher J. PeBenito" <cpebenito@tresys.com>,
SE Linux <selinux@tycho.nsa.gov>
Subject: Patches to files in the kernel policy directory
Date: Thu, 13 Dec 2007 09:26:28 -0500 [thread overview]
Message-ID: <47614114.5090703@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1786 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Added capabilicy to corecmd_exec_chroot
Added pgpkeyserver port definition
- - Included squid patch to show use of pgpkeyserver
Addition of /dev/kvm
Add the ability to relabel from lnk_files labeled device_t
Add an interface to manage directories in /dev. This is used by xserver.
dev_dontaudit_getattr_all_blk_files
Should include blk_files labeled device_t
dev_dontaudit_getattr_all_chr_files
Should include chr_files labeled device_t
Added interface
dev_rw_generic_usb_pipes
used by xserver
Added a hole bunch of dontaudit domain statements to remove tons of bug
reports. These interfaces remove avc's genererated by the redirection
of stdout/stderr in tools like userhelper, and yum-updatesd or other rpm
daemons. Also rhgb resets output on services when they start, you can
ifdef Redhat, but I think all distributions could use these or similar
rules.
Remove mount_domtrans from polyinstatiation macro since
auth_login_pgm_domain needs mount_domtrans for pam_mount so needs to be
outside of polyinstatiation. Included authlogin_patch.
Added fs_manage_dos_dirs to be used by confined users that need to
manage a usb stick.
Add fs_use_xattr for ext4
add definition for vmblock
fix definition of kernel_rw_afs_state
Dontaudit proc_type and sysctl_type file getattr
Add getattr and dontaudit getattr when using security_t
When using telnetd, it creates a server_ptynode that the login sessions
need to access, this needs to use added to generic_ptys handling.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHYUD/rlYvE4MpobMRAuHRAKDBt0mGqWC/Yc/1DxpWYcc/oPEItwCeNVCL
au6825mNvZQNRfOj3D7+93o=
=5BLE
-----END PGP SIGNATURE-----
[-- Attachment #2: kernel.patch.gz --]
[-- Type: application/x-gzip, Size: 4821 bytes --]
[-- Attachment #3: kernel.patch.gz.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]
reply other threads:[~2007-12-13 14:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47614114.5090703@redhat.com \
--to=dwalsh@redhat.com \
--cc=cpebenito@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.