Patches to files in the kernel policy directory

All of lore.kernel.org
 help / color / mirror / Atom feed

* Patches to files in the kernel policy directory
@ 2007-12-13 14:26 Daniel J Walsh
  0 siblings, 0 replies; only message in thread
From: Daniel J Walsh @ 2007-12-13 14:26 UTC (permalink / raw)
  To: Christopher J. PeBenito, SE Linux

[-- Attachment #1: Type: text/plain, Size: 1786 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Added capabilicy to corecmd_exec_chroot

Added pgpkeyserver port definition

- -	Included squid patch to show use of pgpkeyserver

Addition of /dev/kvm

Add the ability to relabel from lnk_files labeled device_t

Add an interface to manage directories in /dev.  This is used by xserver.

dev_dontaudit_getattr_all_blk_files
	Should include blk_files labeled device_t

dev_dontaudit_getattr_all_chr_files
	Should include chr_files labeled device_t

Added interface
dev_rw_generic_usb_pipes
used by xserver

Added a hole bunch of dontaudit domain statements to remove tons of bug
reports.   These interfaces remove avc's genererated by the redirection
of stdout/stderr in tools like userhelper, and yum-updatesd or other rpm
daemons.  Also rhgb resets output on services when they start, you can
ifdef Redhat, but I think all distributions could use these or similar
rules.

Remove mount_domtrans from polyinstatiation macro since
auth_login_pgm_domain needs mount_domtrans for pam_mount so needs to be
outside of polyinstatiation.  Included authlogin_patch.

Added fs_manage_dos_dirs to be used by confined users that need to
manage a usb stick.

Add fs_use_xattr for ext4

add definition for vmblock

fix definition of kernel_rw_afs_state

Dontaudit proc_type and sysctl_type file getattr

Add getattr and dontaudit getattr when using security_t

When using telnetd, it creates a server_ptynode that the login sessions
need to access,  this needs to use added to generic_ptys handling.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHYUD/rlYvE4MpobMRAuHRAKDBt0mGqWC/Yc/1DxpWYcc/oPEItwCeNVCL
au6825mNvZQNRfOj3D7+93o=
=5BLE
-----END PGP SIGNATURE-----

[-- Attachment #2: kernel.patch.gz --]
[-- Type: application/x-gzip, Size: 4821 bytes --]

[-- Attachment #3: kernel.patch.gz.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2007-12-13 14:26 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-13 14:26 Patches to files in the kernel policy directory Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.