* [refpolicy] flask_access_vectors.patch @ 2008-09-24 20:53 Daniel J Walsh 2008-10-06 18:35 ` Christopher J. PeBenito 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2008-09-24 20:53 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors.patch Add nlmsg_tty_audit for netlink_audit_socket. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjaqK4ACgkQrlYvE4MpobNKSgCeJNFJeI1zyEPptE2SFpob3g3N jUIAnj85ztp+yVBuXQYpk/StiaSpi0Wt =6GGK -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch 2008-09-24 20:53 [refpolicy] flask_access_vectors.patch Daniel J Walsh @ 2008-10-06 18:35 ` Christopher J. PeBenito 2008-10-06 19:52 ` Daniel J Walsh 0 siblings, 1 reply; 8+ messages in thread From: Christopher J. PeBenito @ 2008-10-06 18:35 UTC (permalink / raw) To: refpolicy On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors.patch > > Add nlmsg_tty_audit for netlink_audit_socket. Is there a reference for this? I don't remember seeing anything on the main SELinux list. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch 2008-10-06 18:35 ` Christopher J. PeBenito @ 2008-10-06 19:52 ` Daniel J Walsh [not found] ` <200810061710.53807.sgrubb@redhat.com> 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2008-10-06 19:52 UTC (permalink / raw) To: refpolicy Christopher J. PeBenito wrote: > On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote: >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors.patch >> >> Add nlmsg_tty_audit for netlink_audit_socket. > > Is there a reference for this? I don't remember seeing anything on the > main SELinux list. > This comes from the new auditing keystroke patch to the kernel. Not sure if this was talked about on selinux or just audit list. Added sgrubb since I am not sure he is on the refpolicy list. ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <200810061710.53807.sgrubb@redhat.com>]
* [refpolicy] flask_access_vectors.patch [not found] ` <200810061710.53807.sgrubb@redhat.com> @ 2008-10-08 19:49 ` Christopher J. PeBenito 0 siblings, 0 replies; 8+ messages in thread From: Christopher J. PeBenito @ 2008-10-08 19:49 UTC (permalink / raw) To: refpolicy On Mon, 2008-10-06 at 17:10 -0400, Steve Grubb wrote: > On Monday 06 October 2008 03:52:11 pm Daniel J Walsh wrote: > > Christopher J. PeBenito wrote: > > > On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote: > > >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors > > >>.patch > > >> > > >> Add nlmsg_tty_audit for netlink_audit_socket. > > > > > > Is there a reference for this? I don't remember seeing anything on the > > > main SELinux list. > > > > This comes from the new auditing keystroke patch to the kernel. Not sure > > if this was talked about on selinux or just audit list. > > > > Added sgrubb since I am not sure he is on the refpolicy list. > > No I am not on that list. I sent a patch > > http://article.gmane.org/gmane.comp.security.selinux/6759 > > a long time ago allowing better control of TTY audit because the alternative > is to allow setting audit rules on processes that we only need to send tty > info. So, this should reduce the capabilities required for some processes and > keep the audit system better protected. > > This is a more detailed description of what the audit side is: > > https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html > > Everything is in place to use this except SE Linux policy. So the permission is in Linus' tree? or James'? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch @ 2009-03-03 21:50 Daniel J Walsh 2009-03-05 14:34 ` Christopher J. PeBenito 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2009-03-03 21:50 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F11/flask_access_vectors.patch Please add nlmsg_tty_audit Needed for keystroke auditing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmtpiMACgkQrlYvE4MpobOXGgCfVOT3YEdgfHFScX9d9Ha5QWwA K9wAnir2HxFy9THh6EsG4hWdKi9ciH+U =QENE -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch 2009-03-03 21:50 Daniel J Walsh @ 2009-03-05 14:34 ` Christopher J. PeBenito 0 siblings, 0 replies; 8+ messages in thread From: Christopher J. PeBenito @ 2009-03-05 14:34 UTC (permalink / raw) To: refpolicy On Tue, 2009-03-03 at 16:50 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F11/flask_access_vectors.patch > > Please add > nlmsg_tty_audit > > Needed for keystroke auditing. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch @ 2009-11-12 20:55 Daniel J Walsh 2009-11-19 13:52 ` Christopher J. PeBenito 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2009-11-12 20:55 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F12/flask_access_vectors.patch New access vector module_request used to indicate the app asked the kernel to load a module. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] flask_access_vectors.patch 2009-11-12 20:55 Daniel J Walsh @ 2009-11-19 13:52 ` Christopher J. PeBenito 0 siblings, 0 replies; 8+ messages in thread From: Christopher J. PeBenito @ 2009-11-19 13:52 UTC (permalink / raw) To: refpolicy On Thu, 2009-11-12 at 15:55 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F12/flask_access_vectors.patch > > New access vector module_request used to indicate the app asked the > kernel to load a module. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-11-19 13:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-24 20:53 [refpolicy] flask_access_vectors.patch Daniel J Walsh
2008-10-06 18:35 ` Christopher J. PeBenito
2008-10-06 19:52 ` Daniel J Walsh
[not found] ` <200810061710.53807.sgrubb@redhat.com>
2008-10-08 19:49 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2009-03-03 21:50 Daniel J Walsh
2009-03-05 14:34 ` Christopher J. PeBenito
2009-11-12 20:55 Daniel J Walsh
2009-11-19 13:52 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.