* [refpolicy] services_nscd.patch
@ 2008-09-24 20:17 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:17 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_nscd.patch
Add initrc script support
allow admin to start/stop service
Admin needs admin_pattern on all file types
Add support for shmemserv
Needs getcap
can exec itself
uses inotify
needs to bind to all nodes for udp
does a ps command
sends audit messages
can user kerberos,
restarted by cron
samba_domain_controler manipulates nscd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjaoEcACgkQrlYvE4MpobPoiQCgqZXH5lr7FUXDlONfUfcPs3hy
PzAAn2ImdzRb2O2qEAsEsDTEBdRc9xdO
=byrW
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
@ 2008-10-14 20:14 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:14 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_nscd.patch
Label initrc script
Additional class access
Add admin interfaces
domtrans initrc for use by NetworkManager
Needs getcap and setcap
Execs itself
lists inotify
Binds to all nodes
search all processes
uses kerberos and sends audit messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj0/cEACgkQrlYvE4MpobOzmgCgvPXXjmO6Pma0vLuprtb78dQx
UlUAniMi78FyUKOuMbK7DusYKEHHmTAc
=WLr5
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
@ 2008-11-20 15:46 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2008-11-20 15:46 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_nscd.patch
Add initrc_domtrans, kill and signull interfaces for networkmanager
Add shmemhost and shmeserv access
nscd can exec itself
needs getcap
Lists inotify
Binds udp to all nodes
uses kerberos
Needs functions for use with samba_domain_controler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkklhkAACgkQrlYvE4MpobN+6QCfZ0xz73nbDGUb2wJbYeHivYDA
RzgAn1C9sS7JZamI7FJvyDsvzUY3zteb
=tQUg
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
@ 2009-06-09 0:51 Daniel J Walsh
2009-06-30 19:28 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-06-09 0:51 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_nscd.patch
Add label for initrc script
networkmanager needs kill, signull interface
Add getserv support
uses nsswitch
Move to send audit message interface
Can execute itself.
Interacs with samba
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
2009-06-09 0:51 Daniel J Walsh
@ 2009-06-30 19:28 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-06-30 19:28 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-06-08 at 20:51 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_nscd.patch
>
> Add label for initrc script
>
> networkmanager needs kill, signull interface
>
> Add getserv support
>
> uses nsswitch
>
> Move to send audit message interface
>
> Can execute itself.
>
> Interacs with samba
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
@ 2009-08-31 18:09 Daniel J Walsh
2009-09-09 13:35 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-08-31 18:09 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_nscd.patch
nscd lists inotify
Searches all domains.
when used as a samba_domain_controler, reads samba config and samba files.
Appends to the samba log.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
2009-08-31 18:09 Daniel J Walsh
@ 2009-09-09 13:35 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-09-09 13:35 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-08-31 at 14:09 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_nscd.patch
>
> nscd lists inotify
> Searches all domains.
>
> when used as a samba_domain_controler, reads samba config and samba
> files.
>
> Appends to the samba log.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
@ 2009-11-12 21:44 Daniel J Walsh
2010-02-12 19:54 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:44 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_nscd.patch
Added boolean to make nscd_use_shm the default for speed purposes. auth_use_nsswitch now uses this.
package maintainer asked for this.
Interacts with samba when it is domain controller.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
2009-11-12 21:44 Daniel J Walsh
@ 2010-02-12 19:54 ` Christopher J. PeBenito
2010-02-12 21:45 ` Daniel J Walsh
0 siblings, 1 reply; 10+ messages in thread
From: Christopher J. PeBenito @ 2010-02-12 19:54 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 16:44 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_nscd.patch
>
> Added boolean to make nscd_use_shm the default for speed purposes.
> auth_use_nsswitch now uses this.
>
> package maintainer asked for this.
Are you referring to a change in default for nsswitch or for nscd?
If its actually changing nsswitch's behavior to make it connect over shm
instead of over socket, the conditional should go in auth_use_nsswitch
instead. So then it would look like this in auth_use_nsswitch:
tunable_policy(`auth_nscd_shm',`
nscd_shm_use($1)
',`
nscd_socket_use($1)
')
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_nscd.patch
2010-02-12 19:54 ` Christopher J. PeBenito
@ 2010-02-12 21:45 ` Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-02-12 21:45 UTC (permalink / raw)
To: refpolicy
On 02/12/2010 02:54 PM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 16:44 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_nscd.patch
>>
>> Added boolean to make nscd_use_shm the default for speed purposes.
>> auth_use_nsswitch now uses this.
>>
>> package maintainer asked for this.
>
> Are you referring to a change in default for nsswitch or for nscd?
>
> If its actually changing nsswitch's behavior to make it connect over shm
> instead of over socket, the conditional should go in auth_use_nsswitch
> instead. So then it would look like this in auth_use_nsswitch:
>
> tunable_policy(`auth_nscd_shm',`
> nscd_shm_use($1)
> ',`
> nscd_socket_use($1)
> ')
>
That is fine.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-02-12 21:45 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-20 15:46 [refpolicy] services_nscd.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2009-11-12 21:44 Daniel J Walsh
2010-02-12 19:54 ` Christopher J. PeBenito
2010-02-12 21:45 ` Daniel J Walsh
2009-08-31 18:09 Daniel J Walsh
2009-09-09 13:35 ` Christopher J. PeBenito
2009-06-09 0:51 Daniel J Walsh
2009-06-30 19:28 ` Christopher J. PeBenito
2008-10-14 20:14 Daniel J Walsh
2008-09-24 20:17 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.