[refpolicy] admin

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] admin_vpn.patch
@ 2009-03-05 16:03 Daniel J Walsh
  2009-03-10 19:56 ` Christopher J. PeBenito
  0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2009-03-05 16:03 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_vpn.patch


networkmanager needs so send kill, signull to vpn_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmv99oACgkQrlYvE4MpobN0fwCeNMabdZ/8qP0+7iVvZ4crxaNR
I+EAn2qEOCbhAe043oRCO93LZahxCw2M
=hkDF
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
  2009-03-05 16:03 [refpolicy] admin_vpn.patch Daniel J Walsh
@ 2009-03-10 19:56 ` Christopher J. PeBenito
  0 siblings, 0 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2009-03-10 19:56 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-03-05 at 11:03 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_vpn.patch
> 
> 
> networkmanager needs so send kill, signull to vpn_t

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
@ 2010-08-26 20:42 Daniel J Walsh
  0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2010-08-26 20:42 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_vpn.patch

Allow vpnc to read certs files stored in the homedir.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx20ckACgkQrlYvE4MpobP4RwCgmNc3E+CLckM01m5gyu+vzW9n
utkAnjZTpHI+oTplI9+NI7+HjF4O3d/Q
=XuPe
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
@ 2010-06-02 20:01 Daniel J Walsh
  2010-06-29 15:05 ` Christopher J. PeBenito
  0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2010-06-02 20:01 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_vpn.patch

Fix vpn_dbus_chat interface name to match standard

networkmanager and vpn play games with inherted tunnel sockets.

Needs to be able to read cert files in users homedir.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
  2010-06-02 20:01 Daniel J Walsh
@ 2010-06-29 15:05 ` Christopher J. PeBenito
  0 siblings, 0 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2010-06-29 15:05 UTC (permalink / raw)
  To: refpolicy

On Wed, 2010-06-02 at 16:01 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_vpn.patch
> 
> Fix vpn_dbus_chat interface name to match standard
> 
> networkmanager and vpn play games with inherted tunnel sockets.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
@ 2010-02-23 19:20 Daniel J Walsh
  0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2010-02-23 19:20 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F13/admin_vpn.patch

vpnc request kernel load modules
reads certs in home dir.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
@ 2009-11-12 20:40 Daniel J Walsh
  0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:40 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_vpn.patch

vpnc reads certs

asks the kernel to load modules for it.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
@ 2008-10-10 20:56 Daniel J Walsh
  2008-10-13 15:10 ` Christopher J. PeBenito
  0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2008-10-10 20:56 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_vpn.patch

Add openconnect as a vpnc_exec_t

vpnc signals itself

Reads all kernel sysctls

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjvwXMACgkQrlYvE4MpobPdSQCglosjCm6BlFBJcnmWICqeWwmc
YuoAnRHh/uOwZNQhwXZSPxqrqexVu8pz
=Y+xt
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
  2008-10-10 20:56 Daniel J Walsh
@ 2008-10-13 15:10 ` Christopher J. PeBenito
  0 siblings, 0 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2008-10-13 15:10 UTC (permalink / raw)
  To: refpolicy

On Fri, 2008-10-10 at 16:56 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_vpn.patch
> 
> Add openconnect as a vpnc_exec_t
> 
> vpnc signals itself
> 
> Reads all kernel sysctls

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
@ 2008-09-25 18:47 Daniel J Walsh
  2008-10-06 17:31 ` Christopher J. PeBenito
  0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2008-09-25 18:47 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_vpn.patch

vpn needs to sysnet_run_ifconfig rather then just domtrans to is, so
other roles can run it.

needs net_admin capability, rewrite routing table

Needs full rw_fifo_file_perms.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjb3N4ACgkQrlYvE4MpobOv1ACghE2TTCu6BO4eqKfnRzz8J28y
1JQAnRc0qQC40SYZuDQwCA/7nzrGD4Jn
=Gb+k
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 11+ messages in thread

* [refpolicy] admin_vpn.patch
  2008-09-25 18:47 Daniel J Walsh
@ 2008-10-06 17:31 ` Christopher J. PeBenito
  0 siblings, 0 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2008-10-06 17:31 UTC (permalink / raw)
  To: refpolicy

On Thu, 2008-09-25 at 14:47 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_vpn.patch
> 
> vpn needs to sysnet_run_ifconfig rather then just domtrans to is, so
> other roles can run it.
> 
> needs net_admin capability, rewrite routing table
> 
> Needs full rw_fifo_file_perms.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2010-08-26 20:42 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-05 16:03 [refpolicy] admin_vpn.patch Daniel J Walsh
2009-03-10 19:56 ` Christopher J. PeBenito
  -- strict thread matches above, loose matches on Subject: below --
2010-08-26 20:42 Daniel J Walsh
2010-06-02 20:01 Daniel J Walsh
2010-06-29 15:05 ` Christopher J. PeBenito
2010-02-23 19:20 Daniel J Walsh
2009-11-12 20:40 Daniel J Walsh
2008-10-10 20:56 Daniel J Walsh
2008-10-13 15:10 ` Christopher J. PeBenito
2008-09-25 18:47 Daniel J Walsh
2008-10-06 17:31 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.