* [refpolicy] roles_auditadm.patch
@ 2009-03-05 16:24 Daniel J Walsh
2009-03-11 14:53 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-03-05 16:24 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/roles_auditadm.patch
Cleanup auditadm
auditadm should not have all these roles, needs to read kernel ring
buffer (dmesg?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmv/KYACgkQrlYvE4MpobMHYQCePM5fnYRtzG+A00Btu7g3EKoh
638An2oqpFv532zrDSfQvLNKiXiU5Lgx
=7wUX
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
2009-03-05 16:24 [refpolicy] roles_auditadm.patch Daniel J Walsh
@ 2009-03-11 14:53 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-03-11 14:53 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-03-05 at 12:24 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/roles_auditadm.patch
>
> Cleanup auditadm
>
> auditadm should not have all these roles, needs to read kernel ring
> buffer (dmesg?)
Merged, except I kept screen, su, and sudo, which I feel are reasonable
apps for auditadm to use.
Yes, dmesg is a tool for reading the kernel ring buffer.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
@ 2010-06-02 20:28 Daniel J Walsh
2010-07-06 12:27 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2010-06-02 20:28 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
Auditadmin should be able to connect to the syslog. Dontaudit search /root.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
2010-06-02 20:28 Daniel J Walsh
@ 2010-07-06 12:27 ` Christopher J. PeBenito
2010-07-12 14:59 ` Daniel J Walsh
0 siblings, 1 reply; 8+ messages in thread
From: Christopher J. PeBenito @ 2010-07-06 12:27 UTC (permalink / raw)
To: refpolicy
On 06/02/10 16:28, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
>
> Auditadmin should be able to connect to the syslog. Dontaudit search /root.
Not clear why auditadm would connecting to syslog; what program are they
running? Also, the interface doesn't exist.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
2010-07-06 12:27 ` Christopher J. PeBenito
@ 2010-07-12 14:59 ` Daniel J Walsh
2010-07-12 16:24 ` Dominick Grift
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2010-07-12 14:59 UTC (permalink / raw)
To: refpolicy
On 07/06/2010 08:27 AM, Christopher J. PeBenito wrote:
> On 06/02/10 16:28, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
>>
>> Auditadmin should be able to connect to the syslog. Dontaudit search
>> /root.
>
> Not clear why auditadm would connecting to syslog; what program are they
> running? Also, the interface doesn't exist.
>
This is some old stuff, but I guess it would have to do with changing
the way syslog worked.
Probably needs the ability to manage the syslog/auditd process also.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
2010-07-12 14:59 ` Daniel J Walsh
@ 2010-07-12 16:24 ` Dominick Grift
2010-07-12 17:35 ` Daniel J Walsh
0 siblings, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2010-07-12 16:24 UTC (permalink / raw)
To: refpolicy
On 07/12/2010 04:59 PM, Daniel J Walsh wrote:
> On 07/06/2010 08:27 AM, Christopher J. PeBenito wrote:
>> On 06/02/10 16:28, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
>>>
>>> Auditadmin should be able to connect to the syslog. Dontaudit search
>>> /root.
>>
>> Not clear why auditadm would connecting to syslog; what program are they
>> running? Also, the interface doesn't exist.
>>
>
> This is some old stuff, but I guess it would have to do with changing
> the way syslog worked.
>
> Probably needs the ability to manage the syslog/auditd process also.
Any particular reason why these "mls roles" need to be login users and
unlike webadm etc:?
userdom_unpriv_user_template(auditadm)
userdom_base_user_template(webadm)
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100712/a5462d40/attachment-0001.bin
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
2010-07-12 16:24 ` Dominick Grift
@ 2010-07-12 17:35 ` Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-07-12 17:35 UTC (permalink / raw)
To: refpolicy
On 07/12/2010 12:24 PM, Dominick Grift wrote:
> On 07/12/2010 04:59 PM, Daniel J Walsh wrote:
>> On 07/06/2010 08:27 AM, Christopher J. PeBenito wrote:
>>> On 06/02/10 16:28, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
>>>>
>>>> Auditadmin should be able to connect to the syslog. Dontaudit search
>>>> /root.
>>>
>>> Not clear why auditadm would connecting to syslog; what program are they
>>> running? Also, the interface doesn't exist.
>>>
>>
>> This is some old stuff, but I guess it would have to do with changing
>> the way syslog worked.
>>
>> Probably needs the ability to manage the syslog/auditd process also.
>
> Any particular reason why these "mls roles" need to be login users and
> unlike webadm etc:?
>
> userdom_unpriv_user_template(auditadm)
>
> userdom_base_user_template(webadm)
>
>
I am not sure, In MLS mode in RHEL5 we allowed you to login directly as
auditadm_t on MLS boxes. But I would prefer to move to
userdom_base_user_template(auditadm)
>
>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] roles_auditadm.patch
@ 2010-08-26 22:31 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:31 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
Connect to syslog via stream
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx26yQACgkQrlYvE4MpobNKJwCfU75jgDpNishJ8PIuhcR3qqdt
9nIAoI3dSsQ2Jj7Py7eMvWYDz3aUjhMm
=Z7yJ
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-08-26 22:31 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-05 16:24 [refpolicy] roles_auditadm.patch Daniel J Walsh
2009-03-11 14:53 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-06-02 20:28 Daniel J Walsh
2010-07-06 12:27 ` Christopher J. PeBenito
2010-07-12 14:59 ` Daniel J Walsh
2010-07-12 16:24 ` Dominick Grift
2010-07-12 17:35 ` Daniel J Walsh
2010-08-26 22:31 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.