* [refpolicy] services_networkmanager.patch
@ 2009-03-05 20:43 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2009-03-05 20:43 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_networkmanager.patch
Lots of new file context including wicd
Add domtrans and run interfaces
Add NetworkManager_var_lib directories
NetworkManager now setsched
Creates sock_file in /tmp
Uses kerbel debugf and rw net sysctls to setup networks.
Create tun tap devices and uses ppp
list inotify
uses getpw -> nsswitch
creates resolv.conf
Transitons to ifconfig, dhcpc
Runs and signals avahi, bind, dnsmasq iptables, ncsd, openvpn, polkit,
pppd, vpn
Runs rpm on crash
started by dbus
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_networkmanager.patch
@ 2010-08-26 21:57 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:57 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_networkmanager.patch
Lots of needed access.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx24z8ACgkQrlYvE4MpobNf+ACg6E5Ki3Vk9hPeYEHsikbvhk6e
eQIAoJvr0SW5R8FWcHOhcZzJ9YefgHWw
=ifZV
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_networkmanager.patch
@ 2010-02-23 22:18 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-02-23 22:18 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_networkmanager.patch
A lot of new file context for networkmanager
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_networkmanager.patch
@ 2009-11-12 21:42 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:42 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_networkmanager.patch
Lots of good stuff on handling networkmanager.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_networkmanager.patch
@ 2008-11-20 15:32 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2008-11-20 15:32 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_networkmanager.patch
Lots of fixes to networkmanager,
A lot more apps labeled networkmanager_exec_t
Added interface to be started by system_bus
networkmanager starts and stops dnsmasq, avahi, bind, iptables, ppp, vpn
It is started by dbus
Writes to hal logs files
Uses policykit,
execs rpm when it crashes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkklgwAACgkQrlYvE4MpobNa9wCfeanscd4tXHBo2jVv4CmmlGes
bWUAoLFOayGDUUw22SmSViNVMA38+UKh
=7B32
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_networkmanager.patch
@ 2008-10-14 20:21 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:21 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_networkmanager.patch
Add initrc support
Label dispatcher and nm-system-settings as networkmanager
Label /var/run/nm-dhcliet properly
Add interface to domtrans initrc
Needs chown fsetid sys_admin net_raw capabilities
needs getcap and setsched
Uses sock files in /tmp
Reads debugfs and network sysctls
Tries to getattr on blk files
lists inotify
Uses getpw so needs auth_use_nsswitch
Interaces with iconfig and dhcp
Runs avahi
Runs out of dbus
Runs dnsmasq
Runs iptables nscd, ppp
New policy for wpa_cli
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj0/1AACgkQrlYvE4MpobMspwCeMvpKDp52NyPie/FzKcRI3bij
iH0AoNHfleCxNnfIIf+ICTQohhvkYP36
=oSe5
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_networkmanager.patch
@ 2008-09-24 20:24 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:24 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_networkmanager.patch
Add initrc script support
allow admin to start/stop service
Admin needs admin_pattern on all file types
/usr/sbin/NetworkManagerDispatcher and /usr/sbin/nm-system-settings need
to run as networkmanager
New files in /var/run
network_manager need sys_admin in order to set the hostname, needs chown
, fsetid, setgid, sys_nice for interacting with network devices
needs getcap to read its capabilities
generates socket files in /tmp
reads kernel_debugfs when it crashes, also executes rpm to gather crash info
uses inotify
uses getpw* so needs auth_use_nsswitch
can now be started via dbus
hal logs set as stdout on resume
restarts and communicates with nscd
restarts ntp, and ypbind, and ppp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjaogYACgkQrlYvE4MpobMjkACfbq4gjnPKQ2a4zG9Br82o4w+p
qGwAnj5x6WTH6oqo6znRIVLpAoYC0Rog
=YL5p
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-08-26 21:57 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-05 20:43 [refpolicy] services_networkmanager.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 21:57 Daniel J Walsh
2010-02-23 22:18 Daniel J Walsh
2009-11-12 21:42 Daniel J Walsh
2008-11-20 15:32 Daniel J Walsh
2008-10-14 20:21 Daniel J Walsh
2008-09-24 20:24 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.