* [refpolicy] services_consolekit.patch
@ 2008-10-14 20:50 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:50 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_consolekit.patch
Label for directory /var/run/ConsoleKit
Manage log files
Execs shell
Tries to read all processes
Reads files in /usr
Ptrace logged in users to read environment
Run by dbus
Uses policykit
Can read nfs and samba homedirs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj1BjMACgkQrlYvE4MpobND7gCfdYnkKQ67Efd0vNZgW1UqJgjF
168AoLVp6RCavdvnBWmWchBmh0IQNej3
=Dh1f
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
@ 2009-03-24 13:31 Daniel J Walsh
2009-05-14 15:14 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-03-24 13:31 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch
New file context for consolekit.
Add interface to allow confined apps to read consolekit logs
userdomain and xserver do this.
consolkit execs shell
Dontaudit ptrace all domains
Reads usr_t files
Communicates with lots of domains via dbus
Uses polkit
Needs to read files in nfs and cifs homedirs.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
2009-03-24 13:31 [refpolicy] services_consolekit.patch Daniel J Walsh
@ 2009-05-14 15:14 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-05-14 15:14 UTC (permalink / raw)
To: refpolicy
On Tue, 2009-03-24 at 09:31 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch
>
> New file context for consolekit.
>
> Add interface to allow confined apps to read consolekit logs
>
> userdomain and xserver do this.
>
> consolkit execs shell
>
> Dontaudit ptrace all domains
>
> Reads usr_t files
>
> Communicates with lots of domains via dbus
>
> Uses polkit
>
> Needs to read files in nfs and cifs homedirs.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
@ 2009-06-08 21:58 Daniel J Walsh
2009-07-29 13:12 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-06-08 21:58 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch
Fix consolekit_log_t to be a logging_log_file
consolekit searchs mountpoints
Chats with init
sends audit log messages
Reads cronm system_job files
Uses policykit
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
2009-06-08 21:58 Daniel J Walsh
@ 2009-07-29 13:12 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-07-29 13:12 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-06-08 at 17:58 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch
>
> Fix consolekit_log_t to be a logging_log_file
>
> consolekit searchs mountpoints
>
> Chats with init
>
> sends audit log messages
>
> Reads cronm system_job files
>
> Uses policykit
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
@ 2009-11-12 21:20 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:20 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_consolekit.patch
consolekit labeling fix
new interfaces
needs chown
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
@ 2010-02-23 21:44 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:44 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_consolekit.patch
Cosolekit context fix
+ consolekit_read_pid_files(udev_t)
+ consolekit_manage_log(init_t)
uses tmpfs
needs chown
Reads content in homedir
Communicates with policykit
Transitions to udev
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_consolekit.patch
@ 2010-08-26 21:04 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:04 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_consolekit.patch
Policykit lists consolekit pid files.
consolekit uses tmpfs
executes shutdown
looks at user proc data
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx21vMACgkQrlYvE4MpobM3JwCfVZMqi/f4jXV4IOqICQ03A58O
eZYAn3aZpKtVOChFpjb1LKDL6p1qfA/1
=N/lE
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-08-26 21:04 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-24 13:31 [refpolicy] services_consolekit.patch Daniel J Walsh
2009-05-14 15:14 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 21:04 Daniel J Walsh
2010-02-23 21:44 Daniel J Walsh
2009-11-12 21:20 Daniel J Walsh
2009-06-08 21:58 Daniel J Walsh
2009-07-29 13:12 ` Christopher J. PeBenito
2008-10-14 20:50 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.