* [refpolicy] admin_sudo.patch
@ 2009-03-24 13:11 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2009-03-24 13:11 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_sudo.patch
Lots of fixes for sudo domain.
sudo can now do stuff newrole used to do so it needs lots of SELinux
acccess to change roles and types.
sudo writes stuff to homedir so needs to manage nfs and cifs if they are
homedirs
Need role access to send email on failed sudo, as well as checking passwd
Sends audit messages
Sudo checks whether it can execute an app before running so it needs to
be able to execute any app.
Needs sys_nice
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
@ 2009-05-21 14:18 Daniel J Walsh
2009-07-28 14:29 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:18 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_sudo.patch
Latest sudo policy, separate privs out into a sudodomain.
Added rule to transition to sudo and back to the current domain, if the
user does not specify a transtion
Lots of handling of kernel key ring, Additional device use.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
2009-05-21 14:18 [refpolicy] admin_sudo.patch Daniel J Walsh
@ 2009-07-28 14:29 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-07-28 14:29 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-05-21 at 10:18 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_sudo.patch
>
> Latest sudo policy, separate privs out into a sudodomain.
>
> Added rule to transition to sudo and back to the current domain, if
> the
> user does not specify a transtion
>
> Lots of handling of kernel key ring, Additional device use.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
@ 2009-11-12 20:36 Daniel J Walsh
2010-02-11 14:18 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-11-12 20:36 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_sudo.patch
This is my current sudo patch.
Creates keyrings
needs to be able to exec all executables. since we do not know what a user will put in sudo file
Manages user keys
sends email
communicate with fingerprint reader.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
2009-11-12 20:36 Daniel J Walsh
@ 2010-02-11 14:18 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2010-02-11 14:18 UTC (permalink / raw)
To: refpolicy
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_sudo.patch
>
> This is my current sudo patch.
>
> Creates keyrings
>
> needs to be able to exec all executables. since we do not know what a user will put in sudo file
>
>
> Manages user keys
>
> sends email
>
> communicate with fingerprint reader.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
@ 2010-02-23 19:15 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-02-23 19:15 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/admin_sudo.patch
Allow user to send all signals to sudo
sudo sends mail on failures
sudo sets up keyrings
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
@ 2010-06-02 19:55 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-06-02 19:55 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_sudo.patch
sudo gets execed by apps that leak sockets
Confined users needs to be able to send signals to kill sudo
sudo searchs homedirs and manages user keys.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] admin_sudo.patch
@ 2010-08-26 20:39 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-08-26 20:39 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_sudo.patch
Allow users to run executables in /tmp or ~/
sudo sends mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx20R4ACgkQrlYvE4MpobMHbACgy0LJC3enORfzZKY51Bs2PkeQ
NvkAoJLOQN/ul9S29rxokLvKEpxf0tvX
=VC24
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-08-26 20:39 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-21 14:18 [refpolicy] admin_sudo.patch Daniel J Walsh
2009-07-28 14:29 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 20:39 Daniel J Walsh
2010-06-02 19:55 Daniel J Walsh
2010-02-23 19:15 Daniel J Walsh
2009-11-12 20:36 Daniel J Walsh
2010-02-11 14:18 ` Christopher J. PeBenito
2009-03-24 13:11 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.