* [refpolicy] admin_prelink.patch
@ 2008-10-10 21:16 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2008-10-10 21:16 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_prelink.patch
needs sys_resource priv
needs to be able to execmod badly written libraries in /tmp
reads kernel_sysctls
Needs to manage files in /usr that do not have correctl label and
relabel them to the correct name for third party apps
Has to be able to manage files in homedirs
Finally I say the hell with it and run this as a unconfined_domain.
It can rewrite all executabels so no real good in confineing it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjvxhYACgkQrlYvE4MpobOxKQCdHenndfMKM/MDNguEHy41AG5W
CygAn2B4sMzEGO7TD3L9NkSl49QLAsDP
=c2ev
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
@ 2009-05-21 14:13 Daniel J Walsh
2009-07-20 15:08 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:13 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_prelink.patch
prelink managers files in /var/lib/misc/prelin*
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
2009-05-21 14:13 Daniel J Walsh
@ 2009-07-20 15:08 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-07-20 15:08 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-05-21 at 10:13 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_prelink.patch
>
> prelink managers files in /var/lib/misc/prelin*
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
@ 2009-08-28 19:28 Daniel J Walsh
2009-09-01 12:51 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-08-28 19:28 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_prelink.patch
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_cron.patch
cronjob for prelink relabels to appropriate context.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
2009-08-28 19:28 [refpolicy] admin_prelink.patch Daniel J Walsh
@ 2009-09-01 12:51 ` Christopher J. PeBenito
2009-09-01 12:59 ` Daniel J Walsh
0 siblings, 1 reply; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-09-01 12:51 UTC (permalink / raw)
To: refpolicy
On Fri, 2009-08-28 at 15:28 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_prelink.patch
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_cron.patch
>
> cronjob for prelink relabels to appropriate context.
404 on cron
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
2009-09-01 12:51 ` Christopher J. PeBenito
@ 2009-09-01 12:59 ` Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2009-09-01 12:59 UTC (permalink / raw)
To: refpolicy
On 09/01/2009 08:51 AM, Christopher J. PeBenito wrote:
> On Fri, 2009-08-28 at 15:28 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/admin_prelink.patch
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_cron.patch
>>
>> cronjob for prelink relabels to appropriate context.
>
> 404 on cron
>
All f12 patches should be there now.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
@ 2010-02-23 21:28 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:28 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/admin_prelink.patch
Add context for prelink cron script
+ prelink_exec(abrt_t)
prelink needs tmpfs
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
@ 2010-06-02 19:51 Daniel J Walsh
2010-06-18 18:08 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2010-06-02 19:51 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_prelink.patch
Prelink has new directory under /var/lib
dontaudit leaks from domains that transition
prelink needs to manage executables in the users homedir.
cron job looks at all mount points.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
2010-06-02 19:51 Daniel J Walsh
@ 2010-06-18 18:08 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2010-06-18 18:08 UTC (permalink / raw)
To: refpolicy
On Wed, 2010-06-02 at 15:51 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_prelink.patch
>
> Prelink has new directory under /var/lib
The files_search_var_lib() should be redundant due to the
files_var_lib_filetrans().
> dontaudit leaks from domains that transition
>
>
>
> prelink needs to manage executables in the users homedir.
NAK Prelink is highly trusted to manage system libraries. This is too
easy of a way for users to compromise prelink, which could lead to
compromised system libraries.
> cron job looks at all mount points.
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] admin_prelink.patch
@ 2010-08-26 20:34 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-08-26 20:34 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_prelink.patch
Lots of prelink fixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx2z88ACgkQrlYvE4MpobOdlQCePSW6dzEHFDyzgQyPxF6ZJ9TR
sskAoII9NkXmP12eCAWM5TvOYMV2iDxy
=R3zu
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-08-26 20:34 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-28 19:28 [refpolicy] admin_prelink.patch Daniel J Walsh
2009-09-01 12:51 ` Christopher J. PeBenito
2009-09-01 12:59 ` Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 20:34 Daniel J Walsh
2010-06-02 19:51 Daniel J Walsh
2010-06-18 18:08 ` Christopher J. PeBenito
2010-02-23 21:28 Daniel J Walsh
2009-05-21 14:13 Daniel J Walsh
2009-07-20 15:08 ` Christopher J. PeBenito
2008-10-10 21:16 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.