* [refpolicy] services_ricci.patch
@ 2009-03-05 16:58 Daniel J Walsh
0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2009-03-05 16:58 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
ricci and friends need to reads all processes state
Needs to communicate with init processes
modcluster execs consoletype
consoletype is not optional in other uses in the te file.
modstorage can be used to create and mount directories under /
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmwBKQACgkQrlYvE4MpobPV9QCglehifLaAOjsK2Kg6SrNa6f/p
ZnUAni1dGdEHhmHEa6ZiNPhR8hwdN2R1
=K2TB
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
@ 2009-06-09 1:01 Daniel J Walsh
2009-07-21 14:11 ` Christopher J. PeBenito
0 siblings, 1 reply; 9+ messages in thread
From: Daniel J Walsh @ 2009-06-09 1:01 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
Lots of additional access required by ricci and friends.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
2009-06-09 1:01 Daniel J Walsh
@ 2009-07-21 14:11 ` Christopher J. PeBenito
2009-07-21 14:41 ` Daniel J Walsh
0 siblings, 1 reply; 9+ messages in thread
From: Christopher J. PeBenito @ 2009-07-21 14:11 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
>
> Lots of additional access required by ricci and friends.
Merged except for the default_t access, which seems like a labeling
issue.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
2009-07-21 14:11 ` Christopher J. PeBenito
@ 2009-07-21 14:41 ` Daniel J Walsh
2009-07-21 18:19 ` Christopher J. PeBenito
0 siblings, 1 reply; 9+ messages in thread
From: Daniel J Walsh @ 2009-07-21 14:41 UTC (permalink / raw)
To: refpolicy
On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
>>
>> Lots of additional access required by ricci and friends.
>
> Merged except for the default_t access, which seems like a labeling
> issue.
>
I would like to remove all default_t access and remove the read_default_t boolean.
This is almost guaranteed to be a labeling problem.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
2009-07-21 14:41 ` Daniel J Walsh
@ 2009-07-21 18:19 ` Christopher J. PeBenito
2009-07-21 19:07 ` Daniel J Walsh
0 siblings, 1 reply; 9+ messages in thread
From: Christopher J. PeBenito @ 2009-07-21 18:19 UTC (permalink / raw)
To: refpolicy
On Tue, 2009-07-21 at 10:41 -0400, Daniel J Walsh wrote:
> On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
> >>
> >> Lots of additional access required by ricci and friends.
> >
> > Merged except for the default_t access, which seems like a labeling
> > issue.
> >
> I would like to remove all default_t access and remove the read_default_t boolean.
I can definitely agree with this.
> This is almost guaranteed to be a labeling problem.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
2009-07-21 18:19 ` Christopher J. PeBenito
@ 2009-07-21 19:07 ` Daniel J Walsh
0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2009-07-21 19:07 UTC (permalink / raw)
To: refpolicy
On 07/21/2009 02:19 PM, Christopher J. PeBenito wrote:
> On Tue, 2009-07-21 at 10:41 -0400, Daniel J Walsh wrote:
>> On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
>>> On Mon, 2009-06-08 at 21:01 -0400, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_ricci.patch
>>>>
>>>> Lots of additional access required by ricci and friends.
>>> Merged except for the default_t access, which seems like a labeling
>>> issue.
>>>
>> I would like to remove all default_t access and remove the read_default_t boolean.
>
> I can definitely agree with this.
>
>> This is almost guaranteed to be a labeling problem.
>
Go for it. I have it removed from rawhide now.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
@ 2009-11-12 21:56 Daniel J Walsh
0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:56 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_ricci.patch
Ricci/Cluster policy rewritten. Binds to port < 1024
Communicate with other domains newly written
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
@ 2010-02-23 20:47 Daniel J Walsh
0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:47 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ricci.patch
ricci_modcluster binds to reserved ports.
Communicates with rgmanager
Communicates with client via fifo_file
Communicates with aisexec and corosync
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] services_ricci.patch
@ 2010-08-26 22:15 Daniel J Walsh
0 siblings, 0 replies; 9+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:15 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_ricci.patch
add admin interfaces
modcluster uses tmpfs
ricci execs shutdown
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx254cACgkQrlYvE4MpobPkRACfTDbSZwyXgSXrMds+75gThmgr
Ku8AoIqsaVA6Kpn0CdxBGS4jZ91e+NsN
=3U8W
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2010-08-26 22:15 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-11-12 21:56 [refpolicy] services_ricci.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 22:15 Daniel J Walsh
2010-02-23 20:47 Daniel J Walsh
2009-06-09 1:01 Daniel J Walsh
2009-07-21 14:11 ` Christopher J. PeBenito
2009-07-21 14:41 ` Daniel J Walsh
2009-07-21 18:19 ` Christopher J. PeBenito
2009-07-21 19:07 ` Daniel J Walsh
2009-03-05 16:58 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.