* [refpolicy] services_memcached.patch
@ 2008-09-24 20:27 Daniel J Walsh
2008-10-08 20:07 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:27 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch
New policy for memcached
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjaoskACgkQrlYvE4MpobNADACcCV8po4OFV0MCg7UpCL43CYhu
5MUAn28aZiQITwivOWXi3gcTzWXCzNiu
=Rw9R
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
2008-09-24 20:27 Daniel J Walsh
@ 2008-10-08 20:07 ` Christopher J. PeBenito
2008-10-09 0:49 ` Daniel J Walsh
0 siblings, 1 reply; 8+ messages in thread
From: Christopher J. PeBenito @ 2008-10-08 20:07 UTC (permalink / raw)
To: refpolicy
On Wed, 2008-09-24 at 16:27 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch
>
> New policy for memcached
Merged except for the port binding part since that port is missing.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
2008-10-08 20:07 ` Christopher J. PeBenito
@ 2008-10-09 0:49 ` Daniel J Walsh
2008-10-09 14:05 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2008-10-09 0:49 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Wed, 2008-09-24 at 16:27 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch
>>
>> New policy for memcached
>
> Merged except for the port binding part since that port is missing.
>
Updated patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjtVQgACgkQrlYvE4MpobMA2QCeIUOcsUZeD/kpLN9GaTZYHHib
nm8AoIUeBPzgs2nfLzRpXQmUZGIvjOUS
=dPjn
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: services_memcached.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20081008/1736ccf5/attachment.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: services_memcached.patch.sig
Type: application/octet-stream
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081008/1736ccf5/attachment.obj
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
2008-10-09 0:49 ` Daniel J Walsh
@ 2008-10-09 14:05 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2008-10-09 14:05 UTC (permalink / raw)
To: refpolicy
On Wed, 2008-10-08 at 20:49 -0400, Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
> > On Wed, 2008-09-24 at 16:27 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch
> >>
> >> New policy for memcached
> >
> > Merged except for the port binding part since that port is missing.
> >
> Updated patch
Merged.
> plain text document attachment (services_memcached.patch)
> --- nsaserefpolicy/policy/modules/services/memcached.te 2008-10-08 19:00:27.000000000 -0400
> +++ serefpolicy-3.5.11/policy/modules/services/memcached.te 2008-10-08 20:36:17.000000000 -0400
> @@ -35,6 +35,8 @@
> corenet_tcp_sendrecv_all_nodes(memcached_t)
> corenet_tcp_sendrecv_all_ports(memcached_t)
> corenet_tcp_bind_all_nodes(memcached_t)
> +corenet_tcp_bind_memcache_port(memcached_t)
> +corenet_udp_bind_memcache_port(memcached_t)
>
> manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
> manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
> --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-09-24 09:07:27.000000000 -0400
> +++ serefpolicy-3.5.11/policy/modules/kernel/corenetwork.te.in 2008-10-08 20:45:30.000000000 -0400
> @@ -121,6 +121,7 @@
> type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
> network_port(lmtp, tcp,24,s0, udp,24,s0)
> network_port(mail, tcp,2000,s0)
> +network_port(memcache, tcp,11211,s0, udp,11211,s0)
> network_port(mmcc, tcp,5050,s0, udp,5050,s0)
> network_port(monopd, tcp,1234,s0)
> network_port(msnp, tcp,1863,s0, udp,1863,s0)
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
@ 2009-11-12 21:38 Daniel J Walsh
2009-12-18 15:48 ` Christopher J. PeBenito
0 siblings, 1 reply; 8+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:38 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_memcached.patch
reads system state.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
2009-11-12 21:38 Daniel J Walsh
@ 2009-12-18 15:48 ` Christopher J. PeBenito
0 siblings, 0 replies; 8+ messages in thread
From: Christopher J. PeBenito @ 2009-12-18 15:48 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 16:38 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_memcached.patch
>
> reads system state.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
@ 2010-02-23 20:20 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:20 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_memcached.patch
Additional access required for memcache
uses unix_stream_socket, sends signals and setrlimit
Calls getpw
Read kernel sysctls
Dontaudit use of terms.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch
@ 2010-08-26 21:27 Daniel J Walsh
0 siblings, 0 replies; 8+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:27 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_memcached.patch
Fix _admin interface
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx23DQACgkQrlYvE4MpobNYgwCgmHPq7y30belmGjgEalklPIFU
twkAoOf8y6dPO0YNAqkCd8Qps+kUfcT3
=/6Nw
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-08-26 21:27 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-23 20:20 [refpolicy] services_memcached.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 21:27 Daniel J Walsh
2009-11-12 21:38 Daniel J Walsh
2009-12-18 15:48 ` Christopher J. PeBenito
2008-09-24 20:27 Daniel J Walsh
2008-10-08 20:07 ` Christopher J. PeBenito
2008-10-09 0:49 ` Daniel J Walsh
2008-10-09 14:05 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.