* [refpolicy] services_memcached.patch @ 2010-02-23 20:20 Daniel J Walsh 0 siblings, 0 replies; 8+ messages in thread From: Daniel J Walsh @ 2010-02-23 20:20 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_memcached.patch Additional access required for memcache uses unix_stream_socket, sends signals and setrlimit Calls getpw Read kernel sysctls Dontaudit use of terms. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch @ 2010-08-26 21:27 Daniel J Walsh 0 siblings, 0 replies; 8+ messages in thread From: Daniel J Walsh @ 2010-08-26 21:27 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_memcached.patch Fix _admin interface -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx23DQACgkQrlYvE4MpobNYgwCgmHPq7y30belmGjgEalklPIFU twkAoOf8y6dPO0YNAqkCd8Qps+kUfcT3 =/6Nw -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch @ 2009-11-12 21:38 Daniel J Walsh 2009-12-18 15:48 ` Christopher J. PeBenito 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2009-11-12 21:38 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_memcached.patch reads system state. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch 2009-11-12 21:38 Daniel J Walsh @ 2009-12-18 15:48 ` Christopher J. PeBenito 0 siblings, 0 replies; 8+ messages in thread From: Christopher J. PeBenito @ 2009-12-18 15:48 UTC (permalink / raw) To: refpolicy On Thu, 2009-11-12 at 16:38 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_memcached.patch > > reads system state. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch @ 2008-09-24 20:27 Daniel J Walsh 2008-10-08 20:07 ` Christopher J. PeBenito 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2008-09-24 20:27 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch New policy for memcached -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjaoskACgkQrlYvE4MpobNADACcCV8po4OFV0MCg7UpCL43CYhu 5MUAn28aZiQITwivOWXi3gcTzWXCzNiu =Rw9R -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch 2008-09-24 20:27 Daniel J Walsh @ 2008-10-08 20:07 ` Christopher J. PeBenito 2008-10-09 0:49 ` Daniel J Walsh 0 siblings, 1 reply; 8+ messages in thread From: Christopher J. PeBenito @ 2008-10-08 20:07 UTC (permalink / raw) To: refpolicy On Wed, 2008-09-24 at 16:27 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch > > New policy for memcached Merged except for the port binding part since that port is missing. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch 2008-10-08 20:07 ` Christopher J. PeBenito @ 2008-10-09 0:49 ` Daniel J Walsh 2008-10-09 14:05 ` Christopher J. PeBenito 0 siblings, 1 reply; 8+ messages in thread From: Daniel J Walsh @ 2008-10-09 0:49 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher J. PeBenito wrote: > On Wed, 2008-09-24 at 16:27 -0400, Daniel J Walsh wrote: >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch >> >> New policy for memcached > > Merged except for the port binding part since that port is missing. > Updated patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjtVQgACgkQrlYvE4MpobMA2QCeIUOcsUZeD/kpLN9GaTZYHHib nm8AoIUeBPzgs2nfLzRpXQmUZGIvjOUS =dPjn -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: services_memcached.patch Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20081008/1736ccf5/attachment.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: services_memcached.patch.sig Type: application/octet-stream Size: 72 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081008/1736ccf5/attachment.obj ^ permalink raw reply [flat|nested] 8+ messages in thread
* [refpolicy] services_memcached.patch 2008-10-09 0:49 ` Daniel J Walsh @ 2008-10-09 14:05 ` Christopher J. PeBenito 0 siblings, 0 replies; 8+ messages in thread From: Christopher J. PeBenito @ 2008-10-09 14:05 UTC (permalink / raw) To: refpolicy On Wed, 2008-10-08 at 20:49 -0400, Daniel J Walsh wrote: > Christopher J. PeBenito wrote: > > On Wed, 2008-09-24 at 16:27 -0400, Daniel J Walsh wrote: > >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_memcached.patch > >> > >> New policy for memcached > > > > Merged except for the port binding part since that port is missing. > > > Updated patch Merged. > plain text document attachment (services_memcached.patch) > --- nsaserefpolicy/policy/modules/services/memcached.te 2008-10-08 19:00:27.000000000 -0400 > +++ serefpolicy-3.5.11/policy/modules/services/memcached.te 2008-10-08 20:36:17.000000000 -0400 > @@ -35,6 +35,8 @@ > corenet_tcp_sendrecv_all_nodes(memcached_t) > corenet_tcp_sendrecv_all_ports(memcached_t) > corenet_tcp_bind_all_nodes(memcached_t) > +corenet_tcp_bind_memcache_port(memcached_t) > +corenet_udp_bind_memcache_port(memcached_t) > > manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t) > manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t) > --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-09-24 09:07:27.000000000 -0400 > +++ serefpolicy-3.5.11/policy/modules/kernel/corenetwork.te.in 2008-10-08 20:45:30.000000000 -0400 > @@ -121,6 +121,7 @@ > type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon > network_port(lmtp, tcp,24,s0, udp,24,s0) > network_port(mail, tcp,2000,s0) > +network_port(memcache, tcp,11211,s0, udp,11211,s0) > network_port(mmcc, tcp,5050,s0, udp,5050,s0) > network_port(monopd, tcp,1234,s0) > network_port(msnp, tcp,1863,s0, udp,1863,s0) -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-08-26 21:27 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-02-23 20:20 [refpolicy] services_memcached.patch Daniel J Walsh -- strict thread matches above, loose matches on Subject: below -- 2010-08-26 21:27 Daniel J Walsh 2009-11-12 21:38 Daniel J Walsh 2009-12-18 15:48 ` Christopher J. PeBenito 2008-09-24 20:27 Daniel J Walsh 2008-10-08 20:07 ` Christopher J. PeBenito 2008-10-09 0:49 ` Daniel J Walsh 2008-10-09 14:05 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.