[refpolicy] system

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] system_xen.patch
@ 2010-02-23 21:26 Daniel J Walsh
  0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:26 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_xen.patch

+    xen_stream_connect_xm(vhostmd_t)

Added an attribute xm_transition_domain which all domains that 
transition to xm will get.

+       dontaudit xm_ssh_t xm_transition_domain:fifo_file 
rw_inherited_fifo_file_perms;

Then basically dontaudit domains that xm transitions to.


Lots of access to handle using libvirt stuff.

Policy for using xenfs

Transitions to ptchown from xenconsoled
xenconsoled reads etc files

Sets rlimit

Allow domains to run from system_r

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] system_xen.patch
@ 2010-08-26 23:46 Daniel J Walsh
  0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:46 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_xen.patch

Replace xm_t policy with virsh_t policy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx2/MgACgkQrlYvE4MpobOl2wCfXC5bryMsf7+3T2W/7eJ2DlV4
wNAAnjyNdUkn38BDzXw2NXyXQF4e4grv
=BsEW
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] system_xen.patch
@ 2009-11-12 22:18 Daniel J Walsh
  2009-11-25 15:27 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2009-11-12 22:18 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_xen.patch

Xen latest policy

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] system_xen.patch
  2009-11-12 22:18 Daniel J Walsh
@ 2009-11-25 15:27 ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2009-11-25 15:27 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-11-12 at 17:18 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_xen.patch
> 
> Xen latest policy

Merged with some rearrangement.  Also made the ssh portion optional.


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2010-08-26 23:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-23 21:26 [refpolicy] system_xen.patch Daniel J Walsh
  -- strict thread matches above, loose matches on Subject: below --
2010-08-26 23:46 Daniel J Walsh
2009-11-12 22:18 Daniel J Walsh
2009-11-25 15:27 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.