diff for duplicates of <4B8E7CCC.8040407@redhat.com> diff --git a/a/1.txt b/N1/1.txt index f05cdc2..903d53c 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -26,13 +26,13 @@ On 03/03/2010 01:37 AM, TaurusHarry wrote: > Harry > > ------------------------------------------------------------------------ -> 搜索本应是彩色的,快来体验新一代搜索引擎-必应,精美图片每天换哦! 立即试 -> 用! <http://cn.bing.com/?form=CRMADS%20> +> ????????,???????????-??,????????! ??? +> ?? <http://cn.bing.com/?form=CRMADS%20> > > > _______________________________________________ > refpolicy mailing list -> refpolicy@oss.tresys.com +> refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > No that would not work. You need to define a new user type that a user @@ -41,3 +41,6 @@ to define all the rules necessary for this user to login and execute the shell_exec_t and any other programs that you want them to run. You write this in policy not in shell scripting. +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100303/8c7733d7/attachment.html diff --git a/a/2.bin b/a/2.bin deleted file mode 100644 index f77ef5b..0000000 --- a/a/2.bin +++ /dev/null @@ -1,66 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> - <meta content="text/html; charset=GB2312" http-equiv="Content-Type"> -</head> -<body bgcolor="#ffffff" text="#000000"> -On 03/03/2010 01:37 AM, TaurusHarry wrote: -<blockquote cite="mid:BAY111-W68D4C9E39582E71A1BA31AB3A0@phx.gbl" - type="cite"> - <style><!-- -.hmmessage P -{ -margin:0px; -padding:0px -} -body.hmmessage -{ -font-size: 10pt; -font-family:Verdana -} ---></style>Hi -SELinux experts,<br> - <br> -Thanks a lot for taking a look at my question, how could I implement -the bash "if-then-else" and "test" grammar in current refpolicy -interface? For example, if I don't want the user_t to have the -privilege to execute any kind of shell, what proper grammar should I -use to implement something with the same logic as 'if ! test "X$1" = -"Xuser_t"' in the corecomd_exec_shell interface:<br> - <br> -interface(`corecmd_exec_shell',`<br> - gen_require(`<br> - type bin_t, shell_exec_t;<br> - ')<br> - <br> -if ! test "X$1" = "Xuser_t"; then<br> - list_dirs_pattern($1, bin_t, bin_t)<br> - read_lnk_files_pattern($1, bin_t, bin_t)<br> - can_exec($1, shell_exec_t)<br> -fi<br> -')<br> - <br> -Thank you very much!<br> - <br> -Best regards,<br> -Harry<br> - <br> - <hr>ËÑË÷±¾Ó¦ÊDzÊÉ«µÄ,¿ìÀ´ÌåÑéÐÂÒ»´úËÑË÷ÒýÇæ-±ØÓ¦,¾«ÃÀͼƬÿÌ컻Ŷ! <a moz-do-not-send="true" - href="http://cn.bing.com/?form=CRMADS%20" target="_new">Á¢¼´ÊÔÓã¡</a> - <pre wrap=""> -<fieldset class="mimeAttachmentHeader"></fieldset> -_______________________________________________ -refpolicy mailing list -<a class="moz-txt-link-abbreviated" href="mailto:refpolicy@oss.tresys.com">refpolicy@oss.tresys.com</a> -<a class="moz-txt-link-freetext" href="http://oss.tresys.com/mailman/listinfo/refpolicy">http://oss.tresys.com/mailman/listinfo/refpolicy</a> - </pre> -</blockquote> -No that would not work. You need to define a new user type that a user -can login with. user_nobin_t, or something. Then you are going to -need to define all the rules necessary for this user to login and -execute the shell_exec_t and any other programs that you want them to -run.<br> -<br> -You write this in policy not in shell scripting.<br> -</body> -</html> diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index 3de5007..0000000 --- a/a/2.hdr +++ /dev/null @@ -1,2 +0,0 @@ -Content-Type: text/html; charset=GB2312 -Content-Transfer-Encoding: 8bit diff --git a/a/content_digest b/N1/content_digest index d68df9b..d86f93a 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,11 +1,9 @@ "ref\0BAY111-W68D4C9E39582E71A1BA31AB3A0@phx.gbl\0" - "From\0Daniel J Walsh <dwalsh@redhat.com>\0" - "Subject\0Re: [refpolicy] How to implement the \"if-then-else\" logic in refpolicy interface?\0" + "From\0dwalsh@redhat.com (Daniel J Walsh)\0" + "Subject\0[refpolicy] How to implement the \"if-then-else\" logic in refpolicy interface?\0" "Date\0Wed, 03 Mar 2010 10:14:20 -0500\0" - "To\0TaurusHarry <harrytaurus2002@hotmail.com>\0" - "Cc\0refpolicy-mailing-list <refpolicy@oss1.tresys.com>" - " selinux-mailing-list <selinux@tycho.nsa.gov>\0" - "\01:1\0" + "To\0refpolicy@oss.tresys.com\0" + "\00:1\0" "b\0" "On 03/03/2010 01:37 AM, TaurusHarry wrote:\n" "> Hi SELinux experts,\n" @@ -35,13 +33,13 @@ "> Harry\n" ">\n" "> ------------------------------------------------------------------------\n" - "> \346\220\234\347\264\242\346\234\254\345\272\224\346\230\257\345\275\251\350\211\262\347\232\204,\345\277\253\346\235\245\344\275\223\351\252\214\346\226\260\344\270\200\344\273\243\346\220\234\347\264\242\345\274\225\346\223\216-\345\277\205\345\272\224,\347\262\276\347\276\216\345\233\276\347\211\207\346\257\217\345\244\251\346\215\242\345\223\246! \347\253\213\345\215\263\350\257\225\n" - "> \347\224\250\357\274\201 <http://cn.bing.com/?form=CRMADS%20>\n" + "> ????????,???????????-??,????????! ???\n" + "> ?? <http://cn.bing.com/?form=CRMADS%20>\n" ">\n" ">\n" "> _______________________________________________\n" "> refpolicy mailing list\n" - "> refpolicy@oss.tresys.com\n" + "> refpolicy at oss.tresys.com\n" "> http://oss.tresys.com/mailman/listinfo/refpolicy\n" "> \n" "No that would not work. You need to define a new user type that a user\n" @@ -49,74 +47,9 @@ "to define all the rules necessary for this user to login and execute the\n" "shell_exec_t and any other programs that you want them to run.\n" "\n" - You write this in policy not in shell scripting. - "\01:2\0" - "b\0" - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n" - "<html>\n" - "<head>\n" - " <meta content=\"text/html; charset=GB2312\" http-equiv=\"Content-Type\">\n" - "</head>\n" - "<body bgcolor=\"#ffffff\" text=\"#000000\">\n" - "On 03/03/2010 01:37 AM, TaurusHarry wrote:\n" - "<blockquote cite=\"mid:BAY111-W68D4C9E39582E71A1BA31AB3A0@phx.gbl\"\n" - " type=\"cite\">\n" - " <style><!--\n" - ".hmmessage P\n" - "{\n" - "margin:0px;\n" - "padding:0px\n" - "}\n" - "body.hmmessage\n" - "{\n" - "font-size: 10pt;\n" - "font-family:Verdana\n" - "}\n" - "--></style>Hi\n" - "SELinux experts,<br>\n" - " <br>\n" - "Thanks a lot for taking a look at my question, how could I implement\n" - "the bash \"if-then-else\" and \"test\" grammar in current refpolicy\n" - "interface? For example, if I don't want the user_t to have the\n" - "privilege to execute any kind of shell, what proper grammar should I\n" - "use to implement something with the same logic as 'if ! test \"X$1\" =\n" - "\"Xuser_t\"' in the corecomd_exec_shell interface:<br>\n" - " <br>\n" - "interface(`corecmd_exec_shell',`<br>\n" - " gen_require(`<br>\n" - " type bin_t, shell_exec_t;<br>\n" - " ')<br>\n" - " <br>\n" - "if ! test \"X$1\" = \"Xuser_t\"; then<br>\n" - " list_dirs_pattern($1, bin_t, bin_t)<br>\n" - " read_lnk_files_pattern($1, bin_t, bin_t)<br>\n" - " can_exec($1, shell_exec_t)<br>\n" - "fi<br>\n" - "')<br>\n" - " <br>\n" - "Thank you very much!<br>\n" - " <br>\n" - "Best regards,<br>\n" - "Harry<br>\n" - " <br>\n" - " <hr>\313\321\313\367\261\276\323\246\312\307\262\312\311\253\265\304,\277\354\300\264\314\345\321\351\320\302\322\273\264\372\313\321\313\367\322\375\307\346-\261\330\323\246,\276\253\303\300\315\274\306\254\303\277\314\354\273\273\305\266! <a moz-do-not-send=\"true\"\n" - " href=\"http://cn.bing.com/?form=CRMADS%20\" target=\"_new\">\301\242\274\264\312\324\323\303\243\241</a>\n" - " <pre wrap=\"\">\n" - "<fieldset class=\"mimeAttachmentHeader\"></fieldset>\n" - "_______________________________________________\n" - "refpolicy mailing list\n" - "<a class=\"moz-txt-link-abbreviated\" href=\"mailto:refpolicy@oss.tresys.com\">refpolicy@oss.tresys.com</a>\n" - "<a class=\"moz-txt-link-freetext\" href=\"http://oss.tresys.com/mailman/listinfo/refpolicy\">http://oss.tresys.com/mailman/listinfo/refpolicy</a>\n" - " </pre>\n" - "</blockquote>\n" - "No that would not work. You need to define a new user type that a user\n" - "can login with. user_nobin_t, or something. Then you are going to\n" - "need to define all the rules necessary for this user to login and\n" - "execute the shell_exec_t and any other programs that you want them to\n" - "run.<br>\n" - "<br>\n" - "You write this in policy not in shell scripting.<br>\n" - "</body>\n" - "</html>\n" + "You write this in policy not in shell scripting.\n" + "-------------- next part --------------\n" + "An HTML attachment was scrubbed...\n" + URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100303/8c7733d7/attachment.html -f4663bfbd2cd75351371e059fd89a85ce7943df40d57e224c81f55fbf469990a +f06f70fc0b5d7d6f291f151fc8d6c8d503dad512f9c2d4f59db9f93562935109
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.