* [refpolicy] admin_dmesg.patch
@ 2009-05-21 14:08 Daniel J Walsh
2009-06-11 13:28 ` Christopher J. PeBenito
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:08 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_dmesg.patch
Added mcelog to dmesg policy and added a couple of access.
Allowes cron jobs to transition to dmesg
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch
2009-05-21 14:08 Daniel J Walsh
@ 2009-06-11 13:28 ` Christopher J. PeBenito
0 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2009-06-11 13:28 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-05-21 at 10:08 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_dmesg.patch
>
> Added mcelog to dmesg policy and added a couple of access.
Mcelog doesn't seem comparable to dmesg. It doesn't read the kernel
ring buffer, it reads from /dev/mcelog.
> Allowes cron jobs to transition to dmesg
>
>
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch
@ 2010-06-02 19:46 Daniel J Walsh
2010-06-17 12:26 ` Christopher J. PeBenito
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2010-06-02 19:46 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
Abrt transitions to sosreport_t which transitions to dmesg_t
And leaks these descriptors.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch
2010-06-02 19:46 [refpolicy] admin_dmesg.patch Daniel J Walsh
@ 2010-06-17 12:26 ` Christopher J. PeBenito
2010-06-18 18:47 ` Daniel J Walsh
0 siblings, 1 reply; 6+ messages in thread
From: Christopher J. PeBenito @ 2010-06-17 12:26 UTC (permalink / raw)
To: refpolicy
On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
>
> Abrt transitions to sosreport_t which transitions to dmesg_t
>
> And leaks these descriptors.
It sounds like these should be dontaudit instead (?)
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch
2010-06-17 12:26 ` Christopher J. PeBenito
@ 2010-06-18 18:47 ` Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-06-18 18:47 UTC (permalink / raw)
To: refpolicy
On 06/17/2010 08:26 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
>>
>> Abrt transitions to sosreport_t which transitions to dmesg_t
>>
>> And leaks these descriptors.
>
> It sounds like these should be dontaudit instead (?)
>
No I guess in this case leak is the wrong term. It is passing along an
stdout which points for a file in its /var/run directory
abrt execs "sosreport > /var/run/sosreport/report.dat"
So we want to allow the dmesg output to get stored in this file.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch
@ 2010-08-26 20:32 Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-08-26 20:32 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
abrt runs dmesg and redirects its output to its cache files
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx2z18ACgkQrlYvE4MpobNgbwCgp1fky6LDpVups3egBId7O/3a
cCAAoI2TOstgSqKw1OSPKTdg3gz9XqkG
=PPdr
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-08-26 20:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-02 19:46 [refpolicy] admin_dmesg.patch Daniel J Walsh
2010-06-17 12:26 ` Christopher J. PeBenito
2010-06-18 18:47 ` Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 20:32 Daniel J Walsh
2009-05-21 14:08 Daniel J Walsh
2009-06-11 13:28 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.