* [refpolicy] admin_dmesg.patch @ 2010-06-02 19:46 Daniel J Walsh 2010-06-17 12:26 ` Christopher J. PeBenito 0 siblings, 1 reply; 6+ messages in thread From: Daniel J Walsh @ 2010-06-02 19:46 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch Abrt transitions to sosreport_t which transitions to dmesg_t And leaks these descriptors. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch 2010-06-02 19:46 [refpolicy] admin_dmesg.patch Daniel J Walsh @ 2010-06-17 12:26 ` Christopher J. PeBenito 2010-06-18 18:47 ` Daniel J Walsh 0 siblings, 1 reply; 6+ messages in thread From: Christopher J. PeBenito @ 2010-06-17 12:26 UTC (permalink / raw) To: refpolicy On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch > > Abrt transitions to sosreport_t which transitions to dmesg_t > > And leaks these descriptors. It sounds like these should be dontaudit instead (?) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch 2010-06-17 12:26 ` Christopher J. PeBenito @ 2010-06-18 18:47 ` Daniel J Walsh 0 siblings, 0 replies; 6+ messages in thread From: Daniel J Walsh @ 2010-06-18 18:47 UTC (permalink / raw) To: refpolicy On 06/17/2010 08:26 AM, Christopher J. PeBenito wrote: > On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote: >> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch >> >> Abrt transitions to sosreport_t which transitions to dmesg_t >> >> And leaks these descriptors. > > It sounds like these should be dontaudit instead (?) > No I guess in this case leak is the wrong term. It is passing along an stdout which points for a file in its /var/run directory abrt execs "sosreport > /var/run/sosreport/report.dat" So we want to allow the dmesg output to get stored in this file. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch @ 2010-08-26 20:32 Daniel J Walsh 0 siblings, 0 replies; 6+ messages in thread From: Daniel J Walsh @ 2010-08-26 20:32 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch abrt runs dmesg and redirects its output to its cache files -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx2z18ACgkQrlYvE4MpobNgbwCgp1fky6LDpVups3egBId7O/3a cCAAoI2TOstgSqKw1OSPKTdg3gz9XqkG =PPdr -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch @ 2009-05-21 14:08 Daniel J Walsh 2009-06-11 13:28 ` Christopher J. PeBenito 0 siblings, 1 reply; 6+ messages in thread From: Daniel J Walsh @ 2009-05-21 14:08 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_dmesg.patch Added mcelog to dmesg policy and added a couple of access. Allowes cron jobs to transition to dmesg ^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] admin_dmesg.patch 2009-05-21 14:08 Daniel J Walsh @ 2009-06-11 13:28 ` Christopher J. PeBenito 0 siblings, 0 replies; 6+ messages in thread From: Christopher J. PeBenito @ 2009-06-11 13:28 UTC (permalink / raw) To: refpolicy On Thu, 2009-05-21 at 10:08 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_dmesg.patch > > Added mcelog to dmesg policy and added a couple of access. Mcelog doesn't seem comparable to dmesg. It doesn't read the kernel ring buffer, it reads from /dev/mcelog. > Allowes cron jobs to transition to dmesg > > > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-08-26 20:32 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-06-02 19:46 [refpolicy] admin_dmesg.patch Daniel J Walsh 2010-06-17 12:26 ` Christopher J. PeBenito 2010-06-18 18:47 ` Daniel J Walsh -- strict thread matches above, loose matches on Subject: below -- 2010-08-26 20:32 Daniel J Walsh 2009-05-21 14:08 Daniel J Walsh 2009-06-11 13:28 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.