* [refpolicy] system_application.patch
@ 2009-03-05 17:13 Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2009-03-05 17:13 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_application.patch
Since application_domains seem have stdout redirected to home and /tmp
by users adding interfaces to allow append,
sudo confined_app
will cause a sigchild to be send to sudo_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmwCB8ACgkQrlYvE4MpobPehgCeJ2EoAyIj27K6qRNTkOo7WciK
OA8AoLCki8YPdbMFp6aEextoUKv7Rjvr
=++D8
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
@ 2009-11-12 22:07 Daniel J Walsh
2009-11-24 16:48 ` Christopher J. PeBenito
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2009-11-12 22:07 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_application.patch
Additiona interfaces
Allow application domain to append to .xsession-errors file
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
2009-11-12 22:07 Daniel J Walsh
@ 2009-11-24 16:48 ` Christopher J. PeBenito
2009-11-24 20:09 ` Daniel J Walsh
0 siblings, 1 reply; 6+ messages in thread
From: Christopher J. PeBenito @ 2009-11-24 16:48 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 17:07 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_application.patch
>
> Additiona interfaces
>
> Allow application domain to append to .xsession-errors file
>
I'll have to think about this last point; it seems way too excessive.
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
2009-11-24 16:48 ` Christopher J. PeBenito
@ 2009-11-24 20:09 ` Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2009-11-24 20:09 UTC (permalink / raw)
To: refpolicy
On 11/24/2009 11:48 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 17:07 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_application.patch
>>
>> Additiona interfaces
>>
>> Allow application domain to append to .xsession-errors file
>>
> I'll have to think about this last point; it seems way too excessive.
> Otherwise merged.
>
Well unless you have a better idea. STDOUT on all X Apps started from the panel or inherited to the panel append ~/.xsession-errors
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
@ 2010-02-23 22:10 Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-02-23 22:10 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_application.patch
dontaudit inherited leaks.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
@ 2010-08-26 23:28 Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:28 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_application.patch
+application_signal(xdm_t)
Allow application domains to inherit open file descriptors from users.
User home content and user tmp content.
Afs does weird stoff with udp sockets.
Cron can launch user applications and send signals to them
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEUEARECAAYFAkx2+JAACgkQrlYvE4MpobOTSwCVFthS7x+zBS5IgxFwhvM0HsoI
egCgoa77CKElBPRCrXJoPz5Ahg+R12s=
=LHU6
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-08-26 23:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-26 23:28 [refpolicy] system_application.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 22:10 Daniel J Walsh
2009-11-12 22:07 Daniel J Walsh
2009-11-24 16:48 ` Christopher J. PeBenito
2009-11-24 20:09 ` Daniel J Walsh
2009-03-05 17:13 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.