All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] system_application.patch
@ 2010-08-26 23:28 Daniel J Walsh
  0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:28 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_application.patch

+application_signal(xdm_t)

Allow application domains to inherit open file descriptors from users.
User home content and user tmp content.

Afs does weird stoff with udp sockets.


Cron can launch user applications and send signals to them
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEUEARECAAYFAkx2+JAACgkQrlYvE4MpobOTSwCVFthS7x+zBS5IgxFwhvM0HsoI
egCgoa77CKElBPRCrXJoPz5Ahg+R12s=
=LHU6
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
@ 2010-02-23 22:10 Daniel J Walsh
  0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-02-23 22:10 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_application.patch 


dontaudit inherited leaks.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
@ 2009-11-12 22:07 Daniel J Walsh
  2009-11-24 16:48 ` Christopher J. PeBenito
  0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2009-11-12 22:07 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_application.patch

Additiona interfaces 

Allow application domain to append to .xsession-errors file

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [refpolicy] system_application.patch
@ 2009-03-05 17:13 Daniel J Walsh
  0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2009-03-05 17:13 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_application.patch

Since application_domains seem have stdout redirected to home and /tmp
by users adding interfaces to allow append,

sudo confined_app

will cause a sigchild to be send to sudo_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmwCB8ACgkQrlYvE4MpobPehgCeJ2EoAyIj27K6qRNTkOo7WciK
OA8AoLCki8YPdbMFp6aEextoUKv7Rjvr
=++D8
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-08-26 23:28 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-26 23:28 [refpolicy] system_application.patch Daniel J Walsh
  -- strict thread matches above, loose matches on Subject: below --
2010-02-23 22:10 Daniel J Walsh
2009-11-12 22:07 Daniel J Walsh
2009-11-24 16:48 ` Christopher J. PeBenito
2009-11-24 20:09   ` Daniel J Walsh
2009-03-05 17:13 Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.