* [refpolicy] system_udev.patch
@ 2009-03-02 22:36 Daniel J Walsh
2009-03-19 18:21 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-03-02 22:36 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch
Add file context for /var/run/PackageKit/udev
Switch interfaces to use udev_tbl_t
udev can exec helper apps
Searches dbugfs
Reads software raid, sends audit messages
Reads also lib
Executes the clock
Reads devicekit pid file.
Executes lvm commands
Search rm log files
We run it unconfined on Fedora.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmsX2oACgkQrlYvE4MpobNiUwCgwRX2BipvynvZr2pUtZvqvE5m
7P8An20CYCm/IzoEf3YBAWHTJnyyb4Nf
=pmiP
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
2009-03-02 22:36 Daniel J Walsh
@ 2009-03-19 18:21 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-03-19 18:21 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-03-02 at 17:36 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch
>
> Add file context for /var/run/PackageKit/udev
>
> Switch interfaces to use udev_tbl_t
>
> udev can exec helper apps
>
> Searches dbugfs
>
> Reads software raid, sends audit messages
>
> Reads also lib
>
> Executes the clock
>
> Reads devicekit pid file.
>
> Executes lvm commands
>
> Search rm log files
>
> We run it unconfined on Fedora.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
@ 2009-03-20 17:00 Daniel J Walsh
2009-04-07 14:37 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-03-20 17:00 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch
NetworkManager is execing udevadm so needs udev_exec interface
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
2009-03-20 17:00 Daniel J Walsh
@ 2009-04-07 14:37 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-04-07 14:37 UTC (permalink / raw)
To: refpolicy
On Fri, 2009-03-20 at 13:00 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch
>
> NetworkManager is execing udevadm so needs udev_exec interface
Merged. Moved unconfined to distro_redhat.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
@ 2009-11-12 22:16 Daniel J Walsh
2009-11-25 14:44 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-11-12 22:16 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_udev.patch
Fix udev labels.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
2009-11-12 22:16 Daniel J Walsh
@ 2009-11-25 14:44 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2009-11-25 14:44 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 17:16 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_udev.patch
>
> Fix udev labels.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
@ 2010-02-23 21:19 Daniel J Walsh
2010-03-17 19:17 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:19 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
Allow other domains to unlink udev_tbl_t
Uses netlink sockets
Creates device_t symlinks
Reads consolekit_var_run
dontaudit leaks from hal
Searches rpm logs (probably a leak)
Transitions to usbmux_d
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
2010-02-23 21:19 Daniel J Walsh
@ 2010-03-17 19:17 ` Christopher J. PeBenito
2010-03-18 18:24 ` Daniel J Walsh
0 siblings, 1 reply; 10+ messages in thread
From: Christopher J. PeBenito @ 2010-03-17 19:17 UTC (permalink / raw)
To: refpolicy
On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
>
> Allow other domains to unlink udev_tbl_t
Needs a different interface, adding it to udev_rw_db() is an excessive
permission for the interface.
> Uses netlink sockets
Do you have any information on this? It would be best to get a specific
class added for this socket, rather than use the generic netlink_socket.
Otherwise merged.
> Creates device_t symlinks
>
> Reads consolekit_var_run
>
> dontaudit leaks from hal
>
> Searches rpm logs (probably a leak)
>
> Transitions to usbmux_d
>
>
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
2010-03-17 19:17 ` Christopher J. PeBenito
@ 2010-03-18 18:24 ` Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-03-18 18:24 UTC (permalink / raw)
To: refpolicy
On 03/17/2010 03:17 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch
>>
>> Allow other domains to unlink udev_tbl_t
>>
> Needs a different interface, adding it to udev_rw_db() is an excessive
> permission for the interface.
>
>
>> Uses netlink sockets
>>
> Do you have any information on this? It would be best to get a specific
> class added for this socket, rather than use the generic netlink_socket.
>
>
Added during F11. Same time as netlink_kobj_uevent_socket. Might be
the same thing.
> Otherwise merged.
>
>
>> Creates device_t symlinks
>>
>> Reads consolekit_var_run
>>
>> dontaudit leaks from hal
>>
>> Searches rpm logs (probably a leak)
>>
>> Transitions to usbmux_d
>>
>>
>>
>>
>
Updated patch including new policy for usbmuxd.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: udev.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100318/aa7f25a4/attachment.pl
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch
@ 2010-08-26 23:45 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:45 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_udev.patch
tmpfs /var/run
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx2/JAACgkQrlYvE4MpobPiSgCgq3NgMTLlIiUSqj8lJdtRtCf2
I4sAn3pIQhW9kWbaN4pFwNThXY6sIUPv
=5Udz
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-08-26 23:45 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-26 23:45 [refpolicy] system_udev.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 21:19 Daniel J Walsh
2010-03-17 19:17 ` Christopher J. PeBenito
2010-03-18 18:24 ` Daniel J Walsh
2009-11-12 22:16 Daniel J Walsh
2009-11-25 14:44 ` Christopher J. PeBenito
2009-03-20 17:00 Daniel J Walsh
2009-04-07 14:37 ` Christopher J. PeBenito
2009-03-02 22:36 Daniel J Walsh
2009-03-19 18:21 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.