* [refpolicy] system_udev.patch @ 2010-08-26 23:45 Daniel J Walsh 0 siblings, 0 replies; 10+ messages in thread From: Daniel J Walsh @ 2010-08-26 23:45 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_udev.patch tmpfs /var/run -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx2/JAACgkQrlYvE4MpobPiSgCgq3NgMTLlIiUSqj8lJdtRtCf2 I4sAn3pIQhW9kWbaN4pFwNThXY6sIUPv =5Udz -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch @ 2010-02-23 21:19 Daniel J Walsh 2010-03-17 19:17 ` Christopher J. PeBenito 0 siblings, 1 reply; 10+ messages in thread From: Daniel J Walsh @ 2010-02-23 21:19 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch Allow other domains to unlink udev_tbl_t Uses netlink sockets Creates device_t symlinks Reads consolekit_var_run dontaudit leaks from hal Searches rpm logs (probably a leak) Transitions to usbmux_d ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch 2010-02-23 21:19 Daniel J Walsh @ 2010-03-17 19:17 ` Christopher J. PeBenito 2010-03-18 18:24 ` Daniel J Walsh 0 siblings, 1 reply; 10+ messages in thread From: Christopher J. PeBenito @ 2010-03-17 19:17 UTC (permalink / raw) To: refpolicy On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch > > Allow other domains to unlink udev_tbl_t Needs a different interface, adding it to udev_rw_db() is an excessive permission for the interface. > Uses netlink sockets Do you have any information on this? It would be best to get a specific class added for this socket, rather than use the generic netlink_socket. Otherwise merged. > Creates device_t symlinks > > Reads consolekit_var_run > > dontaudit leaks from hal > > Searches rpm logs (probably a leak) > > Transitions to usbmux_d > > > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch 2010-03-17 19:17 ` Christopher J. PeBenito @ 2010-03-18 18:24 ` Daniel J Walsh 0 siblings, 0 replies; 10+ messages in thread From: Daniel J Walsh @ 2010-03-18 18:24 UTC (permalink / raw) To: refpolicy On 03/17/2010 03:17 PM, Christopher J. PeBenito wrote: > On Tue, 2010-02-23 at 16:19 -0500, Daniel J Walsh wrote: > >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_udev.patch >> >> Allow other domains to unlink udev_tbl_t >> > Needs a different interface, adding it to udev_rw_db() is an excessive > permission for the interface. > > >> Uses netlink sockets >> > Do you have any information on this? It would be best to get a specific > class added for this socket, rather than use the generic netlink_socket. > > Added during F11. Same time as netlink_kobj_uevent_socket. Might be the same thing. > Otherwise merged. > > >> Creates device_t symlinks >> >> Reads consolekit_var_run >> >> dontaudit leaks from hal >> >> Searches rpm logs (probably a leak) >> >> Transitions to usbmux_d >> >> >> >> > Updated patch including new policy for usbmuxd. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: udev.patch Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100318/aa7f25a4/attachment.pl ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch @ 2009-11-12 22:16 Daniel J Walsh 2009-11-25 14:44 ` Christopher J. PeBenito 0 siblings, 1 reply; 10+ messages in thread From: Daniel J Walsh @ 2009-11-12 22:16 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_udev.patch Fix udev labels. ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch 2009-11-12 22:16 Daniel J Walsh @ 2009-11-25 14:44 ` Christopher J. PeBenito 0 siblings, 0 replies; 10+ messages in thread From: Christopher J. PeBenito @ 2009-11-25 14:44 UTC (permalink / raw) To: refpolicy On Thu, 2009-11-12 at 17:16 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_udev.patch > > Fix udev labels. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch @ 2009-03-20 17:00 Daniel J Walsh 2009-04-07 14:37 ` Christopher J. PeBenito 0 siblings, 1 reply; 10+ messages in thread From: Daniel J Walsh @ 2009-03-20 17:00 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch NetworkManager is execing udevadm so needs udev_exec interface ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch 2009-03-20 17:00 Daniel J Walsh @ 2009-04-07 14:37 ` Christopher J. PeBenito 0 siblings, 0 replies; 10+ messages in thread From: Christopher J. PeBenito @ 2009-04-07 14:37 UTC (permalink / raw) To: refpolicy On Fri, 2009-03-20 at 13:00 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch > > NetworkManager is execing udevadm so needs udev_exec interface Merged. Moved unconfined to distro_redhat. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch @ 2009-03-02 22:36 Daniel J Walsh 2009-03-19 18:21 ` Christopher J. PeBenito 0 siblings, 1 reply; 10+ messages in thread From: Daniel J Walsh @ 2009-03-02 22:36 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch Add file context for /var/run/PackageKit/udev Switch interfaces to use udev_tbl_t udev can exec helper apps Searches dbugfs Reads software raid, sends audit messages Reads also lib Executes the clock Reads devicekit pid file. Executes lvm commands Search rm log files We run it unconfined on Fedora. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmsX2oACgkQrlYvE4MpobNiUwCgwRX2BipvynvZr2pUtZvqvE5m 7P8An20CYCm/IzoEf3YBAWHTJnyyb4Nf =pmiP -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] system_udev.patch 2009-03-02 22:36 Daniel J Walsh @ 2009-03-19 18:21 ` Christopher J. PeBenito 0 siblings, 0 replies; 10+ messages in thread From: Christopher J. PeBenito @ 2009-03-19 18:21 UTC (permalink / raw) To: refpolicy On Mon, 2009-03-02 at 17:36 -0500, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_udev.patch > > Add file context for /var/run/PackageKit/udev > > Switch interfaces to use udev_tbl_t > > udev can exec helper apps > > Searches dbugfs > > Reads software raid, sends audit messages > > Reads also lib > > Executes the clock > > Reads devicekit pid file. > > Executes lvm commands > > Search rm log files > > We run it unconfined on Fedora. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-08-26 23:45 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-08-26 23:45 [refpolicy] system_udev.patch Daniel J Walsh -- strict thread matches above, loose matches on Subject: below -- 2010-02-23 21:19 Daniel J Walsh 2010-03-17 19:17 ` Christopher J. PeBenito 2010-03-18 18:24 ` Daniel J Walsh 2009-11-12 22:16 Daniel J Walsh 2009-11-25 14:44 ` Christopher J. PeBenito 2009-03-20 17:00 Daniel J Walsh 2009-04-07 14:37 ` Christopher J. PeBenito 2009-03-02 22:36 Daniel J Walsh 2009-03-19 18:21 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.