* [refpolicy] system_xen.patch
@ 2009-11-12 22:18 Daniel J Walsh
2009-11-25 15:27 ` Christopher J. PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2009-11-12 22:18 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_xen.patch
Xen latest policy
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] system_xen.patch
2009-11-12 22:18 Daniel J Walsh
@ 2009-11-25 15:27 ` Christopher J. PeBenito
0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2009-11-25 15:27 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 17:18 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_xen.patch
>
> Xen latest policy
Merged with some rearrangement. Also made the ssh portion optional.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] system_xen.patch
@ 2010-02-23 21:26 Daniel J Walsh
0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:26 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_xen.patch
+ xen_stream_connect_xm(vhostmd_t)
Added an attribute xm_transition_domain which all domains that
transition to xm will get.
+ dontaudit xm_ssh_t xm_transition_domain:fifo_file
rw_inherited_fifo_file_perms;
Then basically dontaudit domains that xm transitions to.
Lots of access to handle using libvirt stuff.
Policy for using xenfs
Transitions to ptchown from xenconsoled
xenconsoled reads etc files
Sets rlimit
Allow domains to run from system_r
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] system_xen.patch
@ 2010-08-26 23:46 Daniel J Walsh
0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:46 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_xen.patch
Replace xm_t policy with virsh_t policy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx2/MgACgkQrlYvE4MpobOl2wCfXC5bryMsf7+3T2W/7eJ2DlV4
wNAAnjyNdUkn38BDzXw2NXyXQF4e4grv
=BsEW
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-08-26 23:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-26 23:46 [refpolicy] system_xen.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 21:26 Daniel J Walsh
2009-11-12 22:18 Daniel J Walsh
2009-11-25 15:27 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.