[refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy
@ 2011-01-24  0:44 Guido Trentalancia
  2011-01-24 13:49 ` Dominick Grift
  0 siblings, 1 reply; 4+ messages in thread
From: Guido Trentalancia @ 2011-01-24  0:44 UTC (permalink / raw)
  To: refpolicy

diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
--- refpolicy-git-18012011/policy/modules/system/logging.te	2011-01-08 19:07:21.356759360 +0100
+++ refpolicy-git-18012011-new/policy/modules/system/logging.te	2011-01-18 23:13:49.813854998 +0100
@@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
 
 allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
 
+allow audisp_t proc_t:file read_file_perms;
+
 manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
 files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy
  2011-01-24  0:44 [refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy Guido Trentalancia
@ 2011-01-24 13:49 ` Dominick Grift
  2011-01-24 15:49   ` Guido Trentalancia
  0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2011-01-24 13:49 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
> --- refpolicy-git-18012011/policy/modules/system/logging.te	2011-01-08 19:07:21.356759360 +0100
> +++ refpolicy-git-18012011-new/policy/modules/system/logging.te	2011-01-18 23:13:49.813854998 +0100
> @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
>  
>  allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
>  
> +allow audisp_t proc_t:file read_file_perms;

usage of proc_t is not allowed here. use:

kernel_read_system_state(audisp_t)

> +
>  manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
>  files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
>  
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk09g4cACgkQMlxVo39jgT8rugCfWiuhmkrBk40I+piTPDeQF8bG
FJsAn3l5nOhdFsKnGUZ6vQy8QQ/sP7iH
=ngQf
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy
  2011-01-24 13:49 ` Dominick Grift
@ 2011-01-24 15:49   ` Guido Trentalancia
  2011-01-24 15:55     ` Dominick Grift
  0 siblings, 1 reply; 4+ messages in thread
From: Guido Trentalancia @ 2011-01-24 15:49 UTC (permalink / raw)
  To: refpolicy

On Mon, 24/01/2011 at 14.49 +0100, Dominick Grift wrote:
> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
> > --- refpolicy-git-18012011/policy/modules/system/logging.te	2011-01-08 19:07:21.356759360 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/system/logging.te	2011-01-18 23:13:49.813854998 +0100
> > @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
> >  
> >  allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
> >  
> > +allow audisp_t proc_t:file read_file_perms;
> 
> usage of proc_t is not allowed here. use:
> 
> kernel_read_system_state(audisp_t)

Ok, it will be changed accordingly. Wasn't aware of that restriction, is
it the style guidelines thing ? Of course, proc_t is not defined
there...

There were other comments to other pieces of the set. Will check the
rest later this evening or tomorrow as it requires a bit more time.

Thanks very much for your comments.

Regards,

Guido

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy
  2011-01-24 15:49   ` Guido Trentalancia
@ 2011-01-24 15:55     ` Dominick Grift
  0 siblings, 0 replies; 4+ messages in thread
From: Dominick Grift @ 2011-01-24 15:55 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/24/2011 04:49 PM, Guido Trentalancia wrote:
> On Mon, 24/01/2011 at 14.49 +0100, Dominick Grift wrote:
>> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
>>> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
>>> --- refpolicy-git-18012011/policy/modules/system/logging.te	2011-01-08 19:07:21.356759360 +0100
>>> +++ refpolicy-git-18012011-new/policy/modules/system/logging.te	2011-01-18 23:13:49.813854998 +0100
>>> @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
>>>  
>>>  allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
>>>  
>>> +allow audisp_t proc_t:file read_file_perms;
>>
>> usage of proc_t is not allowed here. use:
>>
>> kernel_read_system_state(audisp_t)
> 
> Ok, it will be changed accordingly. Wasn't aware of that restriction, is
> it the style guidelines thing ? Of course, proc_t is not defined
> there...

I guess atleast some unwritten rules. but it may or may not be mentioned
in the style guide.

But if you study refpolicy long enough you will probably see that pattern.

> 
> There were other comments to other pieces of the set. Will check the
> rest later this evening or tomorrow as it requires a bit more time.

> Thanks very much for your comments.
> 
> Regards,
> 
> Guido
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk09oNUACgkQMlxVo39jgT84TwCguwWul+QDcfBnp7qEOvh7Zjd+
dbYAnAjfSXdfWeheY9hPO5CFdRUVTMXQ
=D62H
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-01-24 15:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-24  0:44 [refpolicy] [PATCH/RFC 14/19]: patch set to update the git reference policy Guido Trentalancia
2011-01-24 13:49 ` Dominick Grift
2011-01-24 15:49   ` Guido Trentalancia
2011-01-24 15:55     ` Dominick Grift

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.