All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] [PATCH/RFC 1/19]: patch set to update the git reference policy
@ 2011-01-24  0:43 Guido Trentalancia
  2011-01-24 14:26 ` Dominick Grift
  0 siblings, 1 reply; 4+ messages in thread
From: Guido Trentalancia @ 2011-01-24  0:43 UTC (permalink / raw)
  To: refpolicy

diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
--- refpolicy-git-18012011/policy/modules/services/dbus.fc	2011-01-08 19:07:21.238740722 +0100
+++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc	2011-01-18 23:13:43.740999070 +0100
@@ -1,11 +1,24 @@
 /etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
 
 /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-send		--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
 
 /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
 /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
 
 /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-send	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
+
 /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
 
 /var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
--- refpolicy-git-18012011/policy/modules/system/init.fc	2011-01-08 19:07:21.350758412 +0100
+++ refpolicy-git-18012011-update/policy/modules/system/init.fc	2011-01-18 23:13:43.740999070 +0100
@@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
 # /sbin
 #
 /sbin/init(ng)?		--	gen_context(system_u:object_r:init_exec_t,s0)
+# because nowadays, /sbin/init is often a symlink to /sbin/upstart
+/sbin/upstart		--	gen_context(system_u:object_r:init_exec_t,s0)
 
 ifdef(`distro_gentoo', `
 /sbin/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH/RFC 1/19]: patch set to update the git reference policy
  2011-01-24  0:43 [refpolicy] [PATCH/RFC 1/19]: patch set to update the git reference policy Guido Trentalancia
@ 2011-01-24 14:26 ` Dominick Grift
  2011-01-24 14:50   ` Daniel J Walsh
  2011-01-24 15:05   ` Guido Trentalancia
  0 siblings, 2 replies; 4+ messages in thread
From: Dominick Grift @ 2011-01-24 14:26 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
> --- refpolicy-git-18012011/policy/modules/services/dbus.fc	2011-01-08 19:07:21.238740722 +0100
> +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc	2011-01-18 23:13:43.740999070 +0100
> @@ -1,11 +1,24 @@
>  /etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
>  
>  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-send		--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>  
>  /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>  /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>  
>  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-send	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> +

I am not sure if labelling all these dbus_exec_t is a good idea or even
beneficial in any way

>  /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>  
>  /var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
> --- refpolicy-git-18012011/policy/modules/system/init.fc	2011-01-08 19:07:21.350758412 +0100
> +++ refpolicy-git-18012011-update/policy/modules/system/init.fc	2011-01-18 23:13:43.740999070 +0100
> @@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
>  # /sbin
>  #
>  /sbin/init(ng)?		--	gen_context(system_u:object_r:init_exec_t,s0)
> +# because nowadays, /sbin/init is often a symlink to /sbin/upstart
> +/sbin/upstart		--	gen_context(system_u:object_r:init_exec_t,s0)
>  
>  ifdef(`distro_gentoo', `
>  /sbin/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk09i/oACgkQMlxVo39jgT/NzgCfV//vFrkoXxFfZLjxaNhQonBq
jP0AoJ4hVYn7UUXi/uRsKFWVIAkIGomU
=EkxZ
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH/RFC 1/19]: patch set to update the git reference policy
  2011-01-24 14:26 ` Dominick Grift
@ 2011-01-24 14:50   ` Daniel J Walsh
  2011-01-24 15:05   ` Guido Trentalancia
  1 sibling, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2011-01-24 14:50 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/24/2011 09:26 AM, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
>> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
>> --- refpolicy-git-18012011/policy/modules/services/dbus.fc	2011-01-08 19:07:21.238740722 +0100
>> +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc	2011-01-18 23:13:43.740999070 +0100
>> @@ -1,11 +1,24 @@
>>  /etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
> 
>>  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-send		--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> 
>>  /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>>  /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> 
>>  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-send	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +
> 
> I am not sure if labelling all these dbus_exec_t is a good idea or even
> beneficial in any way
> 
Definitely not.
>>  /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> 
>>  /var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
>> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
>> --- refpolicy-git-18012011/policy/modules/system/init.fc	2011-01-08 19:07:21.350758412 +0100
>> +++ refpolicy-git-18012011-update/policy/modules/system/init.fc	2011-01-18 23:13:43.740999070 +0100
>> @@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
>>  # /sbin
>>  #
>>  /sbin/init(ng)?		--	gen_context(system_u:object_r:init_exec_t,s0)
>> +# because nowadays, /sbin/init is often a symlink to /sbin/upstart
>> +/sbin/upstart		--	gen_context(system_u:object_r:init_exec_t,s0)
> 
>>  ifdef(`distro_gentoo', `
>>  /sbin/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
> 
> 
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> 
_______________________________________________
refpolicy mailing list
refpolicy at oss.tresys.com
http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk09kZYACgkQrlYvE4MpobNd1ACfWcH/QOjVkM2+puln2AJvaTye
07sAoNoOoWE6SK5ODGX1DwrMa5ibAxKi
=6QNt
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH/RFC 1/19]: patch set to update the git reference policy
  2011-01-24 14:26 ` Dominick Grift
  2011-01-24 14:50   ` Daniel J Walsh
@ 2011-01-24 15:05   ` Guido Trentalancia
  1 sibling, 0 replies; 4+ messages in thread
From: Guido Trentalancia @ 2011-01-24 15:05 UTC (permalink / raw)
  To: refpolicy

On Mon, 24/01/2011 at 15.26 +0100, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
> > --- refpolicy-git-18012011/policy/modules/services/dbus.fc	2011-01-08 19:07:21.238740722 +0100
> > +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc	2011-01-18 23:13:43.740999070 +0100
> > @@ -1,11 +1,24 @@
> >  /etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
> >  
> >  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-send		--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> >  
> >  /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> >  /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> >  
> >  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-send	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +
> 
> I am not sure if labelling all these dbus_exec_t is a good idea or even
> beneficial in any way

Yes, you are right. Only {/bin,/usr/bin}/dbus-daemon should be labelled
that way.

Will change it.

Regards,

Guido

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-01-24 15:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-24  0:43 [refpolicy] [PATCH/RFC 1/19]: patch set to update the git reference policy Guido Trentalancia
2011-01-24 14:26 ` Dominick Grift
2011-01-24 14:50   ` Daniel J Walsh
2011-01-24 15:05   ` Guido Trentalancia

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.