* [refpolicy] [PATCH 1/1] blueman contrib policy
@ 2012-06-26 21:09 Miroslav Grepl
2012-06-26 21:20 ` Dominick Grift
2012-07-03 13:41 ` Miroslav Grepl
0 siblings, 2 replies; 9+ messages in thread
From: Miroslav Grepl @ 2012-06-26 21:09 UTC (permalink / raw)
To: refpolicy
A new policy for blueman-mechanism from Fedora contrib repo.
(git://git.fedorahosted.org/selinux-policy.git)
Description :
Blueman is a tool to use Bluetooth devices.
Patch:
http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-06-26 21:09 [refpolicy] [PATCH 1/1] blueman contrib policy Miroslav Grepl
@ 2012-06-26 21:20 ` Dominick Grift
2012-06-26 21:28 ` Miroslav Grepl
2012-07-03 13:41 ` Miroslav Grepl
1 sibling, 1 reply; 9+ messages in thread
From: Dominick Grift @ 2012-06-26 21:20 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
There is a significant difference between the way reference policy
implemented auth_use_nsswitch and the way fedora implemented it.
This leads me to believe that, since this policy relies on
auth_use_nsswitch, it should probably be modified to reflect these
changes between fedora's and refpolicy's auth_use_nsswitch()
Some other minor comments:
1. files dont need to file transition from var_lib_t to
blueman_var_lib_t; only directories. The files are created inside these
directories as per file context specification:
/var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
2. files_read_etc_files(blueman_t) is redundant (it is already included
with auth_use_nsswitch()
> A new policy for blueman-mechanism from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)
>
> Description :
> Blueman is a tool to use Bluetooth devices.
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-06-26 21:20 ` Dominick Grift
@ 2012-06-26 21:28 ` Miroslav Grepl
2012-06-26 21:37 ` Dominick Grift
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Miroslav Grepl @ 2012-06-26 21:28 UTC (permalink / raw)
To: refpolicy
On 06/26/2012 11:20 PM, Dominick Grift wrote:
> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
>
> There is a significant difference between the way reference policy
> implemented auth_use_nsswitch and the way fedora implemented it.
>
> This leads me to believe that, since this policy relies on
> auth_use_nsswitch, it should probably be modified to reflect these
> changes between fedora's and refpolicy's auth_use_nsswitch()
You could say it about lot of policies which are in the contrib repo.
Let's discuss it.
>
> Some other minor comments:
>
> 1. files dont need to file transition from var_lib_t to
> blueman_var_lib_t; only directories. The files are created inside these
> directories as per file context specification:
>
> /var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
>
> 2. files_read_etc_files(blueman_t) is redundant (it is already included
> with auth_use_nsswitch()
>
>
>> A new policy for blueman-mechanism from Fedora contrib repo.
>> (git://git.fedorahosted.org/selinux-policy.git)
>>
>> Description :
>> Blueman is a tool to use Bluetooth devices.
>>
>> Patch:
>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-06-26 21:28 ` Miroslav Grepl
@ 2012-06-26 21:37 ` Dominick Grift
2012-06-26 21:37 ` Miroslav Grepl
[not found] ` <4FEB19F7.4000003@tresys.com>
2 siblings, 0 replies; 9+ messages in thread
From: Dominick Grift @ 2012-06-26 21:37 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-06-26 at 23:28 +0200, Miroslav Grepl wrote:
> On 06/26/2012 11:20 PM, Dominick Grift wrote:
> > On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
> >
> > There is a significant difference between the way reference policy
> > implemented auth_use_nsswitch and the way fedora implemented it.
> >
> > This leads me to believe that, since this policy relies on
> > auth_use_nsswitch, it should probably be modified to reflect these
> > changes between fedora's and refpolicy's auth_use_nsswitch()
> You could say it about lot of policies which are in the contrib repo.
Not quite but there may be some that slipped the cracks. since fedora's
auth_use_nsswitch() implementation underwent a huge change not many new
modules have been upstreamed as far as i know.
So i dont think this is true, although in some cases i may be wrong.
> Let's discuss it.
>
> >
> > Some other minor comments:
> >
> > 1. files dont need to file transition from var_lib_t to
> > blueman_var_lib_t; only directories. The files are created inside these
> > directories as per file context specification:
> >
> > /var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
> >
> > 2. files_read_etc_files(blueman_t) is redundant (it is already included
> > with auth_use_nsswitch()
> >
> >
> >> A new policy for blueman-mechanism from Fedora contrib repo.
> >> (git://git.fedorahosted.org/selinux-policy.git)
> >>
> >> Description :
> >> Blueman is a tool to use Bluetooth devices.
> >>
> >> Patch:
> >> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
> >>
> >> _______________________________________________
> >> refpolicy mailing list
> >> refpolicy at oss.tresys.com
> >> http://oss.tresys.com/mailman/listinfo/refpolicy
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-06-26 21:28 ` Miroslav Grepl
2012-06-26 21:37 ` Dominick Grift
@ 2012-06-26 21:37 ` Miroslav Grepl
2012-06-26 21:42 ` Dominick Grift
[not found] ` <4FEB19F7.4000003@tresys.com>
2 siblings, 1 reply; 9+ messages in thread
From: Miroslav Grepl @ 2012-06-26 21:37 UTC (permalink / raw)
To: refpolicy
On 06/26/2012 11:28 PM, Miroslav Grepl wrote:
> On 06/26/2012 11:20 PM, Dominick Grift wrote:
>> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
>>
>> There is a significant difference between the way reference policy
>> implemented auth_use_nsswitch and the way fedora implemented it.
>>
>> This leads me to believe that, since this policy relies on
>> auth_use_nsswitch, it should probably be modified to reflect these
>> changes between fedora's and refpolicy's auth_use_nsswitch()
> You could say it about lot of policies which are in the contrib repo.
>
> Let's discuss it.
Also I don't see this big differences. We use nsswitch_domain attribute
now which will also submit as a patch.
>
>> Some other minor comments:
>>
>> 1. files dont need to file transition from var_lib_t to
>> blueman_var_lib_t; only directories. The files are created inside these
>> directories as per file context specification:
>>
>> /var/lib/blueman(/.*)?gen_context(system_u:object_r:blueman_var_lib_t,s0)
>>
>> 2. files_read_etc_files(blueman_t) is redundant (it is already included
>> with auth_use_nsswitch()
>>
>>
>>> A new policy for blueman-mechanism from Fedora contrib repo.
>>> (git://git.fedorahosted.org/selinux-policy.git)
>>>
>>> Description :
>>> Blueman is a tool to use Bluetooth devices.
>>>
>>> Patch:
>>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>>>
>>> _______________________________________________
>>> refpolicy mailing list
>>> refpolicy at oss.tresys.com
>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-06-26 21:37 ` Miroslav Grepl
@ 2012-06-26 21:42 ` Dominick Grift
0 siblings, 0 replies; 9+ messages in thread
From: Dominick Grift @ 2012-06-26 21:42 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-06-26 at 23:37 +0200, Miroslav Grepl wrote:
> On 06/26/2012 11:28 PM, Miroslav Grepl wrote:
> > On 06/26/2012 11:20 PM, Dominick Grift wrote:
> >> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
> >>
> >> There is a significant difference between the way reference policy
> >> implemented auth_use_nsswitch and the way fedora implemented it.
> >>
> >> This leads me to believe that, since this policy relies on
> >> auth_use_nsswitch, it should probably be modified to reflect these
> >> changes between fedora's and refpolicy's auth_use_nsswitch()
> > You could say it about lot of policies which are in the contrib repo.
> >
> > Let's discuss it.
> Also I don't see this big differences. We use nsswitch_domain attribute
> now which will also submit as a patch.
Hmm yes you are right, there are some changes but its not as big as i
thought.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
[not found] ` <4FEB19F7.4000003@tresys.com>
@ 2012-06-27 17:51 ` Miroslav Grepl
0 siblings, 0 replies; 9+ messages in thread
From: Miroslav Grepl @ 2012-06-27 17:51 UTC (permalink / raw)
To: refpolicy
On 06/27/2012 04:34 PM, Christopher J. PeBenito wrote:
> On 06/26/12 17:28, Miroslav Grepl wrote:
>> On 06/26/2012 11:20 PM, Dominick Grift wrote:
>>> On Tue, 2012-06-26 at 23:09 +0200, Miroslav Grepl wrote:
>>>
>>> There is a significant difference between the way reference policy
>>> implemented auth_use_nsswitch and the way fedora implemented it.
>>>
>>> This leads me to believe that, since this policy relies on
>>> auth_use_nsswitch, it should probably be modified to reflect these
>>> changes between fedora's and refpolicy's auth_use_nsswitch()
>> You could say it about lot of policies which are in the contrib repo.
>>
>> Let's discuss it.
> Not surprising. Last time I think anything has been upstreamed from Fedora/Red Hat was in January.
>
We did al lot of work to switch our structure to reflect upstream
structure to make patches much more easier. Also these changes related
to auth_use_nsswitch are not so big. We use nsswitch_domain attribute.
Basically we now use more attributes to shrink the policy .
I believe now it will be easier to add our patches.
Regards,
Miroslav
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-06-26 21:09 [refpolicy] [PATCH 1/1] blueman contrib policy Miroslav Grepl
2012-06-26 21:20 ` Dominick Grift
@ 2012-07-03 13:41 ` Miroslav Grepl
2012-07-10 12:18 ` Christopher J. PeBenito
1 sibling, 1 reply; 9+ messages in thread
From: Miroslav Grepl @ 2012-07-03 13:41 UTC (permalink / raw)
To: refpolicy
On 06/26/2012 11:09 PM, Miroslav Grepl wrote:
> A new policy for blueman-mechanism from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)
>
> Description :
> Blueman is a tool to use Bluetooth devices.
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
Updated.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH 1/1] blueman contrib policy
2012-07-03 13:41 ` Miroslav Grepl
@ 2012-07-10 12:18 ` Christopher J. PeBenito
0 siblings, 0 replies; 9+ messages in thread
From: Christopher J. PeBenito @ 2012-07-10 12:18 UTC (permalink / raw)
To: refpolicy
On 07/03/12 09:41, Miroslav Grepl wrote:
> On 06/26/2012 11:09 PM, Miroslav Grepl wrote:
>> A new policy for blueman-mechanism from Fedora contrib repo.
>> (git://git.fedorahosted.org/selinux-policy.git)
>>
>> Description :
>> Blueman is a tool to use Bluetooth devices.
>>
>> Patch:
>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_blueman.patch
>>
> Updated.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2012-07-10 12:18 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-26 21:09 [refpolicy] [PATCH 1/1] blueman contrib policy Miroslav Grepl
2012-06-26 21:20 ` Dominick Grift
2012-06-26 21:28 ` Miroslav Grepl
2012-06-26 21:37 ` Dominick Grift
2012-06-26 21:37 ` Miroslav Grepl
2012-06-26 21:42 ` Dominick Grift
[not found] ` <4FEB19F7.4000003@tresys.com>
2012-06-27 17:51 ` Miroslav Grepl
2012-07-03 13:41 ` Miroslav Grepl
2012-07-10 12:18 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.