* [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines
@ 2012-08-25 23:08 Guido Trentalancia
2012-08-29 14:49 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Guido Trentalancia @ 2012-08-25 23:08 UTC (permalink / raw)
To: refpolicy
Add lost+found filesystem label to /var/log and /var/log/audit.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
policy/modules/kernel/files.fc | 6 ++++++
1 file changed, 6 insertions(+)
--- refpolicy-25082012/policy/modules/kernel/files.fc 2012-08-25
17:52:10.037296340 +0200
+++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
2012-08-26 00:38:29.364804301 +0200
@@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
+/var/log/lost\+found -d
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+/var/log/lost\+found/.* <<none>>
+
+/var/log/audit/lost\+found -d
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+/var/log/audit/lost\+found/.* <<none>>
+
/var/lost\+found -d
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/var/lost\+found/.* <<none>>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines
2012-08-25 23:08 [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines Guido Trentalancia
@ 2012-08-29 14:49 ` Christopher J. PeBenito
2012-08-29 17:48 ` Guido Trentalancia
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2012-08-29 14:49 UTC (permalink / raw)
To: refpolicy
On 08/25/12 19:08, Guido Trentalancia wrote:
> Add lost+found filesystem label to /var/log and /var/log/audit.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
> policy/modules/kernel/files.fc | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> --- refpolicy-25082012/policy/modules/kernel/files.fc 2012-08-25
> 17:52:10.037296340 +0200
> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
> 2012-08-26 00:38:29.364804301 +0200
> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
>
> /var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
>
> +/var/log/lost\+found -d
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/lost\+found/.* <<none>>
> +
> +/var/log/audit/lost\+found -d
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/audit/lost\+found/.* <<none>>
> +
> /var/lost\+found -d
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> /var/lost\+found/.* <<none>>
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines
2012-08-29 14:49 ` Christopher J. PeBenito
@ 2012-08-29 17:48 ` Guido Trentalancia
0 siblings, 0 replies; 3+ messages in thread
From: Guido Trentalancia @ 2012-08-29 17:48 UTC (permalink / raw)
To: refpolicy
On 29/08/2012 16:49, Christopher J. PeBenito wrote:
> On 08/25/12 19:08, Guido Trentalancia wrote:
>> Add lost+found filesystem label to /var/log and /var/log/audit.
>>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>> ---
>> policy/modules/kernel/files.fc | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> --- refpolicy-25082012/policy/modules/kernel/files.fc 2012-08-25
>> 17:52:10.037296340 +0200
>> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
>> 2012-08-26 00:38:29.364804301 +0200
>> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
>>
>> /var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
>>
>> +/var/log/lost\+found -d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> +/var/log/lost\+found/.* <<none>>
>> +
>> +/var/log/audit/lost\+found -d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> +/var/log/audit/lost\+found/.* <<none>>
>> +
>> /var/lost\+found -d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> /var/lost\+found/.* <<none>>
>
> Merged.
Perhaps, it might be profitable to have such labels automatically and
dynamically added to the policy upon filesystem mount by the means of
code modifications ?
Just an idea...
Regards,
Guido
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-08-29 17:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-25 23:08 [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines Guido Trentalancia
2012-08-29 14:49 ` Christopher J. PeBenito
2012-08-29 17:48 ` Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.