[refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines
@ 2012-08-25 23:08 Guido Trentalancia
  2012-08-29 14:49 ` Christopher J. PeBenito
  0 siblings, 1 reply; 3+ messages in thread
From: Guido Trentalancia @ 2012-08-25 23:08 UTC (permalink / raw)
  To: refpolicy

Add lost+found filesystem label to /var/log and /var/log/audit.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
  policy/modules/kernel/files.fc |    6 ++++++
  1 file changed, 6 insertions(+)

--- refpolicy-25082012/policy/modules/kernel/files.fc	2012-08-25 
17:52:10.037296340 +0200
+++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc 
2012-08-26 00:38:29.364804301 +0200
@@ -243,6 +243,12 @@ ifndef(`distro_redhat',`

  /var/lock(/.*)?			gen_context(system_u:object_r:var_lock_t,s0)

+/var/log/lost\+found	-d 
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+/var/log/lost\+found/.*		<<none>>
+
+/var/log/audit/lost\+found	-d 
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+/var/log/audit/lost\+found/.*		<<none>>
+
  /var/lost\+found	-d 
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  /var/lost\+found/.*		<<none>>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines
  2012-08-25 23:08 [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines Guido Trentalancia
@ 2012-08-29 14:49 ` Christopher J. PeBenito
  2012-08-29 17:48   ` Guido Trentalancia
  0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2012-08-29 14:49 UTC (permalink / raw)
  To: refpolicy

On 08/25/12 19:08, Guido Trentalancia wrote:
> Add lost+found filesystem label to /var/log and /var/log/audit.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>   policy/modules/kernel/files.fc |    6 ++++++
>   1 file changed, 6 insertions(+)
> 
> --- refpolicy-25082012/policy/modules/kernel/files.fc	2012-08-25 
> 17:52:10.037296340 +0200
> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc 
> 2012-08-26 00:38:29.364804301 +0200
> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
> 
>   /var/lock(/.*)?			gen_context(system_u:object_r:var_lock_t,s0)
> 
> +/var/log/lost\+found	-d 
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/lost\+found/.*		<<none>>
> +
> +/var/log/audit/lost\+found	-d 
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/audit/lost\+found/.*		<<none>>
> +
>   /var/lost\+found	-d 
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>   /var/lost\+found/.*		<<none>>

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines
  2012-08-29 14:49 ` Christopher J. PeBenito
@ 2012-08-29 17:48   ` Guido Trentalancia
  0 siblings, 0 replies; 3+ messages in thread
From: Guido Trentalancia @ 2012-08-29 17:48 UTC (permalink / raw)
  To: refpolicy

On 29/08/2012 16:49, Christopher J. PeBenito wrote:
> On 08/25/12 19:08, Guido Trentalancia wrote:
>> Add lost+found filesystem label to /var/log and /var/log/audit.
>>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>> ---
>>    policy/modules/kernel/files.fc |    6 ++++++
>>    1 file changed, 6 insertions(+)
>>
>> --- refpolicy-25082012/policy/modules/kernel/files.fc	2012-08-25
>> 17:52:10.037296340 +0200
>> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
>> 2012-08-26 00:38:29.364804301 +0200
>> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
>>
>>    /var/lock(/.*)?			gen_context(system_u:object_r:var_lock_t,s0)
>>
>> +/var/log/lost\+found	-d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> +/var/log/lost\+found/.*		<<none>>
>> +
>> +/var/log/audit/lost\+found	-d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> +/var/log/audit/lost\+found/.*		<<none>>
>> +
>>    /var/lost\+found	-d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>>    /var/lost\+found/.*		<<none>>
>
> Merged.

Perhaps, it might be profitable to have such labels automatically and 
dynamically added to the policy upon filesystem mount by the means of 
code modifications ?

Just an idea...

Regards,

Guido

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-08-29 17:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-25 23:08 [refpolicy] [PATCH]: add lost+found filesystem labels to support NSA security guidelines Guido Trentalancia
2012-08-29 14:49 ` Christopher J. PeBenito
2012-08-29 17:48   ` Guido Trentalancia

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.