SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: *SPAM* Re: Latest policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Daniel J Walsh <dwalsh_at_redhat.com> Date: Thu, 10 Mar 2005 16:47:34 -0500 James Carter wrote: >Merged. > >I did notice that some of the changes to use read_sysctl() replaced >statements like: >allow foo_t sysctl_kernel_t:file r_file_perms; >allow foo_t sysctl_kernel_t:dir r_dir_perms; >instead of ones like: >allow foo_t sysctl_kernel_t:dir search; >allow foo_t sysctl_kernel_t:file read; >This was the case for the following: fsadm.te, backup.te, clamav.te, >gatekeeper.te, lvm.te, named.te, and clamav_macros.te. > >I didn't notice any problems though, so maybe they didn't need those >permissions. > > > Yes I have not heard any complaints about this yet. >Do we need to add this? >cy-1.21.15/file_contexts/program/nrpe.fc >--- nsapolicy/file_contexts/program/nrpe.fc 2005-02-24 14:51:09.000000000 -0500 >+++ policy-1.21.15/file_contexts/program/nrpe.fc 2005-03-07 09:36:55.000000000 -0500 >@@ -1,3 +1,5 @@ > # nrpe > /usr/bin/nrpe -- system_u:object_r:nrpe_exec_t > /etc/nagios/nrpe\.cfg -- system_u:object_r:nrpe_etc_t >+/usr/lib(64)?/netsaint/plugins(/.)? -- system_u:object_r:bin_t* >+/usr/lib(64)?/nagios/plugins(/.)? -- system_u:object_r:bin_t* > > > This is probably me missing a removal, since I have done nothing with nrpe. So eliminate this. >These same statements are also in nagios.fc > > >On Wed, 2005-03-09 at 00:27 -0500, Daniel J Walsh wrote: > > >>Lots of policy cleanup via Ivan's Patches >> Use read_sysctl >> Cleanup of homedir macros >> >>Fixes to allow amanda to read file system >> >>Change apache stream sockets to use create_stream_socket_perms >> >>Eliminate cyrus_r >> >>Cleanup dhcpc.te so it can be used in targeted policy >> >>Add ftpd_anon_rw_t so that upload can be made to work with anonymous ftp >>sites. >> >>Additional rules to allow postfix to work correctly in targeted policy >> >>Allow snmpd to communicate with its own fifo_file >> >> >> > > > > -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 10 Mar 2005 - 16:55:20 EST This message: [ Message body ] Next message: Thomas Bleher: "Re: Latest policy" Previous message: James Carter: "Re: Latest policy" In reply to: James Carter: "Re: Latest policy" Next in thread: Thomas Bleher: "Re: Latest policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom