SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Patched SuSE 7.2 openssh-2.9p1 / Policy for SuSE 7.2? This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Stephen Smalley <sds_at_tislabs.com> Date: Mon, 22 Oct 2001 13:09:20 -0400 (EDT) On Mon, 22 Oct 2001, James Bishop wrote: > As far as I can see from the flask.pdf and policy-200109261436.pdf > documents, I should define a domain for blogd. Domain definitions (e.g. > for syslogd & klogd, which appear to be related to blogd - my > assumption) reside in the policy/domains/system/te files, but in* > general, how should I determine what privileges / capabilities should be > assigned to a new executable? The easiest approach is to simply create a stub domain for the program and try running the program in that domain while in permissive mode. You can then examine the avc audit messages to determine what permissions are being requested by the process, and can incrementally refine your .te file based on this information. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 22 Oct 2001 - 13:14:58 EDT This message: [ Message body ] Next message: Stephen Smalley: "[PATCH] Missing getscheduler hook" Previous message: James Bishop: "Patched SuSE 7.2 openssh-2.9p1 / Policy for SuSE 7.2?" In reply to: James Bishop: "Patched SuSE 7.2 openssh-2.9p1 / Policy for SuSE 7.2?" Next in thread: R Cescon: "Re: Patched SuSE 7.2 openssh-2.9p1 / Policy for SuSE 7.2?" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom