SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Latest diffs This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Christopher J. PeBenito <cpebenito_at_tresys.com> Date: Thu, 23 Feb 2006 09:18:53 -0500 On Mon, 2006-02-20 at 17:19 -0500, Daniel J Walsh wrote: > Fixed up semodule policy; although matchpathcon does not seem to be > returning the correct labels Renamed semodule to semanage per the semodule policy discussion. > plain text document attachment (diff) > diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.2.17/policy/modules/services/spamassassin.te > --- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-02-20 14:07:37.000000000 -0500 > +++ serefpolicy-2.2.17/policy/modules/services/spamassassin.te 2006-02-20 16:22:06.000000000 -0500 > @@ -124,6 +124,7 @@ > term_dontaudit_use_generic_ptys(spamd_t) > files_dontaudit_read_root_files(spamd_t) > tunable_policy(`spamd_enable_home_dirs',` > + userdom_search_unpriv_user_home_dirs(spamd_t) > userdom_manage_generic_user_home_dirs(spamd_t) > userdom_manage_generic_user_home_files(spamd_t) > userdom_manage_generic_user_home_symlinks(spamd_t) Fixed the userdom_manage_* interfaces to provide search on user_home_dir_t instead. > @@ -137,6 +137,8 @@ > samba_domtrans_smbmount(mount_t) > ') > > +userdom_mounton_generic_user_home_dir(mount_t) > + > ifdef(`TODO',` > # TODO: Need to examine this further. Not sure how to handle this > #type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type; Made user_home_dir_t and user_home_t mount points with files_mountpoint() instead. > @@ -526,12 +526,74 @@ > > miscfiles_read_localization(setfiles_t) > > +seutil_module_get_trans_lock(setfiles_t) > +seutil_module_get_read_lock(setfiles_t) > + > userdom_use_all_users_fd(setfiles_t) > # for config files in a home directory > userdom_read_all_user_files(setfiles_t) I dropped the trans lock for now, I don't see setfiles getting a trans lock in the code. > diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.17/policy/modules/system/userdomain.te > --- nsaserefpolicy/policy/modules/system/userdomain.te 2006-02-16 14:46:56.000000000 -0500 > +++ serefpolicy-2.2.17/policy/modules/system/userdomain.te 2006-02-20 16:22:06.000000000 -0500 > @@ -358,6 +358,8 @@ > seutil_run_checkpolicy(secadm_t,secadm_r,admin_terminal) > seutil_run_loadpolicy(secadm_t,secadm_r,admin_terminal) > seutil_run_setfiles(secadm_t,secadm_r,admin_terminal) > + semodule_domtrans(secadm_t) > + role secadm_r types semodule_t; > seutil_run_restorecon(secadm_t,secadm_r,admin_terminal) > ', ` > selinux_set_enforce_mode(sysadm_t) Changed this to a run interface. Added a call for sysadm_t if mls is disabled. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 23 Feb 2006 - 09:15:52 EST This message: [ Message body ] Next message: Darrel Goeddel: "Re: [PATCH] context based audit filtering (take 4)" Previous message: Stephen Smalley: "Re: policycoreutils latest diffs." In reply to: Daniel J Walsh: "Latest diffs" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom