Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing Listpatch: misc policy additions
From: Thomas Bleher <bleher_at_informatik.uni-muenchen.de>
Date: Tue, 9 Nov 2004 22:04:47 +0100
add support for xconsole_device_t assert.te: nfs_export_all_rw is not there anymore. Nobody complained till now, so maybe this is not needed at all? initrc.te: these permissions are needed on suse systems, I think they can be generally allowed. restorecon.te: ttyfiles don't have the device_type attribute apmd.te: acpid stores files under /var/lib on suse systems cupsd.te: cupsd_config_t depends on hald rpm.te: rpm is granted setrlimit further up in the policy xdm.te: I have default_context_t files symlinked, I think it's OK to allow this in the general case. I also needed device_t:lnk_file access once, can't remember why, but I don't think it's harmful. global_macros.te: the patch snippet is from var_run_domain(). Domains need search access to var_t:dir if they want to access /var/run. I think the other stuff is clear. Thomas -- http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7Received on Tue 9 Nov 2004 - 16:05:03 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |