Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Reissue previous patch
From: James Carter <jwcart2_at_epoch.ncsc.mil>
Date: Thu, 02 Dec 2004 08:54:29 -0500
On Tue, 2004-11-30 at 16:19, Daniel J Walsh wrote:
Left it as can_network(), otherwise, I can't mount a NFS partition. May be able to separate the NFS client and server usages, by I haven't looked into it.
<snip>
I used:
+allow howl_t proc_net_t:dir search; +allow howl_t proc_net_t:file {getattr read }; +can_network_server(howl_t)
<snip>
I used can_network_client() instead. The following was needed by ssh during my normal usage of it (like updating the CVS tree on sourceforge.) allow user_ssh_t self:udp_socket create -- James Carter <jwcart2@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 2 Dec 2004 - 08:52:07 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |