SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Latest policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: James Carter <jwcart2_at_epoch.ncsc.mil> Date: Thu, 10 Mar 2005 16:23:02 -0500 Merged. I did notice that some of the changes to use read_sysctl() replaced statements like: allow foo_t sysctl_kernel_t:file r_file_perms; allow foo_t sysctl_kernel_t:dir r_dir_perms; instead of ones like: allow foo_t sysctl_kernel_t:dir search; allow foo_t sysctl_kernel_t:file read; This was the case for the following: fsadm.te, backup.te, clamav.te, gatekeeper.te, lvm.te, named.te, and clamav_macros.te. I didn't notice any problems though, so maybe they didn't need those permissions. Do we need to add this? cy-1.21.15/file_contexts/program/nrpe.fc --- nsapolicy/file_contexts/program/nrpe.fc 2005-02-24 14:51:09.000000000 -0500 +++ policy-1.21.15/file_contexts/program/nrpe.fc 2005-03-07 09:36:55.000000000 -0500 @@ -1,3 +1,5 @@ # nrpe /usr/bin/nrpe -- system_u:object_r:nrpe_exec_t /etc/nagios/nrpe\.cfg -- system_u:object_r:nrpe_etc_t +/usr/lib(64)?/netsaint/plugins(/.)? -- system_u:object_r:bin_t +/usr/lib(64)?/nagios/plugins(/.)? -- system_u:object_r:bin_t These same statements are also in nagios.fc On Wed, 2005-03-09 at 00:27 -0500, Daniel J Walsh wrote: > Lots of policy cleanup via Ivan's Patches > Use read_sysctl > Cleanup of homedir macros > > Fixes to allow amanda to read file system > > Change apache stream sockets to use create_stream_socket_perms > > Eliminate cyrus_r > > Cleanup dhcpc.te so it can be used in targeted policy > > Add ftpd_anon_rw_t so that upload can be made to work with anonymous ftp > sites. > > Additional rules to allow postfix to work correctly in targeted policy > > Allow snmpd to communicate with its own fifo_file > -- James Carter <jwcart2@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 10 Mar 2005 - 16:26:45 EST This message: [ Message body ] Next message: Daniel J Walsh: "Re: *SPAM* Re: Latest policy" Previous message: Daniel J Walsh: "genhomedircon cleanup" In reply to: Daniel J Walsh: "Latest policy" Next in thread: Daniel J Walsh: "Re: *SPAM* Re: Latest policy" Reply: Daniel J Walsh: "Re: *SPAM* Re: Latest policy" Reply: Thomas Bleher: "Re: Latest policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom