SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH] Add users.fc to policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Russell Coker <russell_at_coker.com.au> Date: Sat, 24 Jan 2004 12:57:36 +1100 On Sat, 24 Jan 2004 04:34, Stephen Smalley <sds@epoch.ncsc.mil> wrote: > On Fri, 2004-01-23 at 12:27, Karl MacMillan wrote: > > Attached is a patch that moves the home directory labeling information > > in the policy from file_contexts/types.fc to file_contexts/users.fc. It > > also changes the Makefile to pick up any .fc files in the file_contexts > > directory. > > If you look at Dan's policy RPM (as well as our sourceforge CVS tree), > you'll see that the user entries for non-user_r users are now generated > automatically via a script. The /root entries are still in the base .fc > files, since they are static, but the jadmin example entries have been > removed and if any staff user listed in policy/users will automatically > have appropriate entries created when file_contexts is built. I've attached a patch against the sourceforge CVS tree. It changes the Makefile for the tunable.te and to only label rw file systems. It changes the default_contexts file to allow sysadm_r console logins and to support remote logins (telnet). It adds some new attributes for better assertions and constraints and for better support of multiple mail servers. Steve, you will probably want to look closely at what I've done with constraints. It adds a few things that have gone through this list recently. It has the start of support for single_userdomain and other tunables. The crond policy is significantly changed to make it more regular in terms of system_crond_t. This requires relabeling a few files. In my tree I have renamed ipchains to iptables and netscape to mozilla. Basically this involved running sed across the policy files and renaming them. The new files are in t.tgz. There are a bunch of other smaller changes too. This is about 30% of the diff between sourceforge and my tree... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. application/x-tgz attachment: t.tgz application/x-gzip attachment: diff.gz Received on Fri 23 Jan 2004 - 21:00:49 EST This message: [ Message body ] Next message: James Morris: "[PATCH][RFC] Security mount data & sb_copy_data hook." Previous message: Stephen Smalley: "Re: [PATCH] Add users.fc to policy" In reply to: Stephen Smalley: "Re: [PATCH] Add users.fc to policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom