SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: More SELinux fixes. This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: James Carter <jwcart2_at_epoch.ncsc.mil> Date: Fri, 08 Oct 2004 14:06:10 -0400 Merged, with the exception of the sendmail part. The sendmail.te part is a revision of Russell's patch from Oct 1st, is this intentional? Should these rules be added back? On Thu, 2004-10-07 at 17:48, Daniel J Walsh wrote: > Major fixup/cleanup of rpcd for nfs. > > Fixes for ypbind. > > Please eliminate space before "udp" in inetd_child calls. This will not > work correctly with the space. > > Added reserved_port_type attribute for all ports less than 1024. NIS is > causing problems generating avc messages > on these ports for random name_bind. Want to be able to tell system to > don't audit these. Might want to add a boolean > to specifiy whether using NIS or not. > > misc fixes. > > Dan > > ______________________________________________________________________ > diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/sendmail.te policy-1.17.29/domains/program/unused/sendmail.te > --- nsapolicy/domains/program/unused/sendmail.te 2004-10-07 08:02:01.000000000 -0400 > +++ policy-1.17.29/domains/program/unused/sendmail.te 2004-10-07 17:24:28.489441081 -0400 > @@ -99,3 +99,5 @@ > allow system_mail_t sysctl_kernel_t:file read; > dontaudit system_mail_t system_crond_tmp_t:file { append }; > dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl }; > +allow sendmail_t initrc_var_run_t:file { getattr read }; > +dontaudit sendmail_t initrc_var_run_t:file { lock write }; -- James Carter <jwcart2@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 8 Oct 2004 - 14:07:25 EDT This message: [ Message body ] Next message: Luke Kenneth Casson Leighton: "Re: fuse + setfilecon - need some userspace / libselinux1 assistance" Previous message: Stephen Smalley: "Re: fuse + setfilecon - need some userspace / libselinux1 assistance" In reply to: Daniel J Walsh: "More SELinux fixes." Next in thread: Daniel J Walsh: "Re: More SELinux fixes." Reply: Daniel J Walsh: "Re: More SELinux fixes." Reply: Russell Coker: "Re: More SELinux fixes." Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom