SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: More SELinux fixes. This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: James Carter <jwcart2_at_epoch.ncsc.mil> Date: Wed, 13 Oct 2004 14:36:42 -0400 Merged with changes. I added the space back before the udp in the inet_child_domain macros. I did not remove the ifdef(`ypbind.te', ' ... ') from ypbind_macros.te, since the allow_ypbind bool is declared in ypbind.te. I think I got all of Russell's suggested changes made, except for the udev patch. On Sat, 2004-10-09 at 21:26, Daniel J Walsh wrote: > Includes Collin's new cups patch. > > I turned on every service in an everything install and came up with many > fixes for all the AVC messages. > > Added arpwatch policy. > > Changed allow_ypbind to a boolean, so policy can be turned on/off by > sysadmin. > > Working with ipsec team to get program cleaned up so we can write better > policy. > > Temporarily added a rule to allow apache to talk to tmp_t:sock_file in > targeted policy. This allows > it to work with postgresql. Not sure of a good way to fix this. One we > could add postgresql policy to targeted > but I am afraid this is a slipperly slope, Colin suggested that we add > a new policy postgresql_unconfined.te for > targeted that basically runs postgres unconfined but creates /tmp files > with an appropriate security context. > What do you guys think? Lastly we could tell any users who want to use > apache with postgres to turn off the > transition of apache to context. > > Dan -- James Carter <jwcart2@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 13 Oct 2004 - 14:38:10 EDT This message: [ Message body ] Next message: James Carter: "Re: udev policy" Previous message: David A. Cafaro: "Re: vsftpd and chrooted home directories" In reply to: Daniel J Walsh: "Re: More SELinux fixes." Next in thread: Russell Coker: "Re: More SELinux fixes." Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom