On Sunday, 23 October 2016 5:29:25 PM AEDT Chris PeBenito wrote:
> A new release of the SELinux Reference Policy is now available on the
> GitHub site, https://github.com/TresysTechnology/refpolicy.
https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
The archive at the above page h
Thank you for your reply.
On Tue, Nov 1, 2016 at 3:45 PM, Stephen Smalley wrote:
>
> If you can't get rid of root services entirely, then SELinux can extend
> this protection to even root processes. You'd probably want a custom
> policy from scratch for that kind of scenario; see the Android pol
Actually this is the kind of error that clang reports that I find kind
of useless, so I disabled this warning with some other ones in my build
configuration. The full list of warnings I disabled is at the beginning
of https://github.com/fishilico/selinux/blob/master/Makefile.
Also, the last time I
On 11/01/2016 05:23 PM, william.c.robe...@intel.com wrote:
> From: William Roberts
>
> When building with clang, multiple noreturn issues arise,
> for instance:
>
> selabel_partial_match.c:11:1: error: function 'usage' could be declared with
> attribute 'noreturn' [-Werror,-Wmissing-noreturn]
>
On Tue, Nov 1, 2016 at 2:23 PM, William Roberts
wrote:
> We're gonna cross, I just sent this out as well, as well as noreturn
> fixes for utils.
>
Never-mind, a gitfoo mistake ended up in my favor of ditching my version of this
and rebasing on top of yours. You only need the noreturn patch, which
We're gonna cross, I just sent this out as well, as well as noreturn
fixes for utils.
On Tue, Nov 1, 2016 at 2:01 PM, Stephen Smalley wrote:
> Resolves the following errors from clang:
> avc_internal.c:105:25: error: cast from 'char *' to 'struct nlmsghdr *'
> increases required alignment from 1
From: William Roberts
When building with clang, multiple noreturn issues arise,
for instance:
selabel_partial_match.c:11:1: error: function 'usage' could be declared with
attribute 'noreturn' [-Werror,-Wmissing-noreturn]
Fix these.
Signed-off-by: William Roberts
---
libselinux/utils/avcstat
Hi,
I get the following backtrace in sandbox because there are no types
marked with the "sandbox_type" attribute in my test policy:
Traceback (most recent call last):
File "/usr/bin/sandbox", line 529, in
rc = sandbox.main()
File "/usr/bin/sandbox", line 513, in main
self.__parse_
Resolves the following errors from clang:
avc_internal.c:105:25: error: cast from 'char *' to 'struct nlmsghdr *'
increases required alignment from 1 to 4 [-Werror,-Wcast-align]
struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
^~
avc_interna
On Tue, Nov 1, 2016 at 1:59 PM, Stephen Smalley wrote:
> On 11/01/2016 04:54 PM, William Roberts wrote:
>> On Tue, Nov 1, 2016 at 1:55 PM, Stephen Smalley wrote:
>>> On 11/01/2016 04:32 PM, William Roberts wrote:
On Tue, Nov 1, 2016 at 1:32 PM, Stephen Smalley wrote:
> On 11/01/2016 04:
On 11/01/2016 04:54 PM, William Roberts wrote:
> On Tue, Nov 1, 2016 at 1:55 PM, Stephen Smalley wrote:
>> On 11/01/2016 04:32 PM, William Roberts wrote:
>>> On Tue, Nov 1, 2016 at 1:32 PM, Stephen Smalley wrote:
On 11/01/2016 04:23 PM, william.c.robe...@intel.com wrote:
> From: William
On Tue, Nov 1, 2016 at 1:55 PM, Stephen Smalley wrote:
> On 11/01/2016 04:32 PM, William Roberts wrote:
>> On Tue, Nov 1, 2016 at 1:32 PM, Stephen Smalley wrote:
>>> On 11/01/2016 04:23 PM, william.c.robe...@intel.com wrote:
From: William Roberts
As reported by Nicolas Iooss, the
On 11/01/2016 04:32 PM, William Roberts wrote:
> On Tue, Nov 1, 2016 at 1:32 PM, Stephen Smalley wrote:
>> On 11/01/2016 04:23 PM, william.c.robe...@intel.com wrote:
>>> From: William Roberts
>>>
>>> As reported by Nicolas Iooss, the clang + linux build seems
>>> broken:
>>>
>>> clang-3.9: warni
On Tue, Nov 1, 2016 at 1:32 PM, Stephen Smalley wrote:
> On 11/01/2016 04:23 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts
>>
>> As reported by Nicolas Iooss, the clang + linux build seems
>> broken:
>>
>> clang-3.9: warning: argument unused during compilation: '-undefined
>> d
Nicolas,
Let us know if this works for you, I am unable to test it at the
moment on Linux.
I did test this on Mac, its OK.
On Tue, Nov 1, 2016 at 1:23 PM, wrote:
> From: William Roberts
>
> As reported by Nicolas Iooss, the clang + linux build seems
> broken:
>
> clang-3.9: warning: argument
On 11/01/2016 04:23 PM, william.c.robe...@intel.com wrote:
> From: William Roberts
>
> As reported by Nicolas Iooss, the clang + linux build seems
> broken:
>
> clang-3.9: warning: argument unused during compilation: '-undefined
> dynamic_lookup'
> /usr/bin/ld: unrecognised option: -install_n
From: William Roberts
As reported by Nicolas Iooss, the clang + linux build seems
broken:
clang-3.9: warning: argument unused during compilation: '-undefined
dynamic_lookup'
/usr/bin/ld: unrecognised option: -install_name
clang-3.9: error: linker command failed with exit code 1 (use -v to
s
On the current tip of master, with clang 3.8.0 on my Ubuntu box I get:
avc_internal.c:105:25: error: cast from 'char *' to 'struct nlmsghdr
*' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
^
On Tue, Nov 1, 2016 at 11:06 AM, Nicolas Iooss wrote:
> Hello,
>
> After this commit, libselinux fails to build with clang on Linux:
>
> clang-3.9: warning: argument unused during compilation: '-undefined
> dynamic_lookup'
> /usr/bin/ld: unrecognised option: -install_name
> clang-3.9: error:
On 11/01/2016 11:57 AM, Patrick Doyle wrote:
> Background:
> I have an embedded processor running a custom application on top of
> Linux. I control the kernel, the rootfs, and the application. I
> would like to deploy this application such that, if somebody were to
> gain access to my device, eve
On 10/31/2016 02:05 PM, Stephen Smalley wrote:
> On 10/21/2016 01:47 PM, Stephen Smalley wrote:
>> Hi,
>>
>> policycoreutils started life as a small set of utilities that were
>> necessary or at least widely used in production on a SELinux system.
>> Over time though it has grown to include many
On 11/01/2016 12:50 PM, Nicolas Iooss wrote:
> Hello,
>
> After I installed policycoreutils 2.6 on my system, I tried using
> "semanage boolean" with Python 3 instead of Python 2. Here is what I got:
>
> $ semanage boolean --list |grep ssp
> global_ssp (off , off) Allow
Hello,
After this commit, libselinux fails to build with clang on Linux:
clang-3.9: warning: argument unused during compilation: '-undefined
dynamic_lookup'
/usr/bin/ld: unrecognised option: -install_name
clang-3.9: error: linker command failed with exit code 1 (use -v to
see invocation)
I
Hello,
After I installed policycoreutils 2.6 on my system, I tried using
"semanage boolean" with Python 3 instead of Python 2. Here is what I got:
$ semanage boolean --list |grep ssp
global_ssp (off , off) Allow global to ssp
$ semanage boolean --modify --on global_s
Background:
I have an embedded processor running a custom application on top of
Linux. I control the kernel, the rootfs, and the application. I
would like to deploy this application such that, if somebody were to
gain access to my device, even root access, (s)he would not be able to
read or copy
On 11/01/2016 09:11 AM, Jason Zaman wrote:
> On Tue, Nov 01, 2016 at 08:33:09AM -0400, Daniel J Walsh wrote:
>>
>> On 11/01/2016 08:31 AM, Stephen Smalley wrote:
>>> On 11/01/2016 07:50 AM, Daniel J Walsh wrote:
I wrote a blog http://danwalsh.livejournal.com/75282.html which talks
about
On Tue, Nov 01, 2016 at 08:33:09AM -0400, Daniel J Walsh wrote:
>
>
> On 11/01/2016 08:31 AM, Stephen Smalley wrote:
> > On 11/01/2016 07:50 AM, Daniel J Walsh wrote:
> >> I wrote a blog http://danwalsh.livejournal.com/75282.html which talks
> >> about chrome sandbox and its attempt to change its
On 11/01/2016 08:31 AM, Stephen Smalley wrote:
> On 11/01/2016 07:50 AM, Daniel J Walsh wrote:
>> I wrote a blog http://danwalsh.livejournal.com/75282.html which talks
>> about chrome sandbox and its attempt to change its parents oom_score_adj
>> value. Which is labeled unconfined_t, the questio
On 11/01/2016 07:50 AM, Daniel J Walsh wrote:
> I wrote a blog http://danwalsh.livejournal.com/75282.html which talks
> about chrome sandbox and its attempt to change its parents oom_score_adj
> value. Which is labeled unconfined_t, the question has come up on
> Twitter to be able to change the la
On 11/01/2016 12:50 PM, Daniel J Walsh wrote:
> I wrote a blog http://danwalsh.livejournal.com/75282.html which talks
> about chrome sandbox and its attempt to change its parents oom_score_adj
> value. Which is labeled unconfined_t, the question has come up on
> Twitter to be able to change the la
I wrote a blog http://danwalsh.livejournal.com/75282.html which talks
about chrome sandbox and its attempt to change its parents oom_score_adj
value. Which is labeled unconfined_t, the question has come up on
Twitter to be able to change the label on just this object.
I think we discussed this be
31 matches
Mail list logo