Presently we support xperms rules in source policy and in CIL modules.
The binary policy module format however was never extended for xperms.
This limitation inhibits use of xperms in refpolicy-based policy modules
(including the selinux-testsuite policy). Update libsepol to support
linking,
On Tue, 2017-05-16 at 16:56 -0400, Paul Moore wrote:
> On Fri, May 12, 2017 at 12:44 PM, Stephen Smalley
> wrote:
> > Log the state of SELinux policy capabilities when a policy is
> > loaded.
> > For each policy capability known to the kernel, log an
> > informational
> >
On Fri, May 12, 2017 at 12:44 PM, Stephen Smalley wrote:
> Log the state of SELinux policy capabilities when a policy is loaded.
> For each policy capability known to the kernel, log an informational
> message with the policy capability name and the value set in the policy.
>
On Fri, May 12, 2017 at 12:44 PM, Stephen Smalley wrote:
> v2 drops the Resolves line since I think we are not supposed to include
> bug tracking info in upstream kernel commit messages (correct me if wrong).
For future reference, I would encourage people to provide links to
On Tue, 2017-05-16 at 18:51 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, made of colon separated name and value pairs
> that give information about how the policy is applied in the
> security module(s).
> Note that the
> Have you tested this to determine any impact it may have on the
> SELinux userspace?
Not yet.
> I would agree that EINVAL is probably more appropriate in this case,
Thanks that a part of your view seems to fit also to mine.
> but changing this return code has very little value
I would
On 5/16/2017 2:36 PM, Stephen Smalley wrote:
> On Tue, 2017-05-16 at 19:34 +, Daniel Jurgens wrote:
>> On 5/16/2017 2:30 PM, Stephen Smalley wrote:
>>> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
From: Daniel Jurgens
Update libsepol and
On Thu, Apr 20, 2017 at 11:31 AM, Stephen Smalley wrote:
> SELinux uses CAP_MAC_ADMIN to control the ability to get or set a raw,
> uninterpreted security context unknown to the currently loaded security
> policy. When performing these checks, we only want to perform a base
>
On Tue, 2017-05-16 at 19:34 +, Daniel Jurgens wrote:
> On 5/16/2017 2:30 PM, Stephen Smalley wrote:
> > On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> > > From: Daniel Jurgens
> > >
> > > Update libsepol and libsemanage to work with pkey records. Add
> > >
On 5/16/2017 2:30 PM, Stephen Smalley wrote:
> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens
>>
>> Update libsepol and libsemanage to work with pkey records. Add local
>> storage for new and modified pkey records in pkeys.local. Update
>>
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add,
On Tue, Apr 4, 2017 at 7:16 AM, SF Markus Elfring
wrote:
> From: Markus Elfring
> Date: Tue, 4 Apr 2017 12:23:41 +0200
>
> The error code "-ENOMEM" was also returned so far when the parameter "s"
> of this function contained a null
On Tue, Apr 4, 2017 at 7:14 AM, SF Markus Elfring
wrote:
> From: Markus Elfring
> Date: Tue, 4 Apr 2017 11:33:53 +0200
>
> * Return an error code without storing it in an intermediate variable.
>
> * Delete the local variable "rc" and
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add,
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add checkpolicy support for scanning and parsing ibendportcon labels.
> Also create a new ocontext for IB end ports.
>
> Signed-off-by: Daniel Jurgens
>
> ---
> v1:
>
On Tue, 2017-05-16 at 14:43 -0400, Stephen Smalley wrote:
> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> > From: Daniel Jurgens
> >
> > Add support for reading, writing, and copying Infinabinda Pkey
>
> Infiniband
>
> > ocontext
> > data. Also add support for
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add support for reading, writing, and copying Infinabinda Pkey
Infiniband
> ocontext
> data. Also add support for querying a Pkey sid to checkpolicy.
>
> Signed-off-by: Daniel Jurgens
On Tue, Apr 4, 2017 at 7:12 AM, SF Markus Elfring
wrote:
> From: Markus Elfring
> Date: Tue, 4 Apr 2017 10:20:46 +0200
>
> Replace five goto statements (and previous variable assignments) by
> direct returns after a memory allocation
On Fri, Mar 31, 2017 at 3:20 PM, Paul Moore wrote:
> On Thu, Mar 30, 2017 at 7:13 AM, Tetsuo Handa
> wrote:
>> Paul Moore wrote:
>>> > Signed-off-by: Tetsuo Handa
>>> > Acked-by: Stephen Smalley
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add checkpolicy support for scanning and parsing ibpkeycon labels.
> Also
> create a new ocontext for Infiniband Pkeys and define a new policydb
> version for infiniband support.
>
>
On 5/16/2017 11:48 AM, Jason Zaman wrote:
> On Mon, May 15, 2017 at 11:42:40PM +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens
>>
>> Update libsepol and libsemanage to work with ibendport records. Add local
>> storage for new and modified ibendport records in
> Add security_policy_brief hook to give access to policy brief to
> the rest of the kernel. Lustre client makes use of this information
> to detect changes to the policy, and forward it to Lustre servers.
> Depending on how the policy is enforced on Lustre client side,
> Lustre servers can refuse
Add policybrief field to struct policydb. It holds a brief info
of the policydb, made of colon separated name and value pairs
that give information about how the policy is applied in the
security module(s).
Note that the ordering of the fields in the string may change.
Policy brief is computed
Expose policy brief via selinuxfs.
Signed-off-by: Sebastien Buisson
---
security/selinux/selinuxfs.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e8fe914..2561f96 100644
---
24 matches
Mail list logo