On 07/19/2018 07:47 PM, Dominick Grift wrote:
> On Thu, Jul 19, 2018 at 07:42:53PM +0200, Lukas Vrabec via refpolicy wrote:
>> On 07/19/2018 06:51 PM, Dominick Grift via refpolicy wrote:
>>> On Thu, Jul 19, 2018 at 06:40:25PM +0200, Dominick Grift wrote:
>>>> On T
On 07/19/2018 06:51 PM, Dominick Grift via refpolicy wrote:
> On Thu, Jul 19, 2018 at 06:40:25PM +0200, Dominick Grift wrote:
>> On Thu, Jul 19, 2018 at 06:17:46PM +0200, Lukas Vrabec via refpolicy wrote:
>>> Hi All,
>>>
>>> I found one thing in refpolicy
uot; there should be
this line:
allow $1 $2:file { getattr open read execute map };
instead of:
allow $1 $2:file { getattr open read execute };
Am I right or missing something?
Thanks for help!
Lukas.
--
Lukas Vrabec
Software Engineer, Security Te
>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class llc_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class can_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class tipc_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class
>>>>> bluetooth_socket not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class iucv_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class
>>>>> rxrpc_socket not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class isdn_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class
>>>>> phonet_socket not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class
>>>>> ieee802154_socket not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class caif_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class alg_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class nfc_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class
>>>>> vsock_socket not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class kcm_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class
>>>>> qipcrtr_socket not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Class smc_socket
>>>>> not defined in policy.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: the above unknown
>>>>> classes and permissions will be allowed
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Completing
>>>>> initialization.
>>>>> Aug 15 20:43:44 localhost.localdomain kernel: SELinux: Setting up
>>>>> existing superblocks.
>>>>
>>
>>
>
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
signature.asc
Description: OpenPGP digital signature
ame
>>
>> diff --git a/python/sepolicy/sepolicy/templates/executable.py
>> b/python/sepolicy/sepolicy/templates/executable.py
>> index f2679938..e1b17486 100644
>> --- a/python/sepolicy/sepolicy/templates/executable.py
>> +++ b/python/sepolicy/sepolicy/templ
On 04/09/2018 02:56 PM, Gary Tierney wrote:
> On Mon, Apr 09, 2018 at 01:41:12PM +0200, Lukas Vrabec wrote:
>
> ... snip ...
>
> Those wiki pages on SELinuxProject/cil are now pretty out of date
> (you'll notice that some other statements mentioned there like
> `templa
On 04/09/2018 10:41 AM, Dominick Grift wrote:
> On Mon, Apr 09, 2018 at 09:55:23AM +0200, Dominick Grift wrote:
>> On Sun, Apr 08, 2018 at 11:00:53PM +0200, Lukas Vrabec wrote:
>>> Hi All,
>>>
>>> I'm reading "SELINUX COMMON INTERMEDIATE LANGUAGE MO
Which could be very cool feature, but I don't see any code in secilc
related to "blockinheritfilter". Are there any plans to implement also
this in CIL namespaces or is there any other way how to handle this
(DELETE statement is also not implemented) ?
Thanks for any help.
Lukas.
[1
Arguments generate and gui was mixed together and information didn't make
sense. This fix split gui and generate sections.
Signed-off-by: Lukas Vrabec
---
python/sepolicy/sepolicy.8 | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/python/sepolicy/sepolicy.8 b/p
before jumping to conclusions.
I had a discussion with apache maintainer in Fedora and he confirmed
that this boolean is no longer needed in Fedora 27 or higher. Adding him
to CC.
I see that in refpolicy, default value of httpd_graceful_shutdown is
off, so we need to fix it only in Fedora
apachectl graceful-stop works without
requiring this boolean anymore. So maybe it can be disabled by default
and removed at some point in Fedora policy?
Same here, I cannot reproduce it or evoke any AVC using apachectl
command. I'm using httpd-2.4.27-12.fc28.x86_64. I'll contact apa
; to selinux-requ...@tycho.nsa.gov.
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
--
(slim_devices_port_t) for TCP and UDP 3483.
I haven't been able to find an example of how to do this, except for
stunnel.te, and the comments in that file don't lead me to believe that
it is the right way to do things.
Any pointers to examples or documentation would be appreciated.
Thanks!
--
Lu
Fixed secon help, merged descriptions for --current-* and --self-*
params.
Signed-off-by: Lukas Vrabec
---
policycoreutils/secon/secon.1 | 9
policycoreutils/secon/secon.c | 53 +--
2 files changed, 35 insertions(+), 27 deletions(-)
diff --git
Signed-off-by: Lukas Vrabec
---
policycoreutils/newrole/newrole.1 | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/policycoreutils/newrole/newrole.1
b/policycoreutils/newrole/newrole.1
index c47bc52..3bd57e7 100644
--- a/policycoreutils/newrole/newrole.1
+++ b
15 matches
Mail list logo