LinuxLists.cc - [refpolicy] services

2009-03-05 17:03:39

Subject: [refpolicy] services_smartmon.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_smartmon.patch

smartmon needs to be ranged.

Has the ability to create files with the correct context

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmwBesACgkQrlYvE4MpobMjIgCg34LZ3DCIcC8lq6US09Gso0Hv
9q4AoKMO83o7+sf3IA+nNuWmzVRJdi1U
=BqUc
-----END PGP SIGNATURE-----

2009-03-23 15:24:18

by cpebenito

[permalink] [raw]

Subject: [refpolicy] services_smartmon.patch

On Thu, 2009-03-05 at 13:03 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_smartmon.patch
>
> smartmon needs to be ranged.
>
> Has the ability to create files with the correct context

Why is this managing fixed disks? I thought it was only monitoring
disks.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-03-23 19:00:11

by cpebenito

[permalink] [raw]

Subject: [refpolicy] services_smartmon.patch

On Mon, 2009-03-23 at 14:14 -0400, Daniel J Walsh wrote:
> On 03/23/2009 11:24 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-03-05 at 13:03 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_smartmon.patch
> >>
> >> smartmon needs to be ranged.
> >>
> >> Has the ability to create files with the correct context
> >
> > Why is this managing fixed disks? I thought it was only monitoring
> > disks.
> >
> Search for this line in the os_linux.cpp file
>
> /* This function will setup and fix device nodes for a 3ware controller. */

I prefer this to be conditional, so the majority of people without 3ware
controllers can be safe from additional raw disk access.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-03-23 18:14:24

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] services_smartmon.patch

On 03/23/2009 11:24 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-03-05 at 13:03 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_smartmon.patch
>>
>> smartmon needs to be ranged.
>>
>> Has the ability to create files with the correct context
>
> Why is this managing fixed disks? I thought it was only monitoring
> disks.
>
Search for this line in the os_linux.cpp file

/* This function will setup and fix device nodes for a 3ware controller. */

We have had to add SELinux inteligence to make sure the device nodes are
labelled correctly.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: os_linux.cpp
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20090323/ce909b78/attachment-0001.pl