2012-06-26 20:51:28

by mgrepl

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] bcfg2-server contrib policy

A new policy for bcfg2-server from Fedora contrib repo.
(git://git.fedorahosted.org/selinux-policy.git)

Description:
bcfg2-server This daemon serves configurations to
clients based on the data in its repository

Patch:
http://mgrepl.fedorapeople.org/SELinux/F18/contrib_bcfg2.patch


2012-06-26 21:27:53

by dominick.grift

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] bcfg2-server contrib policy

On Tue, 2012-06-26 at 22:51 +0200, Miroslav Grepl wrote:
> A new policy for bcfg2-server from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)

1. major far reaching differences between fedora's and refpolicy's
auth_use_nsswitch() implementations

2. files_read_etc_files() is redundant. already allowed in
auth_use_nsswitch()

3. files dont need a file transition from var_lib_t to bcfg2_var_lib_t;
only dirs as per file context specification:

/var/lib/bcfg2(/.*)?gen_context(system_u:object_r:bcfg2_var_lib_t,s0)

4. cfg2_systemctl() relies on systemd policy which isnt upstreamed

5. nit: "## <summary>policy for bcfg2</summary>" is not a proper summary

5 a.

+## <summary>
+## Transition to bcfg2.
+## </summary>

is not a proper summary

> Description:
> bcfg2-server This daemon serves configurations to
> clients based on the data in its repository
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_bcfg2.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

2012-07-03 12:36:17

by mgrepl

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] bcfg2-server contrib policy

On 06/26/2012 10:51 PM, Miroslav Grepl wrote:
> A new policy for bcfg2-server from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)
>
> Description:
> bcfg2-server This daemon serves configurations to
> clients based on the data in its repository
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_bcfg2.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
Updated.

2012-07-10 12:15:32

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] bcfg2-server contrib policy

On 07/03/12 08:36, Miroslav Grepl wrote:
> On 06/26/2012 10:51 PM, Miroslav Grepl wrote:
>> A new policy for bcfg2-server from Fedora contrib repo.
>> (git://git.fedorahosted.org/selinux-policy.git)
>>
>> Description:
>> bcfg2-server This daemon serves configurations to
>> clients based on the data in its repository
>>
>> Patch:
>> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_bcfg2.patch
>>
> Updated.

Merged.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com