From: domg472@gmail.com (Dominick Grift) Date: Mon, 24 Jan 2011 16:01:42 +0100 Subject: [refpolicy] [PATCH/RFC 0/19]: patch set to update the git reference policy In-Reply-To: <1295829820.3862.59.camel@tesla.lan> References: <1295397630.3377.10.camel@tesla.lan> <4D383627.60804@tresys.com> <1295544776.4702.16.camel@tesla.lan> <4D397E26.4090904@tresys.com> <1295829820.3862.59.camel@tesla.lan> Message-ID: <4D3D9456.60608@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/24/2011 01:43 AM, Guido Trentalancia wrote: > Hello again ! > > I am resubmitting the changes that I proposed a few days ago for the > latest reference policy. There are a few additions and now the patch has > been split into a set of 19 logical patches. > > However, there might be unavoidable dependencies between a few patches. > > I have applied the patches in the following order (and I cannot > guarantee that they can still be applied in a different order, > especially because of the above mentioned dependencies, e.g. on new > interfaces): > > 1/19: refpolicy-git-18012011-update-file-contexts.patch > 2/19: refpolicy-git-18012011-update-dbus-messaging.patch > 3/19: refpolicy-git-18012011-update-readahead.patch > 4/19: refpolicy-git-18012011-update-cpufreqselector.patch > 5/19: refpolicy-git-18012011-update-mount.patch > 6/19: refpolicy-git-18012011-update-kernel-new-interfaces.patch > 7/19: refpolicy-git-18012011-update-sysadm-role.patch > 8/19: refpolicy-git-18012011-update-dbus.patch > 9/19: refpolicy-git-18012011-update-devicekit.patch > 10/19: refpolicy-git-18012011-update-networkmanager.patch > 11/19: refpolicy-git-18012011-update-setroubleshoot.patch > 12/19: refpolicy-git-18012011-update-smartmon.patch > 13/19: refpolicy-git-18012011-update-authlogin.patch > 14/19: refpolicy-git-18012011-update-logging.patch > 15/19: refpolicy-git-18012011-update-selinuxutil.patch > 16/19: refpolicy-git-18012011-update-sysnetwork-new-interface.patch > 17/19: refpolicy-git-18012011-update-sysnetwork-hal-read-pid-files.patch > 18/19: refpolicy-git-18012011-update-consolekit.patch > 19/19: refpolicy-git-18012011-update-plymouth.patch > > In general, this is a starting point, because I could not test all > available modules, but in the future I might submit other patches for > other modules. > > I have only tested the resulting policy with the following build > configuration: > > TYPE=mcs DISTRO=redhat MONOLITHIC=n UBAC=n > > however I don't expect many issues with other kinds of builds. > > As already explained, the patch set aims to update some permissions > needed on a modern generic Linux system. I have not used any specific > distribution and all packages are in general latest upstream versions. > > Thanks very much for your attention and for your time. The patch set > follows in separate messages to the Reference Policy mailing list having > the subject "[PATCH/RFC x/19]: patch set to update the git reference > policy", with the integer x varying from 1 to 19. I did a quick review of your policy and commented inline. I think most of it is probably not acceptable at this point unfortunately. It may be beneficial to get even more familiar with reference policy and the concepts/security goals it uses. You may also find my latest screencast called: introduction to policy writing, inspiring and hopefully informative: http://selinux-mac.blogspot.com/2011/01/yet-another-step-by-step-introduction.html > Regards, > > Guido Trentalancia > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk09lFYACgkQMlxVo39jgT9MvACfTXq7jOqVpWjSY9mHMIAaX0fW GDEAn10cm3cAaJgoxnT+Yyejs0BsehP9 =H55E -----END PGP SIGNATURE-----