Re: unconfined domain equals permissive?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Can someone call me at 630-519-3323. I'm having a issue with syslog-ng permissions too. There doesn't seem to be a policy for me to enable in selinux. So I need help creating one. I found some documentation online that suggests there should be. 

On Sep 11, 2009, at 7:21 AM, Daniel J Walsh wrote:

On 09/11/2009 12:42 AM, KaiGai Kohei wrote:
Dan,

I could find the following policy at the recent rawhide policy.
(such as selinux-policy-3.6.31-2.fc12.src.rpm).

--------------------
interface(`unconfined_domain',`
       gen_require(`
               attribute unconfined_services;
       ')

       #               unconfined_domain_noaudit($1)
       permissive $1;

       tunable_policy(`allow_execheap',`
               auditallow $1 self:process execheap;
       ')
')
--------------------

Is it a workaround fix? Or, do you have a plan to change the definition
of unconfined domains at the F-12/rawhide?

The permissive domains are also allowed to bypass MLS/MCS rules, not only
TE rules, so it seems to me its impact is a bit unignorable, if it is not
a workaround.

Thanks,
No this is temporary to help me find bugs in policy.  I am encouraging people to remove the unconfined.pp policy package which takes away the unconfined_domain.  So I am just gathering avc's until we release Beta1.  I will probably change it back in about a week.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


Jon Mineiko
Row44 Inc.
desk 630-519-3323
cell 708-321-0211

------BEGIN PGP PUBLIC KEY BLOCK-----
Version: 9.9.1.287

mQENBEpLh1kBCADYsBo2yI2wpyuX/cXObnjMIv8OL1ea21ObpOHe9x2/LL1EYp7K
+mlFhV4HntZ5bBpu7zX/fk4eF5ZCYubmrJwHn7M61hqLeo7SYnqlNQfqiQcw3+Xp
fLKVfxQxxMMoSE3Wv4NRw267F1c4wcO1M7NgraFgem4OJWZDjwA3r4FkR4n6u9ia
VxgVjugNniavUPI7TV4m+48K3kiqax8VZfaOxL31HMB6vaFjNYfI6xwM3mvkT/MT
G3btkE6PfUvVW1tW32REHk4JT5GnM4Tf2YEmnVTWVvwXbtORIb84+ozqw3MWwb0g
0mUwOSHWtK7Ao3OlpMMnam+Q15s+NAK205nDABEBAAG0HUpPTiBNSU5FSUtPIDxq
bUBkYXRhdGVsZS5jb20+iQGHBBABAgBxBQJKS43OMBSAAAAAACAAB3ByZWZlcnJl
ZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQcLCQgHAwIKAhkBGRhsZGFw
Oi8va2V5c2VydmVyLnBncC5jb20FGwMAAAADFgIBBR4BAAAABBUICQoACgkQ/AVQ
TqDllmu+fwgAsN2QYlyKkhtPlHuhvTA7+Zso5oWms0/ipij0wfj0oLrrifz2Ku6u
vauSat8H8BX1mVDRA7uT2cI/7umaQ8QGJWouTWokwAOgDGNdyLRpDI6ssI0i8MU9
Hv2+zKABtR7cdVsmgS3juTuyvAqxPrJ38AZEOxwY00dwwzPFlXFG8ybQ8rVzP1bD
jnk+ol6Di53v6vpJ44iJqt83LW0dYrhwQWtgbt/p+vT6XdK9S6z2HJy+Wuvdh88f
tBtxJ5p19gzSFZ71h4bOybbe4dXqZI+0U2RoMO2zYjV1zDugvpLQXCxqvYUSYwkR
m4JLG2YPnBTC7DYDR8Z8q4z55n/k2W8gCrQeSk9OIE1JTkVJS08gPGptNzAwMEBn
bWFpbC5jb20+iQGEBBABAgBuBQJKS43OMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFp
bC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQcLCQgHAwIKGRhsZGFwOi8va2V5c2Vy
dmVyLnBncC5jb20FGwMAAAADFgIBBR4BAAAABBUICQoACgkQ/AVQTqDllmsfZwgA
jpbpL5oI6TP7KC/ZmhwjWX+l6mtFVsD35l6tR/0K/Dpo1Xc2wbsPzuwkl0/3EdB8
m40L5nOt4qSWXE4nCT+18jhmvaV8fDSm6k13/iz3M7gnLySzEyF9VMpxhpIxiHzJ
gUhoOdj+RMsQQr3xxaobRN2PU9HeLJH+osFbQC3WrX0f+ha8speebe1zpNgoAzTZ
rmOpHmOlBXeaNq0WrTr1F0UOIx45tvoYe1TYXvZMgw2hTimiaVoeY4dvqma0dxFS
7NJNl0F+q8b0cIKtdSyFwzh2I0fJFatyNqZSjeUKaq9uz2WCIpYn0jTseFVsF3E8
1Rp9GTb0kddKJyvY8XSHELQaSk9OIE1JTkVJS08gPGptQHJvdzQ0LmNvbT6JAYQE
EAECAG4FAkpLjc4wFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBn
cC5jb21wZ3BtaW1lBwsJCAcDAgoZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUb
AwAAAAMWAgEFHgEAAAAEFQgJCgAKCRD8BVBOoOWWa0yyCACmfj2KcTB+YMEoiNhT
Xp4iXBVtxzppxmpercI3NFfx4rS+33Iy/4BPEYcdQqrr1xgVCXzv/BRmwwb41PPZ
6+tstMrS8APnqsW0RIxH3gYvXMu2k9oF9aNqc04vA7wJ4hnGtONyGDl2H3vGEm+Q
qhPY6cCaPk2085hQq6pNou9XWDfun0tYhh0BhFxLpbgLAWm9EdSH0WxjfevAKIDs
dixZutxscEnABmOoNkxBgOmCcewOKTvGhFdj+bVV/VelUSfyZryKiP44hzTntRKI
jEmHA6aCDMPxicoQZFsz+KqgjYWslSwOdtd0uPe4g8gfkVoFGA17NWuWVONIVrFK
H5ystCBKT04gTUlORUlLTyA8am1pbmVpa29Acm93NDQuY29tPokBhAQQAQIAbgUC
SkuNzjAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdwLmNvbXBn
cG1pbWUHCwkIBwMCChkYbGRhcDovL2tleXNlcnZlci5wZ3AuY29tBRsDAAAAAxYC
AQUeAQAAAAQVCAkKAAoJEPwFUE6g5ZZrmpEIAItF2XKLitkRdySD+l4qMPiTiGLe
jLovMZV5zLi5zTYAdzlyE9s3fVNEH6/sDbj5NQM6AI3YU4t0+7p90I4TWUDFJfRb
W/Rak/vaYWsSJCbeqSn1Q5hht0ffIXmzvmS1VXraTQ2Z3mSol8j/e51DkUtcVdae
CxRpT0it5pOCkz6i4y96NM8ubD7wambmBCjr3lsX5vsev8LMDfgfBJFVs8KIUEyU
SuPbKb4YT3ZV2uhbVCyLr1UJsvRTGa5fFJ6RZW2MzFmnAme+wyVPwFrqZu41OR7t
QdmigZ3im24J61Ut35ak7FEhSN/1nCbHJisB7gb5oPr/sXXmMcha57wWN065AQ0E
SkuHWgEIAMrJn6/XdkOgQBq2Sxmmn56YTOvf6iXGK4DJEqL5SIPGi9Q/JnWkyxgp
I2YwDaZkuvMctM1MpzMy9XnEEfIIMgbdCsA0OF7lzMgpU6DKVcZeaDnjiEve84Be
GNysMxBsGfkmPF+QJKHjUkCsJtl2sawoLWFd4rTOYtdYtzDd1WXKSJNAdeWrlL1e
z1GY7xAqCfHJpW85dqJfC+1gg6BDYOGwyYGo0EimPcBhBI2MRq0bDhmDlp4TqW2p
2BcgbogM+CsUR4vstirdkZdgFaOm04rI+BHERnEEzKyARlFixbQtUabwxFhO7zYx
WqLwlydiAvanq1E4ekrBEIIUW0RYEtMAEQEAAYkCQQQYAQIBKwUCSkuHWwUbDAAA
AMBdIAQZAQgABgUCSkuHWgAKCRCbWL+CsfdQBrQJB/40dKjEWAuoGap5UlHMmA2B
HG8k+yC8qmmO9MGD/mCBegBJOkILyjA+7JijwenKPAHEL6nDa5OEk+/jDxAWdku3
yuRdz4MOnb8tS0qorBLju4tddr4KcP1GlLjZdBlaK78si5QQRrx8/9fsF3LhRRK1
XrJ6aALld0SQxVKXUWrz3/xxVAPk0YyvV/U+Mh7Zwjf3R9mLp9XtFMmuokvWKNAD
VAaS5BRFtqRcQjN7tcrVwafRsqpQiP+pp1m8hKg4OoYQHKDKNUzSlVCpoh9Gy7Nx
9jXpwHl1P/niKGt5KChat5q0t8quQbnKJwj/XAi08PxafnZTN8hn+Rbd2Wc/R4E9
AAoJEPwFUE6g5ZZrueIH/R+U/XVhxaa0bQ+SMd8xrw78ejquzyak2dHfHqgSEv1T
5ormbkLVNNzlYhhhn7JwL7eEU5wKdBW2AFmm6sF5TvkydnFDRHWz8NTSXeY59ua1
7xlulHIAAwJN78Bt1z1l+SXX4x6Z6X6CbFC00/LXoHqSCUixyak6L6jkmb2P5hvl
z8pupWmnOarliIBN1FId06JSMs8TiqaGRIlDs4EAuW4zIRZke0zJBGP/P1OIEJcT
77s0QPqDVpvEK+yX7NUr/kAc3TUNj88Oov5s/eP5EPmiINctin8ISn43i8x/mPRl
GDDXUTsabwhPNYCNk3PsPvfs79Akl0Bs9yCslDayj5E=
=PDPT
-----END PGP PUBLIC KEY BLOCK-----
 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux