Thanks. I made the pull request its ready.
I would like to make another request for reviewing. Its a policy module
derived from Dan's work on secmark(a blog post). I 've further divided
the packets to some more categories-it added to the complexity though.
But despite the fact the module works it doesn't make use of the
corenet_packet interface which i think is more appropriate. Is it ok if
i name it secmark even though a module named labelednet would be more
convinient and add the files to rawhide-contrib?
On 10/11/2014 01:23 PM, Daniel J Walsh wrote:
On 10/07/2014 07:21 AM, george karakou wrote:
Hi Miroslav. I searched rawhide-base and rawhide-contrib but i didn't
find the relative boolean. I found some hints on how to generate a
boolean from rawhide-base/policy/modules/kernel/selinux.te but that
was different-its a special boolean with a security type-apparently it
wasn't enough.
On 10/06/2014 12:38 PM, Miroslav Grepl wrote:
On 10/01/2014 02:58 PM, Geo Karakou wrote:
Hi list. I think it would be nice to have an selinuxuser_udp_server
boolean identical to the selinuxuser_tcp_server. Issuing an
sesearch -b
selinuxuser_tcp_server -AC would reveal little work to be done, but i
dont know how much rules would have to be written to the main selinux
policy.
Its just a thought but i would like some feedback.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Would you like to create a pull request against
https://github.com/selinux-policy/selinux-policy
?
Basically you would look for
selinuxuser_tcp_server
in rawhide-base branch and modify the code to have
selinuxuser_udp_server
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
grep selinuxuser_tcp_server . -r
./policy/modules/system/userdomain.if:
tunable_policy(`selinuxuser_tcp_server',`
./policy/modules/system/userdomain.if:
tunable_policy(`selinuxuser_tcp_server',`
./policy/modules/services/ssh.te:tunable_policy(`selinuxuser_tcp_server',`
./policy/global_tunables:gen_tunable(selinuxuser_tcp_server,false)
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux