SELinux - Date Index

• Thread Index

• Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
  • From: "leon@xxxxxxx" <leon@xxxxxxx>
• Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
  • From: Leon Romanovsky <leon@xxxxxxx>
• Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
  • From: Thomas Hurd <toml.hurd@xxxxxxxxx>
• Re: [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security
  • From: Leon Romanovsky <leon@xxxxxxx>
• Re: [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/2 v2] Warn if module name different than output filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paolo Abeni <pabeni@xxxxxxxxxx>
• Re: [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security
  • From: Leon Romanovsky <leon@xxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC][PATCH] selinux: apply execstack check on thread stacks
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [RFC][PATCH] selinux-testsuite: Add test for execstack on thread stack
  • From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
• [RFC][PATCH] selinux: apply execstack check on thread stacks
  • From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
  • From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
• Re: [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [RFC][PATCH] selinux-testsuite: Add tests for non-init userns capability checks
  • From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
• [RFC][PATCH] selinux-testsuite: Add tests for non-init userns capability checks
  • From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
• [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
  • From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
• Re: [PATCH] selinux: Add support for portcon dccp protocol
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paolo Abeni <pabeni@xxxxxxxxxx>
• Re: [PATCH v3] selinux: restrict kernel module loading
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: [PATCH v3] selinux: restrict kernel module loading
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] selinux: Add support for portcon dccp protocol
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH v3] selinux: restrict kernel module loading
  • From: Dennis Sherrell <sherrellconsulting@xxxxxxxxx>
• [PATCH] cil_mem.c: #define _GNU_SOURCE
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: [PATCH] cil_mem.c: #define _GNU_SOURCE
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: [PATCH v3] selinux: restrict kernel module loading
  • From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
• Re: [PATCH v3] selinux: restrict kernel module loading
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Fwd: Kernel merge to v4.6-rc2
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH v3] selinux: restrict kernel module loading
  • From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
• Re: [PATCH v2] selinux: restrict kernel module loading
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [RFC PATCH 1/7] security: Add LSM hooks for Infiniband security
  • From: Or Gerlitz <gerlitz.or@xxxxxxxxx>
• Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [RFC PATCH 1/7] security: Add LSM hooks for Infiniband security
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [RFC PATCH 1/7] security: Add LSM hooks for Infiniband security
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH] selinux: restrict kernel module loading
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: restrict kernel module loading
  • From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: [PATCH] selinux: restrict kernel module loading
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: Project Status?
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Project Status?
  • From: John Gomez <john.gomez@xxxxxxxxxx>
• Project Status?
  • From: John Gomez <john.gomez@xxxxxxxxxx>
• [PATCH] selinux: restrict kernel module loading
  • From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
• Re: [PATCH] selinux: restrict kernel module loading
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH v2] selinux: restrict kernel module loading
  • From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
• [PATCH] selinux: consolidate the ptrace parent lookup code
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: On Fedora 24 I am seeing something strange with CIL
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Fedora 23 error when using policy generator
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• On Fedora 24 I am seeing something strange with CIL
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH] selinux: simply inode label states to INVALID and INITIALIZED
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• [PATCH] selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng()
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: [PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng()
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: CIL: invalid protocol (dccp portcon)
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: CIL: invalid protocol (dccp portcon)
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: CIL: invalid protocol (dccp portcon)
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: CIL: invalid protocol (dccp portcon)
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• CIL: invalid protocol (dccp portcon)
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: what is /sys/fs/selinux/policy_capabilities/redhat1
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Fedora 23 error when using policy generator
  • From: Amir Eaman <amir.imen@xxxxxxxxx>
• Fedora 23 error when using policy generator
  • From: Amir Eaman <amir.imen@xxxxxxxxx>
• Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 3/3] checkpolicy: Warn if module name different than filenames
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 3/3] checkpolicy: Warn if module name different than filenames
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Just sent a small patch to github to fix the selinuxfs man pages.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] policycoreutils/sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 3/3] checkpolicy: Warn if module name different than filenames
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/3] libsepol: Add function to check if module name matches filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/3] Add warnings if module name different from filename
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Just sent a small patch to github to fix the selinuxfs man pages.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: what is /sys/fs/selinux/policy_capabilities/redhat1
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: what is /sys/fs/selinux/policy_capabilities/redhat1
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [ANNOUNCE] Linux Security Summit 2016 - CFP
  • From: James Morris <jmorris@xxxxxxxxx>
• what is /sys/fs/selinux/policy_capabilities/redhat1
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: selinux_set_callback() problem
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: does it make sense that dac_override get's checked before dac_read_search?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• strange pam_selinux behavior
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: does it make sense that dac_override get's checked before dac_read_search?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: does it make sense that dac_override get's checked before dac_read_search?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• does it make sense that dac_override get's checked before dac_read_search?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
  • From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
• Re: [PATCH] fs: remove excess check for in_userns
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: selinux-query
  • From: Dennis Sherrell <sherrellconsulting@xxxxxxxxx>
• Re: selinux-query
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: selinux-query
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: selinux-query
  • From: Naina Emmanuel <nemmanuel1992@xxxxxxxxx>
• selinux-query
  • From: Naina Emmanuel <nemmanuel1992@xxxxxxxxx>
• [PATCH] selinux: fix memory leak on node_ptr on error return path
  • From: Colin King <colin.king@xxxxxxxxxxxxx>
• [PATCH] policycoreutils/sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files.
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: [PATCH] libsepol/cil: fix bug when resetting class permission values
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] libsepol/cil: fix bug when resetting class permission values
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: Problem building CIL module with new class
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: Problem building CIL module with new class
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: Problem building CIL module with new class
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Problem building CIL module with new class
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH] fs: remove excess check for in_userns
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• Re: [PATCH] fs: remove excess check for in_userns
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• Re: [PATCH] fs: remove excess check for in_userns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH] fs: fix a posible leak of allocated superblock
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH] fs: fix a posible leak of allocated superblock
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• [PATCH] fs: remove excess check for in_userns
  • From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• We have a pretty big bug between SELinux and the User Namespace
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 18/18] fuse: Allow user namespace mounts
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: [PATCH RESEND v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces
  • From: Miklos Szeredi <miklos@xxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: initial_sid context via libsepol
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
• Re: initial_sid context via libsepol
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• initial_sid context via libsepol
  • From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
• Re: [GIT PULL] SELinux patches for 4.6
  • From: James Morris <jmorris@xxxxxxxxx>
• [GIT PULL] SELinux patches for 4.6
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Slight changes to the SELinux and audit kernel repository process
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Linux sandbox and the -i option
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: Linux sandbox and the -i option
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: handling locally-modified policy and upgrades with ostree
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Linux sandbox and the -i option
  • From: Bill <wch1m1@xxxxxxxxx>
• Re: should setfscreatecon be able to override auto type transition rules?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• handling locally-modified policy and upgrades with ostree
  • From: Colin Walters <walters@xxxxxxxxxx>
• Re: should setfscreatecon be able to override auto type transition rules?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: should setfscreatecon be able to override auto type transition rules?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: should setfscreatecon be able to override auto type transition rules?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• should setfscreatecon be able to override auto type transition rules?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] libselinux: only mount /proc if necessary
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Eric Paris <eparis@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Strange AVC with latest rawhide kernel.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Strange AVC with latest rawhide kernel.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: CIL Wiki Translate
  • From: omok <omok@xxxxxxxxxx>
• Re: getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libselinux: procattr: return error on invalid pid_t input.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: CIL Wiki Translate
  • From: 面和毅 <ka-omo@xxxxxxxx>
• Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
  • From: Daniel Cashman <dcashman@xxxxxxxxxxx>
• [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
  • From: Daniel Cashman <dcashman@xxxxxxxxxxx>
• [PATCH 1/2] libselinux: procattr: return error on invalid pid_t input.
  • From: Daniel Cashman <dcashman@xxxxxxxxxxx>
• [PATCH 0/2] Return error on invalid pids for procattr funcs.
  • From: Daniel Cashman <dcashman@xxxxxxxxxxx>
• Re: [GIT PULL] SELinux fixes for 4.5 (#2)
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• ANN: SELinux Userspace Release 20160223
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Job for Experienced SE Linux Dev
  • From: James Geddes <j@xxxxx>
• Re: [GIT PULL] SELinux fixes for 4.5 (#2)
  • From: James Morris <jmorris@xxxxxxxxx>
• [GIT PULL] SELinux fixes for 4.5 (#2)
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] libselinux: selinux_restorecon.3 man page corrections.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] libselinux: selinux_restorecon.3 man page corrections.
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Don't sleep inside inode_getsecid hook
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• ANN: SETools 4.0.0-beta
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: [PATCH] selinux: Don't sleep inside inode_getsecid hook
  • From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
• Re: [PATCH] selinux: Don't sleep inside inode_getsecid hook
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux: Don't sleep inside inode_getsecid hook
  • From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
• Re: RESEND [PATCH V3] libselinux: Add selinux_restorecon function
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: RESEND [PATCH V3] libselinux: Add selinux_restorecon function
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [RFC PATCH v3 18/19] calipso: Add a label cache.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 02/19] netlabel: Add an address family to domain hash entries.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 14/19] ipv6: constify the skb pointer of ipv6_find_tlv().
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 11/19] netlabel: Prevent setsockopt() from changing the hop-by-hop option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 04/19] netlabel: Add support for querying a CALIPSO DOI.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 06/19] netlabel: Add support for creating a CALIPSO protocol domain mapping.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 17/19] calipso: Add validation of CALIPSO option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 08/19] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 00/19] CALIPSO Implementation
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 01/19] netlabel: Mark rcu pointers with __rcu.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 16/19] netlabel: Pass a family parameter to netlbl_skbuff_err().
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 13/19] calipso: Allow request sockets to be relabelled by the lsm.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: RESEND [PATCH V3] libselinux: Add selinux_restorecon function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [RFC PATCH v3 19/19] netlabel: Implement CALIPSO config functions for SMACK.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 09/19] netlabel: Move bitmap manipulation functions to the NetLabel core.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 10/19] calipso: Set the calipso socket label to match the secattr.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 03/19] netlabel: Initial support for the CALIPSO netlink protocol.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 07/19] netlabel: Add support for removing a CALIPSO DOI.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 15/19] calipso: Allow the lsm to label the skbuff directly.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 05/19] netlabel: Add support for enumerating the CALIPSO DOI list.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v3 12/19] ipv6: Allow request socks to contain IPv6 options.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: [PATCH 1/2] libsepol: fix __attribute__((unused)) annotations
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH 1/3] policycoreutils: sepolicy: rename policy global variable
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] read_spec_entry: fail on non-ascii
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [RFC PATCH v2 00/18] CALIPSO Implementation
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: [RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: Copying/setting security.selinux xattr explicitly
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• Re: Copying/setting security.selinux xattr explicitly
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Copying/setting security.selinux xattr explicitly
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• [PATCH] read_spec_entry: fail on non-ascii
  • From: william.c.roberts@xxxxxxxxx
• [PATCH] read_spec_entry: fail on non-ascii
  • From: william.c.roberts@xxxxxxxxx
• Re: Policy feedback
  • From: Spencer Shimko <spencer@xxxxxxxxxxxxxxxxx>
• Policy feedback
  • From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
• Re: [RFC PATCH v2 14/18] calipso: Allow the lsm to label the skbuff directly.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 12/18] ipv6: Allow request socks to contain IPv6 options.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 06/18] netlabel: Add support for creating a CALIPSO protocol domain mapping.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 00/18] CALIPSO Implementation
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 03/18] netlabel: Initial support for the CALIPSO netlink protocol.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [RFC PATCH v2 02/18] netlabel: Add an address family to domain hash entries.
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: selinux_set_callback() problem
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: selinux_set_callback() problem
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• [PATCH 1/2] libsepol: fix __attribute__((unused)) annotations
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/2] libsemanage: no longer use variables with unused attribute
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/3] policycoreutils: sepolicy: do not overwrite CFLAGS
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/3] libsemanage: tests: do not overwrite CFLAGS and LDFLAGS
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/3] policycoreutils: sepolicy: rename policy global variable
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: selinux_set_callback() problem
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• selinux_set_callback() problem
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: SELinux file context matching
  • From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
• Re: genhomedircon uid template
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: SELinux file context matching
  • From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
• Re: SELinux file context matching
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• Re: SELinux file context matching
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• SELinux file context matching
  • From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
• Re: genhomedircon uid template
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: genhomedircon uid template
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: genhomedircon uid template
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• Re: genhomedircon uid template
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] policycoreutils: newrole: add missing defined in #if
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH 1/2] sepolgen: Make sepolgen-ifgen output deterministic with Python>=3.3
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• genhomedircon uid template
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 3/3] libsemanage: move modinfo_tmp definition before goto cleanup
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/3] libsemanage: initialize bools_modified variable.
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: Newbie question on fixfiles
  • From: Thomas Downing <tdowning@xxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Thomas Downing <tdowning@xxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Thomas Downing <tdowning@xxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Thomas Downing <tdowning@xxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Thomas Downing <tdowning@xxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Newbie question on fixfiles
  • From: Joe Wulf <joe_wulf@xxxxxxxxx>
• Newbie question on fixfiles
  • From: Thomas Downing <tdowning@xxxxxxxxxx>
• Re: kernel-4.3.3-303.fc23.x86_64 and selinux-policy
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• kernel-4.3.3-303.fc23.x86_64 and selinux-policy
  • From: Bill <wch1m1@xxxxxxxxx>
• Re: [PATCH v3 1/1] selinux: use absolute path to include directory
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH v3 1/1] selinux: use absolute path to include directory
  • From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
  • From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
• Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: User range vs. context's range
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: User range vs. context's range
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: User range vs. context's range
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: User range vs. context's range
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: User range vs. context's range
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: User range vs. context's range
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: User range vs. context's range
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• User range vs. context's range
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: [PATCH v2 1/1] selinux: use absolute path to include directory
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH v2 1/1] selinux: use absolute path to include directory
  • From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
• Re: [PATCH v1 1/1] selinux: use absolute path to include directory
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] policycoreutils: newrole: add missing defined in #if
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH v1 1/1] selinux: use absolute path to include directory
  • From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
• Re: [PATCH v1 1/1] selinux: use absolute path to include directory
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH 1/2] sepolgen: Make sepolgen-ifgen output deterministic with Python>=3.3
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/2] sepolgen: Support latest refpolicy interfaces
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• RESEND [PATCH V3] libselinux: Add selinux_restorecon function
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [GIT PULL] SELinux fixes for 4.5 (#1)
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH 1/2] Add description of missing newrole parameter -p in newrole man page.
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• [GIT PULL] SELinux fixes for 4.5 (#1)
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: ANN: SELinux Userspace Release 20160107-rc1
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• [PATCH 2/2] Added missing descriptions for --*-key params in secon man page.
  • From: Lukas Vrabec <lvrabec@xxxxxxxxxx>
• [PATCH 1/2] Add description of missing newrole parameter -p in newrole man page.
  • From: Lukas Vrabec <lvrabec@xxxxxxxxxx>
• Re: Labeling nsfs filesystem
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Preventing packet sniffing
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Inode label revalidation performance fix
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Diskless system running SELinux
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• [PATCH] secilc: update dependency information and man page creation
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: ANN: SELinux Userspace Release 20160107-rc1
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: Labeling nsfs filesystem
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: Labeling nsfs filesystem
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Labeling nsfs filesystem
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• [RFC PATCH v2 07/18] netlabel: Add support for removing a CALIPSO DOI.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 03/18] netlabel: Initial support for the CALIPSO netlink protocol.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 02/18] netlabel: Add an address family to domain hash entries.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 09/18] netlabel: Move bitmap manipulation functions to the NetLabel core.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 14/18] calipso: Allow the lsm to label the skbuff directly.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 13/18] calipso: Allow request sockets to be relabelled by the lsm.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 06/18] netlabel: Add support for creating a CALIPSO protocol domain mapping.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 04/18] netlabel: Add support for querying a CALIPSO DOI.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 05/18] netlabel: Add support for enumerating the CALIPSO DOI list.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 15/18] netlabel: Pass a family parameter to netlbl_skbuff_err().
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 16/18] calipso: Add validation of CALIPSO option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 17/18] calipso: Add a label cache.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 18/18] netlabel: Implement CALIPSO config functions for SMACK.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 01/18] netlabel: Mark rcu pointers with __rcu.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 00/18] CALIPSO Implementation
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 11/18] netlabel: Prevent setsockopt() from changing the hop-by-hop option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH v2 12/18] ipv6: Allow request socks to contain IPv6 options.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Preventing packet sniffing
  • From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
• Re: Diskless system running SELinux
  • From: Andrew Ruch <adruch2002@xxxxxxxxx>
• Re: Diskless system running SELinux
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: ANN: SELinux Userspace Release 20160107-rc1
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Diskless system running SELinux
  • From: Andrew Ruch <adruch2002@xxxxxxxxx>
• Re: Labeling nsfs filesystem
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Labeling nsfs filesystem
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• ANN: SELinux Userspace Release 20160107-rc1
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] selinux: Inode label revalidation performance fix
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: CIL Wiki Translate
  • From: omok <omok@xxxxxxxxxx>
• [PATCH] selinux: Inode label revalidation performance fix
  • From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
• Re: CIL Wiki Translate
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• CIL Wiki Translate
  • From: 面和毅 <ka-omo@xxxxxxxx>
• [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 18/18] fuse: Allow user namespace mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 13/18] fs: Allow superblock owner to access do_remount_sb()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 03/18] fs: Treat foreign mounts as nosuid
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 10/18] fs: Update posix_acl support to handle user namespace mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 07/18] fs: Check for invalid i_uid in may_follow_link()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 06/18] Smack: Handle labels consistently in untrusted mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 05/18] userns: Replace in_userns with current_in_userns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 04/18] selinux: Add support for unprivileged mounts from user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 01/18] block_dev: Support checking inode permissions in lookup_bdev()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 02/18] block_dev: Check permissions towards block device inode when mounting
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH] update deps and change yum to dnf
  • From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
• Re: [PATCH] update deps and change yum to dnf
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH] update deps and change yum to dnf
  • From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
• Re: [PATCH] update deps and change yum to dnf
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• [PATCH] update deps and change yum to dnf
  • From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
• Re: [PATCH] policycoreutils: semanage: list reserver_port_t
  • From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
• Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
  • From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
• Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
  • From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
• Re: [RFC PATCH 13/17] calipso: Allow request sockets to be relabelled by the lsm.
  • From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
• Re: [RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
  • From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] policycoreutils: semanage: list reserver_port_t
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: [GIT PULL] SELinux patches for 4.5
  • From: James Morris <jmorris@xxxxxxxxx>
• [GIT PULL] SELinux patches for 4.5
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH net] sctp: label accepted/peeled off sockets
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 00/17] CALIPSO implementation
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: [RFC PATCH 00/17] CALIPSO implementation
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: [RFC PATCH 00/17] CALIPSO implementation
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 02/17] netlabel: Add an address family to domain hash entries.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 03/17] netlabel: Initial support for the CALIPSO netlink protocol.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 04/17] netlabel: Add support for querying a CALIPSO DOI.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 06/17] netlabel: Add support for creating a CALIPSO protocol domain mapping.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 05/17] netlabel: Add support for enumerating the CALIPSO DOI list.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 07/17] netlabel: Add support for removing a CALIPSO DOI.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 10/17] calipso: Set the calipso socket label to match the secattr.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 14/17] calipso: Allow the lsm to label the skbuff directly.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 09/17] netlabel: Move bitmap manipulation functions to the NetLabel core.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 11/17] netlabel: Prevent setsockopt() from changing the hop-by-hop option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 15/17] netlabel: Pass a family parameter to netlbl_skbuff_err().
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 17/17] calipso: Add a label cache.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 13/17] calipso: Allow request sockets to be relabelled by the lsm.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 00/17] CALIPSO implementation
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 12/17] ipv6: Allow request socks to contain IPv6 options.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• [RFC PATCH 01/17] netlabel: Mark rcu pointers with __rcu.
  • From: Huw Davies <huw@xxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: security_bounded_transition fails
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: security_bounded_transition fails
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: security_bounded_transition fails
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: security_bounded_transition fails
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: security_bounded_transition fails
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: security_bounded_transition fails
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• security_bounded_transition fails
  • From: Hannu Savolainen <hannu.savolainen@xxxxxxxxxx>
• Re: [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
  • From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
• Re: [PATCH] libselinux: Don't wrap rpm_execcon with DISABLE_RPM
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] libselinux/man: Add information about thread specific on setfscreatecon
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH v2] secilc/docs: Convert DocBook documentation into github markdown
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Daniel Cashman <dcashman@xxxxxxxxxxx>
• [PATCH v2] secilc/docs: Convert DocBook documentation into github markdown
  • From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Joe Nall <joe@xxxxxxxx>
• ANN: SETools 4.0.0-alpha3
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Joe Nall <joe@xxxxxxxx>
• Re: [PATCH] secilc/docs: Convert DocBook documentation into github markdown
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• RE: Exposing secid to secctx mapping to user-space
  • From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• RE: Exposing secid to secctx mapping to user-space
  • From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• SELinux/audit kernel repo process changes
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• RE: Exposing secid to secctx mapping to user-space
  • From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: Exposing secid to secctx mapping to user-space
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Exposing secid to secctx mapping to user-space
  • From: Daniel Cashman <dcashman@xxxxxxxxxxx>
• Re: A newbie's question
  • From: David Li <dlipubkey@xxxxxxxxx>
• [PATCH] secilc/docs: Convert DocBook documentation into github markdown
  • From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
• RE: A newbie's question
  • From: "Higgs, Stephen" <Stephen.Higgs@xxxxxxxx>
• Re: A newbie's question
  • From: David Li <dlipubkey@xxxxxxxxx>
• Re: Wrong audit message type when policy is reloaded
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• [PATCH] libselinux: Don't wrap rpm_execcon with DISABLE_RPM
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• [PATCH] libselinux/man: Add information about thread specific on setfscreatecon
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• RE: mcs design help
  • From: "Higgs, Stephen" <Stephen.Higgs@xxxxxxxx>
• Re: mcs design help
  • From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
• Re: mcs design help
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• RE: mcs design help
  • From: "Higgs, Stephen" <Stephen.Higgs@xxxxxxxx>
• Re: mcs design help
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• mcs design help
  • From: "Higgs, Stephen" <Stephen.Higgs@xxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Joe Nall <joe@xxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Behavior of mmap()ed files on setcon()?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Michal Marciniszyn <michal.marciniszyn@xxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Michal Marciniszyn <michal.marciniszyn@xxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Milos Malik <mmalik@xxxxxxxxxx>
• Re: Behavior of mmap()ed files on setcon()?
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Behavior of mmap()ed files on setcon()?
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• RE: A newbie's question
  • From: "Higgs, Stephen" <Stephen.Higgs@xxxxxxxx>
• A newbie's question
  • From: David Li <dlipubkey@xxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Michal Marciniszyn <michal.marciniszyn@xxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Michal Marciniszyn <michal.marciniszyn@xxxxxxxxxxxx>
• ANN: Reference Policy Release
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Michal Marciniszyn <michal.marciniszyn@xxxxxxxxxxxx>
• Re: [PATCH] libsepol/cil: Validate extended avrules and permissionxs
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: New setools3 release
  • From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
• Re: Performance issues - huge amount of AVC misses
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: New setools3 release
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• Performance issues - huge amount of AVC misses
  • From: Michal Marciniszyn <michal.marciniszyn@xxxxxxxxxxxx>
• New setools3 release
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• [PATCH v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 06/18] Smack: Handle labels consistently in untrusted mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 02/18] block_dev: Check permissions towards block device inode when mounting
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 13/18] fs: Allow superblock owner to access do_remount_sb()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 03/18] fs: Treat foreign mounts as nosuid
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 04/18] selinux: Add support for unprivileged mounts from user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 10/18] fs: Update posix_acl support to handle user namespace mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 01/18] block_dev: Support checking inode permissions in lookup_bdev()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 15/18] fuse: Add support for pid namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 00/19] Support fuse mounts in user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 05/18] userns: Replace in_userns with current_in_userns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 07/18] fs: Check for invalid i_uid in may_follow_link()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 18/18] fuse: Allow user namespace mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: chcat is using getlogin() function that sometimes returns null/empty string
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• chcat is using getlogin() function that sometimes returns null/empty string
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• [PATCH] libsepol/cil: Validate extended avrules and permissionxs
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: Andreas Dilger <adilger@xxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: "Theodore Ts'o" <tytso@xxxxxxx>
• Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• How i see SELinux succeed in GNU/Linux
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: "Theodore Ts'o" <tytso@xxxxxxx>
• Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb()
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 05/19] userns: Replace in_userns with current_in_userns
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 03/19] fs: Treat foreign mounts as nosuid
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as()
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link()
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev()
  • From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
• Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
• Re: Steps needed to support SElinux over FUSE mounts
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• Re: [selinux-testsuite PATCH] net_socket: replace md5 with sha1 in ipsec-load
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 2/2] secilc/docs: Add documentation for neverallowx rules
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add support for neverallowx
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 16/19] fuse: Add support for pid namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 19/19] fuse: Allow user namespace mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 05/19] userns: Replace in_userns with current_in_userns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 03/19] fs: Treat foreign mounts as nosuid
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 00/19] Support fuse mounts in user namespaces
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev()
  • From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
• Re: continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• continuation of systemd/SELinux discussion from Github
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• [PATCH] libsepol/cil: Remove duplicated 'if' condition in cil_tree
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• Re: [PATCH] policycoreutils: fix 'semanage permissive -l' subcommand
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] policycoreutils: replace string.join() with str.join()
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 1/2] libsepol/cil: Add support for neverallowx
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• [PATCH 2/2] secilc/docs: Add documentation for neverallowx rules
  • From: Steve Lawrence <slawrence@xxxxxxxxxx>
• [selinux-testsuite PATCH] net_socket: replace md5 with sha1 in ipsec-load
  • From: Jan Stancek <jstancek@xxxxxxxxxx>
• redhats influence is hurting SELinux in GNU/Linux
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• [PATCH] policycoreutils: fix 'semanage permissive -l' subcommand
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: does load_policy default to loading the lowest polvers available?
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• [GIT PULL] SELinux fixes for 4.4 (#1)
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] selinux: fix bug in conditional rules handling
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] policycoreutils: replace string.join() with str.join()
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: [PATCH] libselinux, policycoreutils: Man page warning fixes
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libselinux: Correct line count for property and service contexts files
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsepol: Fully expand neverallowxperm rules
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• libsepol bug report
  • From: David Binderman <dcb314@xxxxxxxxxxx>
• Re: [PATCH] selinux: fix bug in conditional rules handling
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix bug in conditional rules handling
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] selinux: fix bug in conditional rules handling
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: (Userspace) AVC denial generated even if allowed by the policy?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: (Userspace) AVC denial generated even if allowed by the policy?
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>
• Re: [PATCH] libselinux: Correct line count for property and service contexts files
  • From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
• Re: (Userspace) AVC denial generated even if allowed by the policy?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: (Userspace) AVC denial generated even if allowed by the policy?
  • From: Laurent Bigonville <bigon@xxxxxxxxxx>