Add a new boolean
george karakou
mad-proffessor at hotmail.com
Sat Oct 11 19:07:47 UTC 2014
Thanks. I made the pull request its ready.
I would like to make another request for reviewing. Its a policy module
derived from Dan's work on secmark(a blog post). I 've further divided
the packets to some more categories-it added to the complexity though.
But despite the fact the module works it doesn't make use of the
corenet_packet interface which i think is more appropriate. Is it ok if
i name it secmark even though a module named labelednet would be more
convinient and add the files to rawhide-contrib?
On 10/11/2014 01:23 PM, Daniel J Walsh wrote:
>
> On 10/07/2014 07:21 AM, george karakou wrote:
>> Hi Miroslav. I searched rawhide-base and rawhide-contrib but i didn't
>> find the relative boolean. I found some hints on how to generate a
>> boolean from rawhide-base/policy/modules/kernel/selinux.te but that
>> was different-its a special boolean with a security type-apparently it
>> wasn't enough.
>>
>> On 10/06/2014 12:38 PM, Miroslav Grepl wrote:
>>> On 10/01/2014 02:58 PM, Geo Karakou wrote:
>>>> Hi list. I think it would be nice to have an selinuxuser_udp_server
>>>> boolean identical to the selinuxuser_tcp_server. Issuing an
>>>> sesearch -b
>>>> selinuxuser_tcp_server -AC would reveal little work to be done, but i
>>>> dont know how much rules would have to be written to the main selinux
>>>> policy.
>>>> Its just a thought but i would like some feedback.
>>>>
>>>> --
>>>> selinux mailing list
>>>> selinux at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> Would you like to create a pull request against
>>>
>>> https://github.com/selinux-policy/selinux-policy
>>>
>>> ?
>>>
>>> Basically you would look for
>>>
>>> selinuxuser_tcp_server
>>>
>>> in rawhide-base branch and modify the code to have
>>>
>>> selinuxuser_udp_server
>>>
>>>
>>>
>>>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
> grep selinuxuser_tcp_server . -r
> ./policy/modules/system/userdomain.if:
> tunable_policy(`selinuxuser_tcp_server',`
> ./policy/modules/system/userdomain.if:
> tunable_policy(`selinuxuser_tcp_server',`
> ./policy/modules/services/ssh.te:tunable_policy(`selinuxuser_tcp_server',`
> ./policy/global_tunables:gen_tunable(selinuxuser_tcp_server,false)
>
>
>
>
More information about the selinux
mailing list