[yocto] [meta-selinux][PATCH 0/4] add targeted/minimum policy and some updates
Joe MacDonald
joe at deserted.net
Thu Apr 3 12:20:29 PDT 2014
Hey Wenzong,
I merged two of these four.
[[yocto] [meta-selinux][PATCH 0/4] add targeted/minimum policy and some updates] On 14.03.24 (Mon 21:07) wenzong.fan at windriver.com wrote:
> From: Wenzong Fan <wenzong.fan at windriver.com>
>
> Changes:
> * backport tmpfs_t patch from upstream;
> * add rules for /var/log symlink on poky;
These both went in. These:
> * add targeted policy type
> * add minimum targeted policy
I'm less clear on. They both look like significant changes to
refpolicy-* behaviour, which is fine, but in that case I think it'd be
better to give them a different name. Or one that differentiates them
significantly. For example the "minimum" policy has users unconfined
and applications confined? Or neither? I'm not sure what the value is
of these.
If they really are just specialized versions of the standard reference
policy, they should at least be ported to use the refpolicy_common
infrastructure Phil set up a while back.
Thanks,
-J.
>
> The following changes since commit a6079a43719e79e12a57e609923a0cccdba06916:
>
> refpolicy: fix real path for su.shadow (2014-02-13 10:52:07 -0500)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib wenzong/ref-minimum
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/ref-minimum
>
> Wenzong Fan (4):
> refpolicy: associate tmpfs_t (shm) to device_t (devtmpfs) file
> systems
> refpolicy: add rules for /var/log symlink on poky
> refpolicy: add targeted policy type
> refpolicy: add minimum targeted policy
>
> ...associate-tmpfs_t-shm-to-device_t-devtmpf.patch | 30 +++
> ...ky-policy-add-rules-for-syslogd_t-symlink.patch | 30 +++
> ...rules-for-var-log-symlink-audisp_remote_t.patch | 29 +++
> .../refpolicy/refpolicy-minimum_2.20130424.bb | 46 +++++
> ...olicy-fix-optional-issue-on-sysadm-module.patch | 60 ++++++
> .../refpolicy-unconfined_u-default-user.patch | 198 ++++++++++++++++++++
> .../refpolicy/refpolicy-targeted_2.20130424.bb | 18 ++
> .../refpolicy/refpolicy_2.20130424.inc | 3 +
> 8 files changed, 414 insertions(+)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-policy-add-rules-for-syslogd_t-symlink.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-policy-add-rules-for-var-log-symlink-audisp_remote_t.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb
> create mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-targeted_2.20130424.bb
>
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140403/b2bf8433/attachment.pgp>
More information about the yocto
mailing list