Re: [PATCH] libselinux: log no default label warning in verbose mode

On Sep 12, 2017 12:49 PM, "Christian Göttsche" wrote: > This seems to revert what was an intentional change to avoid noise in > fixfiles check output. See the mailing list discussions that preceded and > followed the patch. In my opinion, it's a helpful noise, which is

Re: [PATCH] libselinux: log no default label warning in verbose mode

> This seems to revert what was an intentional change to avoid noise in > fixfiles check output. See the mailing list discussions that preceded and > followed the patch. In my opinion, it's a helpful noise, which is triggered by an intended file context `<>`. Is there any hack to get the old

Re: [GIT PULL] SELinux patches for v4.14

On Tue, Sep 12, 2017 at 10:33 AM, Paul Moore wrote: > As discussed on the linux-security pull request thread, this is the > direct SELinux pull request; the content/tag is the same as what I > sent to James/linux-security earlier: The contents may be the same, but the base

Re: with extended_socket_class should be still be seeing "socket"?

On Tue, Sep 12, 2017 at 1:36 PM, Dominick Grift wrote: > On Tue, Sep 12, 2017 at 12:01:35PM -0400, Stephen Smalley wrote: >> On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote: >> >> I have extended socket class polcap enabled but i am still seeing

[GIT PULL] SELinux patches for v4.14

As discussed on the linux-security pull request thread, this is the direct SELinux pull request; the content/tag is the same as what I sent to James/linux-security earlier: "A relatively quiet period for SELinux, 11 patches with only two/three having any substantive changes. These noteworthy

Re: with extended_socket_class should be still be seeing "socket"?

On Tue, Sep 12, 2017 at 12:01:35PM -0400, Stephen Smalley wrote: > On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote: > > I have extended socket class polcap enabled but i am still seeing "socket" > class events and i was wondering whether that is to be expected? > > avc:

Re: [PATCH] libselinux: log no default label warning in verbose mode

On Sep 11, 2017 3:45 AM, "Christian Göttsche via Selinux" < selinux@tycho.nsa.gov> wrote: Since 1cd972f restorecon does not print a warning in recurse mode for child files without a default label. Change it back in verbose mode: $ touch /run/test.pid $ restorecon -R /run $ restorecon -v -R /run

Re: with extended_socket_class should be still be seeing "socket"?

On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote: I have extended socket class polcap enabled but i am still seeing "socket" class events and i was wondering whether that is to be expected? avc: denied { create } for pid=10484 comm="nethogs" scontext=wheel.id:

Re: Userspace Python version

On Sep 8, 2017 6:49 PM, "Chris PeBenito" wrote: I believe that all major SELinux distributions have at least Python 3.4 support. Python 3 changeover has gone so long that even 3.3 is about to go end-of-life [1]. Can we officially drop Python 2.7 support in userspace code?

with extended_socket_class should be still be seeing "socket"?

I have extended socket class polcap enabled but i am still seeing "socket" class events and i was wondering whether that is to be expected? avc: denied { create } for pid=10484 comm="nethogs" scontext=wheel.id:sysadm.role:nethogs.subj:s0 tcontext=wheel.id:sysadm.role:nethogs.subj:s0