Hi Stephen,
Below is the output of command :
* sestatus -v output*
*SELinux status: enabled*
*SELinuxfs mount:/sys/fs/selinux*
*SELinux root directory: /etc/selinux*
*Loaded policy name: targeted*
*Current mode: enforcing*
*Mod
On 11/27/2017 05:50 PM, Paul Moore wrote:
On Mon, Nov 27, 2017 at 3:04 PM, Daniel Jurgens wrote:
On 11/27/2017 10:19 AM, Paul Moore wrote:
On Mon, Nov 27, 2017 at 9:03 AM, Dan Jurgens wrote:
From: Daniel Jurgens
For controlling IPoIB VLANs
Reported-by: Honggang LI
Signed-off-by: Daniel J
On Tue, 2017-11-28 at 13:37 -0800, Matthew Garrett wrote:
> On Tue, Nov 28, 2017 at 1:35 PM, Mimi Zohar wrote:
> > On Tue, 2017-11-28 at 13:22 -0800, Matthew Garrett wrote:
> >> We need to check against the appropriate credentials structure, and
> >> since we're doing this before commit_creds() ha
On Tue, 2017-11-28 at 13:22 -0800, Matthew Garrett wrote:
> On Tue, Nov 28, 2017 at 12:48 PM, Mimi Zohar wrote:
> > Hi Matthew,
> >
> > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett wrote:
> > > The existing BPRM_CHECK functionality in IMA validates against the
> > > credentials of the existi
On Tue, Nov 28, 2017 at 12:48 PM, Mimi Zohar wrote:
> Hi Matthew,
>
> On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett wrote:
> > The existing BPRM_CHECK functionality in IMA validates against the
> > credentials of the existing process, not any new credentials that the
> > child process may tra
Hi Matthew,
On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett wrote:
> The existing BPRM_CHECK functionality in IMA validates against the
> credentials of the existing process, not any new credentials that the
> child process may transition to. Add an additional CREDS_CHECK target
> and refactor
On Tue, 2017-11-28 at 14:39 -0500, Stephen Smalley wrote:
> On Mon, 2017-11-27 at 19:32 +, Richard Haines wrote:
> > The SELinux SCTP implementation is explained in:
> > Documentation/security/SELinux-sctp.rst
> >
> > Signed-off-by: Richard Haines
> > ---
> > Documentation/security/SELinux-s
On Mon, 2017-11-27 at 19:32 +, Richard Haines wrote:
> The SELinux SCTP implementation is explained in:
> Documentation/security/SELinux-sctp.rst
>
> Signed-off-by: Richard Haines
> ---
> Documentation/security/SELinux-sctp.rst | 104
> security/selinux/hooks.c|
On Mon, 2017-11-27 at 21:33 +0100, Petr Lautrbach wrote:
> When a calling process uses umask(0) some files in the SELinux module
> store can be created to be world writeable. With this patch,
> libsemanage
> sets umask(0077) before fopen() operations and restores the original
> umask value when it'
The SCTP security hooks are explained in:
Documentation/security/LSM-sctp.rst
Signed-off-by: Richard Haines
---
Documentation/security/LSM-sctp.rst | 194
include/linux/lsm_hooks.h | 35 +++
include/linux/security.h| 25 +
secu
The kernel patches have been built on Fedora 27 with kernel 4.13.12 plus
the following userspace patches to enable testing:
1) Updates to libsepol 2.7 to support the sctp portcon statement.
The patch is available from:
http://arctic.selinuxproject.org/~rhaines/selinux-sctp/
se
Add security hooks to allow security modules to exercise access control
over SCTP.
Signed-off-by: Richard Haines
---
include/net/sctp/structs.h | 10
include/uapi/linux/sctp.h | 1 +
net/sctp/sm_make_chunk.c | 12 +
net/sctp/sm_statefuns.c| 18 ++
net/sctp/so
Add ip option support to allow LSM security modules to utilise CIPSO/IPv4
and CALIPSO/IPv6 services.
Signed-off-by: Richard Haines
---
include/net/sctp/structs.h | 2 ++
net/sctp/chunk.c | 13 -
net/sctp/ipv6.c| 42 +++---
ne
The SELinux SCTP implementation is explained in:
Documentation/security/SELinux-sctp.rst
Signed-off-by: Richard Haines
---
Documentation/security/SELinux-sctp.rst | 104
security/selinux/hooks.c| 278 +---
security/selinux/include/classmap
On 11/27/2017 10:19 AM, Paul Moore wrote:
> On Mon, Nov 27, 2017 at 9:03 AM, Dan Jurgens wrote:
>> From: Daniel Jurgens
>>
>> For controlling IPoIB VLANs
>>
>> Reported-by: Honggang LI
>> Signed-off-by: Daniel Jurgens
>> Tested-by: Honggang LI
>> ---
>> networkmanager.te |2 ++
>> 1 files
When a calling process uses umask(0) some files in the SELinux module
store can be created to be world writeable. With this patch, libsemanage
sets umask(0077) before fopen() operations and restores the original
umask value when it's done.
Fixes:
drwx--. /var/lib/selinux/targeted/active
-rw-rw
16 matches
Mail list logo