Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 10:26:22AM -0700, Tycho Andersen wrote: > On Wed, Oct 10, 2018 at 07:15:02PM +0200, Christian Brauner wrote: > > On Wed, Oct 10, 2018 at 09:54:58AM -0700, Tycho Andersen wrote: > > > On Wed, Oct 10, 2018 at 05:39:57PM +0200, Christian Brauner wrote: > > > > On Wed, Oct 10,

[PATCH] README: Update the SELinux mailing list location

Signed-off-by: Stephen Smalley --- README | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README b/README index 174551a1..1c009b01 100644 --- a/README +++ b/README @@ -1,5 +1,6 @@ -Please submit all bug reports and patches to selinux@tycho.nsa.gov. -Subscribe via

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 07:15:02PM +0200, Christian Brauner wrote: > On Wed, Oct 10, 2018 at 09:54:58AM -0700, Tycho Andersen wrote: > > On Wed, Oct 10, 2018 at 05:39:57PM +0200, Christian Brauner wrote: > > > On Wed, Oct 10, 2018 at 05:33:43PM +0200, Jann Horn wrote: > > > > On Wed, Oct 10, 2018

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 09:54:58AM -0700, Tycho Andersen wrote: > On Wed, Oct 10, 2018 at 05:39:57PM +0200, Christian Brauner wrote: > > On Wed, Oct 10, 2018 at 05:33:43PM +0200, Jann Horn wrote: > > > On Wed, Oct 10, 2018 at 5:32 PM Paul Moore wrote: > > > > On Tue, Oct 9, 2018 at 9:36 AM Jann

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 05:39:57PM +0200, Christian Brauner wrote: > On Wed, Oct 10, 2018 at 05:33:43PM +0200, Jann Horn wrote: > > On Wed, Oct 10, 2018 at 5:32 PM Paul Moore wrote: > > > On Tue, Oct 9, 2018 at 9:36 AM Jann Horn wrote: > > > > +cc selinux people explicitly, since they probably

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 5:32 PM Paul Moore wrote: > On Tue, Oct 9, 2018 at 9:36 AM Jann Horn wrote: > > +cc selinux people explicitly, since they probably have opinions on this > > I just spent about twenty minutes working my way through this thread, > and digging through the containers archive

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 05:33:43PM +0200, Jann Horn wrote: > On Wed, Oct 10, 2018 at 5:32 PM Paul Moore wrote: > > On Tue, Oct 9, 2018 at 9:36 AM Jann Horn wrote: > > > +cc selinux people explicitly, since they probably have opinions on this > > > > I just spent about twenty minutes working my

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Tue, Oct 9, 2018 at 9:36 AM Jann Horn wrote: > +cc selinux people explicitly, since they probably have opinions on this I just spent about twenty minutes working my way through this thread, and digging through the containers archive trying to get a good understanding of what you guys are

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 02:54:22PM +0200, Christian Brauner wrote: > On Tue, Oct 09, 2018 at 06:26:47PM +0200, Jann Horn wrote: > > On Tue, Oct 9, 2018 at 6:20 PM Christian Brauner > > wrote: > > > On Tue, Oct 09, 2018 at 05:26:26PM +0200, Jann Horn wrote: > > > > On Tue, Oct 9, 2018 at 4:09 PM

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 2:54 PM Christian Brauner wrote: > On Tue, Oct 09, 2018 at 06:26:47PM +0200, Jann Horn wrote: > > On Tue, Oct 9, 2018 at 6:20 PM Christian Brauner > > wrote: > > > On Tue, Oct 09, 2018 at 05:26:26PM +0200, Jann Horn wrote: > > > > On Tue, Oct 9, 2018 at 4:09 PM Christian

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Wed, Oct 10, 2018 at 03:10:11PM +0200, Jann Horn wrote: > On Wed, Oct 10, 2018 at 2:54 PM Christian Brauner > wrote: > > On Tue, Oct 09, 2018 at 06:26:47PM +0200, Jann Horn wrote: > > > On Tue, Oct 9, 2018 at 6:20 PM Christian Brauner > > > wrote: > > > > On Tue, Oct 09, 2018 at 05:26:26PM

Re: [PATCH v7 3/6] seccomp: add a way to get a listener fd from ptrace

On Tue, Oct 09, 2018 at 06:26:47PM +0200, Jann Horn wrote: > On Tue, Oct 9, 2018 at 6:20 PM Christian Brauner wrote: > > On Tue, Oct 09, 2018 at 05:26:26PM +0200, Jann Horn wrote: > > > On Tue, Oct 9, 2018 at 4:09 PM Christian Brauner > > > wrote: > > > > On Tue, Oct 09, 2018 at 03:50:53PM

Blocking exec on processes based on arguments

Hi, Does SELinux provide any sort of mechanism for blocking exec on commands based on their command line arguments? The proposed use case goes a little like this, allow 'wget' to access 'http://good-server-1/*' and 'http://good-server-2/*' but block access to other hostnames and log the access

Re: [PATCH] MAINTAINERS: update the SELinux mailing list location

On Wed, Oct 10, 2018 at 1:55 AM Paul Moore wrote: > > Signed-off-by: Paul Moore > --- > MAINTAINERS |2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Since we want to get everyone on to the new list as soon as possible, I've merged this into the selinux/stable-4.19 branch and I plan