Re: SELinux policy contibutions

ur PR ASAP. Lukas. -- Lukas Vrabec SELinux Solutions Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Adding SELinux Policy to a (Private) Package

@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org -- Lukas Vrabec SELinux Solutions Red Hat, Inc. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: Trouble with install ordering and SELinux config

project.org/en-US/project/code-of-conduct/ >>>> List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List >>>> Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org >>> >>> >>> >>&

Re: Trouble with install ordering and SELinux config

acros/commit/5f366657da0c7c67f2448be03620581437c2dfbb >> >> Fixing it also in Rawhide and F31. > > Thanks a lot! Can it also happen for epel7 and 8? > > Pretty please :) > Please open bugzilla ticket. THanks, Lukas. > Dridi > -- Lukas Vrabec SELinux Evangelist, Seni

[SELinux] xdp_socket in Rawhide

et me know ASAP. Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email t

[heads up] SELinux support for boltd service

be logged even if the whole system will be in Enforcing state. If you'll find some AVCs related to boltd, please use this bugzilla[1] to report them. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1607974. Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologi

Re: [heads up] SELinux support for boltd service

Thanks, Lukas. On 08/07/2018 11:19 AM, Lukas Vrabec wrote: > Hi, > > I saw several bugs where boltd daemon runs as unconfined_service_t. I > have prepared new SELinux module for it. > > I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will > be in permissiv

Re: CVE-2018-14665 : Xorg X Server Vulnerabilities

> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org >

Re: CVE-2018-14665 : Xorg X Server Vulnerabilities

fedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description:

Re: wrong selinux label on user-1000.journal, AVC denials

g? Or other? Michal, what you think about this? How is the user-100.journal file created? It's end up as unlabeled_t so some actions during early state of booting system? Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _

Re: Many 'map' SELinux denials in current Rawhide

ictions would remain in place). Thanks! Hi Adam, I fixed all BZs from tracker bug. selinux-policy build is in koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=21243824 Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _

Re: Re: Many 'map' SELinux denials in current Rawhide

On 08/15/2017 04:58 PM, Lukas Vrabec wrote: On 08/15/2017 01:37 AM, Adam Williamson wrote: Hi folks! Just wanted to give a heads-up on this: it seems that a recent selinux- policy update, 3.13.1-269 , introduced a new permission called 'map'. This seems to have resulted in rath

Re: Many 'map' SELinux denials in current Rawhide

On 08/15/2017 05:25 PM, Adam Williamson wrote: On Tue, 2017-08-15 at 16:58 +0200, Lukas Vrabec wrote: On 08/15/2017 01:37 AM, Adam Williamson wrote: Hi folks! Just wanted to give a heads-up on this: it seems that a recent selinux- policy update, 3.13.1-269 , introduced a new permission called

[HEADS UP] Removing unnecessary dac_override capability in SELinux modules

to get fixes ASAP: https://copr.fedorainfracloud.org/coprs/lvrabec/selinux-policy-nightly/ Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe

[HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

If you have any questions, feel free to contact me. Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 03:57 PM, Alexander Bokovoy wrote: On pe, 29 syys 2017, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving SELinux configuration. Rawhide builds with this change will be available in ~5

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 04:39 PM, Alexander Bokovoy wrote: On pe, 29 syys 2017, Lukas Vrabec wrote: On 09/29/2017 03:57 PM, Alexander Bokovoy wrote: On pe, 29 syys 2017, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of impr

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 03:30 PM, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving SELinux configuration. Rawhide builds with this change will be available in ~5 days. Together with Dan Walsh, we agreed on

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 03:30 PM, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving SELinux configuration. Rawhide builds with this change will be available in ~5 days. Together with Dan Walsh, we agreed on

Re: GCL and SELinux: help requested

nd resolved what was needed and we are ready to react more flexibly in the future. Note: If you are interested in writing custom SELinux policy for your package, you can follow the https://fedoraproject.org/wiki/SELinux/IndependentPolicy documentation on wiki. Regards, Lukas -- Lukas Vrabec

Re: GCL and SELinux: help requested

On 10/21/2017 08:48 PM, Kevin Fenzi wrote: On 10/20/2017 05:12 AM, Lukas Vrabec wrote: Hello community, Hey Lukas. Thanks for chiming in here. We, as Red Hat SELinux team, apologise for recent delays with our answers to your requests and questions related to SELinux. We have been quite

Re: GCL and SELinux: help requested

On 11/23/2017 10:17 AM, Javier Martinez Canillas wrote: Hello, On Fri, Oct 20, 2017 at 2:12 PM, Lukas Vrabec wrote: [snip] Hello community, We, as Red Hat SELinux team, apologise for recent delays with our answers to your requests and questions related to SELinux. We have been quite busy

Re: SELinux Policy Modules Packaging Draft

ux policy, please follow these guidelines[2]. [2] https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy [3] https://pagure.io/packaging-committee/issue/726 Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: Open

Re: Heads up: selinux-policy-3.14.1-25.fc28 breaks GDM

t; List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/M2FHUCS3YBQQQCBQKS7BXTXIAZHR2B54/ > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: OpenPGP digital signature __