Problems:
- Allowing integration with other services (D&D Beyond, Orcpub)
- Locking non-free content (user created / WOTC deal?)
Solutions:
Gary Tierney garyttierney
garyttierney
/ gist:65ce78bc7eca22918b21862299774687
Created
October 4, 2019 08:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > $ echo "test1" >> test1.hll | |
| [root@garyttierney ~]# chmod +x /usr/libexec/selinux/hll/my_hll | |
| [root@garyttierney ~]# mv /home/gtierney/test1.hll test1.my_hll | |
| [root@garyttierney ~]# semodule -i test1.my_hll | |
| [root@garyttierney ~]# rm test1.my_hll | |
| rm: remove regular file 'test1.my_hll'? y | |
| [root@garyttierney ~]# semodule -E test1 | |
| Module 'test1' does not exist at the default priority '400'. Extracting at highest existing priority '400'. | |
| [root@garyttierney ~]# cat test1.my_hll | |
| test1 |
garyttierney
/ 0001-Fix-name-of-net-bindings-library-under-Linux.patch
Last active
June 30, 2019 23:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From f2a432127b7f33414f78f6c480c4ad3b1d35cb96 Mon Sep 17 00:00:00 2001 | |
| From: Gary Tierney <gary.tierney@fastmail.com> | |
| Date: Sun, 30 Jun 2019 23:58:35 +0100 | |
| Subject: [PATCH] Fix name of net bindings library under Linux | |
| Also removes an unnecessary preprocessor directive, since the same | |
| library name is passed to `DllImport` under both Linux and Windows. | |
| --- | |
| network.bindings/Makefile | 8 ++++---- | |
| network.bindings/source/network.bindings.cs | 4 +--- |
garyttierney
/ 0001-Fix-multi-project-Gradle-artifact-resolution.patch
Last active
June 20, 2019 00:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 4b0fc1de4fee7bd95b511fd291d654659279b559 Mon Sep 17 00:00:00 2001 | |
| From: Gary Tierney <gary.tierney@fastmail.com> | |
| Date: Thu, 20 Jun 2019 01:34:45 +0100 | |
| Subject: [PATCH] Fix multi-project Gradle artifact resolution | |
| Updates the check for resolved artifacts to include directories of | |
| classes as well as JAR files. This supports the case where a resolved | |
| artifact contains the build output of a Gradle project within the same | |
| project tree. |
I hereby claim:
- I am garyttierney on github.
- I am gtierneyftw (https://keybase.io/gtierneyftw) on keybase.
- I have a public key whose fingerprint is 412C 0EF9 C305 68E6 B660 BDAF 706E D765 85AA 79D8
To claim this, I am signing this object:
garyttierney
/ hooks.c
Created
March 9, 2017 22:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* socket security operations */ | |
| static int socket_sockcreate_sid(const struct task_security_struct *tsec, | |
| u16 secclass, u32 *socksid) | |
| { | |
| if (tsec->sockcreate_sid > SECSID_NULL) { | |
| *socksid = tsec->sockcreate_sid; | |
| return 0; | |
| } |
garyttierney
/ paths-in-avrules.md
Last active
January 20, 2017 11:40
CSP provides support for referencing an object by its path instead of type when used in a type enforcement AV rule. This works by matching paths in avrules against a reference policy (by default, the file_contexts from the loaded policy).
The motivation for allowing the use of paths in avrules comes from the positive response that AppArmor's profiles received in comparison to the general approach in SELinux policy of referring to the type directly. Hopefully it should reduce the barrier of entry for software developers wishing to write policy for their applications.
garyttierney
/ gist:5ca0649c6f9773989a007bff9b2f1d3c
Created
December 4, 2016 15:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| type a, b; | |
| type_attribute type_attrib_a, type_atrrib_b; | |
| # equivalent cil | |
| (type a) | |
| (type b) | |
| (typeattribute type_attrib_a) | |
| (typeattribute type_attrib_b) |
garyttierney
/ gist:9fd5b5a8538f49b2e06dc643ab35505b
Created
August 22, 2016 13:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > $ sesearch -AT -s nut_upsmon_t -c file -p write,append | |
| Found 24 semantic av rules: | |
| allow daemon puppet_tmp_t : file { ioctl read write getattr lock append } ; | |
| allow nut_upsmon_t systemd_passwd_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow domain afs_cache_t : file { read write } ; | |
| allow nut_domain nut_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow domain tmpfile : file { ioctl read getattr lock append } ; | |
| allow daemon initrc_tmp_t : file { ioctl read write getattr lock append } ; | |
| allow daemon user_cron_spool_t : file { ioctl read write getattr lock append } ; | |
| allow domain abrt_var_cache_t : file { getattr append } ; |
garyttierney
/ new.te
Created
August 1, 2016 00:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| attribute ossec_common; | |
| type ossec_analysisd_t, ossec_common; # associate type with ossec_common | |
| type ossec_execd_t, ossec_common; | |
| type ossec_logcollector_t, ossec_common; | |
| type ossec_maild_t, ossec_common; | |
| type ossec_monitord_t, ossec_common; | |
| type ossec_remoted_t, ossec_common; | |
| type ossec_syscheckd_t, ossec_common; |
NewerOlder