Commit Graph

427 Commits

Author SHA1 Message Date
Chris PeBenito
9448ca6e07 restore removed aliases. 2009-11-02 08:48:58 -05:00
Eamon Walsh
5025a463cf Drop the xserver_unprotected interface.
The motivation for this was xdm_t objects not getting cleaned up,
so the user session tried to interact with them.  But since the
default user type is unconfined this problem has gone away for now.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-30 08:55:58 -04:00
Eamon Walsh
5242ecceac X Object Manager policy revisions to xserver.if.
X Object Manager policy revisions to xserver.if.

This commit consists of two parts:

1. Revisions to xserver_object_types_template and
   xserver_common_x_domain_template.  This reflects the dropping
   of many of the specific event, extension, and property types.

2. New interfaces:
   xserver_manage_core_devices: Gives control over core mouse/keyboard.
   xserver_unprotected: Allows all clients to access a domain's X objects.
   Modified interfaces:
   xserver_unconfined: Added x_domain typeattribute statement.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:26 -04:00
Eamon Walsh
f267f85390 X Object Manager policy revisions to xserver.te.
X Object Manager policy revisions to xserver.te.

This commit consists of three main parts:

1. Code movement.  There were X object manager-related statements
   scattered somewhat throughout the file; these have been consolidated,
   which resulted in some other statements moving (e.g. iceauth_t).

2. Type changes.  Many of the specific event, extension, and property
   types have been dropped for the time being.  The rootwindow_t and
   remote_xclient_t types have been renamed, and a root_xcolormap_t
   type has been (re-)added.  This is for naming consistency.
   An "xserver_unprotected" alias has been added for use in labeling
   clients whose resources should be globally accessible (e.g. xdm_t).

3. Policy changes.  These are mostly related to devices, which now have
   separate x_keyboard and x_pointer classes.  The "Hacks" section
   has been cleaned up, and various other classes have had the default
   permissions tweaked.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:22 -04:00
Chris PeBenito
b04669aaea add tuned from miroslav grepl. 2009-10-26 09:42:11 -04:00
Chris PeBenito
5a6b1fe2b4 add dkim from stefan schulze frielinghaus. 2009-09-17 09:12:33 -04:00
Chris PeBenito
21b1d1096f add gnomeclock from dan. 2009-09-16 08:38:58 -04:00
Chris PeBenito
ed70158a39 add rtkit from dan. 2009-09-15 09:53:24 -04:00
Chris PeBenito
c141d835f1 add modemmanager from dan. 2009-09-14 09:48:13 -04:00
Chris PeBenito
e3a90e358a add abrt from dan. 2009-09-14 09:22:24 -04:00
Chris PeBenito
937b2c4d91 nscd patch from dan. 2009-09-09 09:35:37 -04:00
Chris PeBenito
c61b35048a cron patch from dan. 2009-09-09 09:28:04 -04:00
Chris PeBenito
81bca10b28 nslcd policy from dan. 2009-09-08 10:31:19 -04:00
Chris PeBenito
f2f296ba60 openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories. 2009-09-02 09:24:10 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Chris PeBenito
6774578327 module version number bump for nscd patch. 2009-08-31 09:44:38 -04:00
Manoj Srivastava
2a79debe9b nscd cache location changed from /var/db/nscd to /var/cache/nscd
The nscd policy module uses the old nscd cache location. The cache location
changed with glibc 2.7-1, and the current nscd does place the files in
/var/cache/nscd/.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
2009-08-31 09:43:52 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Chris PeBenito
bd75703c7d reorganize tun patch changes. 2009-08-31 08:49:57 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
Chris PeBenito
dbb7dd9484 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Chris PeBenito
0484277038 reorganize dbus.fc. 2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1 Gentoo dbus in libexec 2009-08-18 13:13:40 -04:00
LABBE Corentin
58cc9903dd Missing comma in policykit 2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr.
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
2009-08-18 09:49:31 -04:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain.
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
2009-08-12 14:15:39 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types.
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
50458c8bb7 pull most of fedora changes to rpc. 2009-07-29 14:55:30 -04:00
Chris PeBenito
0c89174f7f pull most of fedora changes to samba. 2009-07-29 14:40:34 -04:00
Chris PeBenito
363e8fb98a pull in part of fedora mta changes 2009-07-29 10:59:09 -04:00
Chris PeBenito
20c3ccee1a add fprintd module from dan. 2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea add devicekit module from dan. 2009-07-29 10:02:06 -04:00
Chris PeBenito
4e7c0a93a6 consolekit patch from dan. 2009-07-29 09:13:54 -04:00
Chris PeBenito
33322290f2 automount patch from dan. 2009-07-29 08:59:26 -04:00
Chris PeBenito
8f3bddfbfd cups patch from dan. 2009-07-28 15:46:26 -04:00
Chris PeBenito
4be3e11094 pull in apache_admin() from fedora 2009-07-28 13:24:08 -04:00
Chris PeBenito
423a4a3a2c fix dbus type transition conflict.
switch dbus ranged calls from daemon domain to system domain.  This works
around a type transition conflict.  It is also why the non-ranged
init_system_domain() is used instead of init_daemon_domain().
2009-07-28 11:05:19 -04:00
Chris PeBenito
c7ae9ae1c8 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-07-28 08:00:03 -04:00
Chris PeBenito
ebf3ec9063 snort patch from dan. 2009-07-27 16:04:10 -04:00
Chris PeBenito
708a74a212 oddjob patch from dan. 2009-07-27 10:52:20 -04:00
Chris PeBenito
fa50187c5e kerneloops patch from dan 2009-07-27 10:44:19 -04:00
Chris PeBenito
9de7c1706d hal patch from dan. 2009-07-27 10:18:50 -04:00
Chris PeBenito
fe1205a810 avahi patch from dan 2009-07-27 09:57:20 -04:00
Chris PeBenito
e04438840b dbus patch from dan 2009-07-27 09:46:35 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
13306f56b6 afs client patch from dan. 2009-07-21 10:11:03 -04:00
Chris PeBenito
b93a7dacca bluetooth patch from dan. 2009-07-21 10:10:47 -04:00
Chris PeBenito
ad0aea536b clamav patch from dan. 2009-07-21 10:10:31 -04:00
Chris PeBenito
92f08c7130 mailman patch from dan. 2009-07-21 10:10:17 -04:00
Chris PeBenito
1847443ea3 ricci patch from dan. 2009-07-21 10:10:00 -04:00
Chris PeBenito
d8822462c4 fix policykit interface 2009-07-21 10:09:14 -04:00
Chris PeBenito
7395f80119 ppp patch from dan 2009-07-20 15:41:19 -04:00
Chris PeBenito
4aa075262a kerberos patch from dan 2009-07-20 15:41:08 -04:00
Chris PeBenito
8f17f7c2ee dnsmasq patch from dan. 2009-07-20 15:40:57 -04:00
Chris PeBenito
93d300831d dhcp patch from dan 2009-07-20 15:40:41 -04:00
Chris PeBenito
af5374d3a5 policykit.if whitespace fix 2009-07-20 11:37:22 -04:00
Chris PeBenito
9e90ce33db add policykit from dan. 2009-07-20 11:15:09 -04:00
Chris PeBenito
b67201eae7 fix bad varnishd interface names 2009-07-20 09:44:25 -04:00
Chris PeBenito
7694abdff7 module version bump for f2583aa83b 2009-07-15 09:30:08 -04:00
Manoj Srivastava
f2583aa83b Remove duplicate distro_redhat context
A recent update added an generic context for the lock files, so the
entry in distro_redhat can be removed.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-07-15 09:27:36 -04:00
Chris PeBenito
ce6fee6575 5 patches from dan 2009-07-14 10:30:22 -04:00
Chris PeBenito
10b03f376b three debian patches from manoj 2009-07-14 09:05:59 -04:00
Chris PeBenito
bb88161284 trunk: 3 patches from dan. 2009-06-30 19:27:21 +00:00
Chris PeBenito
45b975db5b trunk: add missing varnish port. 2009-06-30 17:48:15 +00:00
Chris PeBenito
50824a99ca trunk: pads from dan. 2009-06-30 15:03:20 +00:00
Chris PeBenito
46e2fa6d39 trunk: prelude patch from dan. 2009-06-30 14:44:50 +00:00
Chris PeBenito
267d9c60c5 trunk: varnishd from dan. 2009-06-30 13:49:53 +00:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
20272c2b27 trunk: 7 patches from dan. 2009-06-26 13:22:39 +00:00
Chris PeBenito
c989807d4a trunk: nis patch from dan. 2009-06-25 15:16:29 +00:00
Chris PeBenito
c017ee17ab trunk: add sssd from dan. 2009-06-22 15:33:21 +00:00
Chris PeBenito
26410ddf54 trunk: remove unnecessary semicolons after interface/template calls. 2009-06-19 13:52:33 +00:00
Chris PeBenito
c9c0d846de trunk: Greylist milter from Paul Howarth. 2009-06-18 14:36:35 +00:00
Chris PeBenito
45515556d4 trunk: 10 patches from dan. 2009-06-12 19:44:10 +00:00
Chris PeBenito
a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito
cca4a215fe trunk: add gpsd from miroslav grepl 2009-06-02 14:28:40 +00:00
Chris PeBenito
996779dfad trunk:
The attached patch allows unprivileged clients to export from or import
to the largeobject owned by themselves.

The current security policy does not allow them to import/export any
largeobjects without any clear reason.

NOTE: Export of the largeobject means that it dumps whole of the
largeobject into a local file, so SE-PostgreSQL checks both of
db_blob:{read export} on the largeobject and file:{write} on the
local file. Import is a reversal behavior.

KaiGai Kohei
2009-05-22 13:37:32 +00:00
Chris PeBenito
e0ea7b15ca trunk:
The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl.

The current policy allows users/unprivs to run ALTER TABLE statement
unconditionally, because db_table/db_column:{setattr} is allowed outside
of the boolean. It should be moved to conditional section.

In addition, they are also allowed to db_procedure:{create drop setattr}
for xxxx_sepgsql_proc_exec_t, but it means we allows them to create, drop
or alter definition of the functions unconditionally. So, it also should
be moved to conditional section.

The postgresql.te allows sepgsql_client_type to modify sepgsql_table_t
and sepgsql_sysobj_t when sepgsql_enable_users_ddl is enabled, but
it should not be allowed.

KaiGai Kohei
2009-05-21 11:49:33 +00:00
Chris PeBenito
a01a4a7183 trunk:
OK, the attached patch adds the following types for unprivileged clients.
 - unpriv_sepgsql_table_t
 - unpriv_sepgsql_sysobj_t
 - unpriv_sepgsql_proc_exec_t
 - unpriv_sepgsql_blob_t

These types are the default for unprivileged and unprefixed domains,
such as httpd_t and others.

In addition, TYPE_TRANSITION rules are moved to outside of tunable
of the sepgsql_enable_users_ddl. IIRC, it was enclosed within the
tunable because UBAC domains (user_t and so on) were allowed to
create sepgsql_table_t, and its default was pointed to this type
when sepgsql_enable_users_ddl is disabled.
However, it has different meanings now, so the TYPE_TRANSITION rules
should be unconditional.

KaiGai Kohei
2009-05-21 11:28:14 +00:00
Chris PeBenito
80348b73a0 trunk: 4 patches from dan. 2009-05-14 14:41:50 +00:00
Chris PeBenito
a47eb527e5 trunk: whitespace fix for squid.fc. 2009-05-11 12:07:07 +00:00
Chris PeBenito
350ed89156 se-postgresql update from kaigai
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
    db_database:{getattr}
    db_table:{getattr lock}
    db_column:{getattr}
    db_procedure:{drop getattr setattr}
    db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
  impossible to refer read-only table with foreign-key constraint.
  (FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
  on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
  It should allow them on sepgsql_trusted_proc_exec_t.
  I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
  such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
  sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
  procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
  but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
Chris PeBenito
da3ed0667f trunk: lircd from miroslav grepl 2009-05-06 15:09:46 +00:00
Chris PeBenito
c0f5fa011a trunk: whitespace fixes. 2009-05-06 14:44:57 +00:00
Chris PeBenito
3392356f36 trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
Chris PeBenito
0cf1d56018 trunk: Milter state directory patch from Paul Howarth. 2009-04-21 20:40:45 +00:00
Chris PeBenito
a5ef553c2d trunk: 5 modules from dan. 2009-04-20 19:03:15 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
8f800d48df trunk: 14 patches from dan. 2009-03-23 14:56:43 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
e21bd28bc8 trunk: add mysql db lnk_file transition. 2009-03-11 11:59:04 +00:00
Chris PeBenito
da04234f32 trunk: 5 patches from dan. 2009-03-10 19:32:04 +00:00
Chris PeBenito
156204a385 trunk: Drop write permission from fs_read_rpc_sockets(). 2009-02-24 20:00:15 +00:00
Chris PeBenito
f79314234a trunk: 6 patches from dan. 2009-02-11 19:28:30 +00:00
Chris PeBenito
466e22a8ba trunk: Add db_procedure install permission from KaiGai Kohei. 2009-01-23 19:49:36 +00:00