Chris PeBenito
93c49bdb04
deprecate userdom_xwindows_client_template
...
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role(). Deprecate
the former and put the rules into the latter.
For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
Chris PeBenito
fef5dcf3af
Remove excessive permissions in logging_send_syslog_msg(). Ticket #14 .
2009-08-26 10:05:36 -04:00
Chris PeBenito
e27827b86c
split dev_create_cardmgr_dev() into a create and a filetrans interface.
2009-08-25 09:56:56 -04:00
Chris PeBenito
b2648249d9
Fix unconfined_r use of unconfined_java_t.
...
The unconfined role is running java in the unconfined_java_t. The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r. Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
97e42114db
remove redundant xen_append_log() call in hostname.
2009-08-11 14:19:38 -04:00
Chris PeBenito
e51390dfcb
fix refpolicy ticket #48 .
2009-08-10 11:14:03 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625
fix ordering in sysnetwork.
2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc
fix ordering in raid.
2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646
fix ordering in pcmcia.
2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2
fix ordering in mount.
2009-08-05 10:16:41 -04:00
Chris PeBenito
54327d48ee
fix ordering in modutils.
2009-08-05 10:15:45 -04:00
Chris PeBenito
568efbe895
fix ordering of interface calls in lvm.
2009-08-05 10:07:35 -04:00
Chris PeBenito
8cd1306e5b
fix ordering of interface calls in locallogin.
2009-08-05 10:06:04 -04:00
Chris PeBenito
e6985f91ab
fix ordering of interface calls in iptables.
2009-08-05 10:04:13 -04:00
Chris PeBenito
464ffa57fd
fix ordering of interface calls in init.
2009-08-05 10:01:06 -04:00
Chris PeBenito
14d282253f
fix ordering of interface calls in hostname.
2009-08-05 09:57:14 -04:00
Chris PeBenito
5b5300c823
fix ordering of interface calls in getty.
2009-08-05 09:55:58 -04:00
Chris PeBenito
79ca728b5f
fix ordering of interface calls in fstools.
2009-08-05 09:54:52 -04:00
Chris PeBenito
08638af216
fix ordering of interface calls in clock.
2009-08-05 09:52:34 -04:00
Chris PeBenito
2acba7bbdb
fix ordering of interface calls in authlogin.
2009-08-05 09:51:47 -04:00
Chris PeBenito
4c92f08f75
openrc unfortunately mounts a tmpfs at /lib/rc
2009-07-30 08:57:15 -04:00
Chris PeBenito
cfdbf366cb
gentoo init script system uses tmpfs for state data
2009-07-30 08:33:43 -04:00
Chris PeBenito
efa0acccea
gentoo init script system sends audit messages.
2009-07-29 21:50:32 -04:00
Chris PeBenito
33322290f2
automount patch from dan.
2009-07-29 08:59:26 -04:00
Chris PeBenito
4083191c4b
add missing userdom interfaces
2009-07-28 09:35:46 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
Chris PeBenito
26410ddf54
trunk: remove unnecessary semicolons after interface/template calls.
2009-06-19 13:52:33 +00:00
Chris PeBenito
df28a0c444
trunk: Misc fixes for unix_update from Brandon Whalen.
2009-06-18 13:36:40 +00:00
Chris PeBenito
30425aa876
trunk: 1 patch from dan.
2009-06-12 15:30:15 +00:00
Chris PeBenito
22894e33c4
trunk: add libjackserver.so textrel fc.
2009-06-01 13:04:40 +00:00
Chris PeBenito
c0f5fa011a
trunk: whitespace fixes.
2009-05-06 14:44:57 +00:00
Chris PeBenito
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
Chris PeBenito
153fe24bdc
trunk: 5 patches from dan.
2009-04-07 14:09:43 +00:00
Chris PeBenito
09125ae411
trunk: module version bump for previous commit.
2009-04-03 14:15:53 +00:00
Chris PeBenito
d6605bc48b
trunk: 3 patches from dan.
2009-04-03 14:14:43 +00:00
Chris PeBenito
244b45d225
trunk: 3 patches from dan.
2009-03-20 13:58:15 +00:00
Chris PeBenito
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
Chris PeBenito
81fa19ed73
trunk: remove unused udev_runtime_t type.
2009-02-24 19:31:08 +00:00
Chris PeBenito
c1e501136b
trunk: add context contains to setrans.
2009-02-09 13:58:22 +00:00
Chris PeBenito
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
3196971ae8
trunk: Fix consistency of audioentropy and iscsi module naming.
2008-12-09 16:47:33 +00:00
Chris PeBenito
ff8f0a63f4
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13
trunk: whitespace fix changing multiple spaces into tabs.
2008-12-03 18:33:19 +00:00
Chris PeBenito
b3eb124654
trunk: Debian file context fix for xen from Russell Coker.
2008-11-24 15:34:54 +00:00
Chris PeBenito
7a4c282536
trunk: fix logging admin interfaces.
2008-11-14 13:53:21 +00:00
Chris PeBenito
73c77e2c9b
trunk: 2 fixes from martin orr.
2008-11-13 18:44:23 +00:00
Chris PeBenito
27337d8c21
trunk: patch from Mike Edenfield to add udevadm fc entry.
2008-11-11 15:03:06 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
932c3536f8
trunk: additional open fixes.
2008-11-04 14:37:05 +00:00
Chris PeBenito
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
Chris PeBenito
2a98379a24
trunk: additional whitespace fixes.
2008-10-17 15:52:39 +00:00
Chris PeBenito
88cf0a9c2b
trunk: whitespace fix; collapse multiple blank lines into one.
2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
aa7c463e5d
trunk: a pile of misc fixes.
2008-10-13 13:36:50 +00:00
Chris PeBenito
06099da657
trunk: 3 patches from dan.
2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
Chris PeBenito
88c02e0538
trunk: init script for setrans.
2008-09-18 18:20:31 +00:00
Chris PeBenito
64c5b9975b
trunk: add interface to transition to initrc_t on labeled init scripts.
2008-09-18 13:47:43 +00:00
Chris PeBenito
cfafe4a7a8
trunk: logging update from dan.
2008-09-18 13:20:57 +00:00
Chris PeBenito
36095d11ce
trunk: kudzu and mta patches from dan.
2008-09-12 14:18:20 +00:00
Chris PeBenito
8786916e8d
trunk: ntp and setrans update from dan.
2008-09-11 14:54:40 +00:00
Chris PeBenito
96851b1d63
trunk: fix bad require.
2008-09-03 15:37:24 +00:00
Chris PeBenito
e40fa634b2
trunk: Logrotate and Bind updates from Vaclav Ovsik.
2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635
trunk: first part of init script labeling support.
2008-08-29 19:00:02 +00:00
Chris PeBenito
e4171e8048
trunk: fix unconfined mail sending out by postfix and qmail.
2008-08-29 12:50:31 +00:00
Chris PeBenito
c11057f7ae
trunk: fedora update cherry picked by david hardeman.
2008-08-22 15:17:01 +00:00
Chris PeBenito
770c015f88
trunk: 2 patches from dan.
2008-08-14 15:10:41 +00:00
Chris PeBenito
3e59876583
trunk: 6 patches from the fedora policy, cherry picked by david hardeman.
2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac
trunk: two small patches from dan.
2008-08-14 13:08:53 +00:00
Chris PeBenito
9acf481bd0
trunk: fix from fedora policy, cherry picked from David Hardeman.
2008-08-12 19:52:29 +00:00
Chris PeBenito
9c4500b2f4
trunk: Glibc 2.7 fix from Vaclav Ovsik.
2008-08-12 19:33:18 +00:00
Chris PeBenito
e0ed765c0e
trunk: 3 patches from the fedora policy, cherry picked by David Hardeman.
2008-08-11 14:03:36 +00:00
Chris PeBenito
8a948caf2b
trunk: 11 more cherry picks from fedora policy, by david hardeman.
2008-08-07 14:17:50 +00:00
Chris PeBenito
3338f231d5
trunk: Policy size optimization with a non-security file attribute from James Carter.
2008-07-31 14:05:46 +00:00
Chris PeBenito
556556cdd0
trunk: 3 more cherry picked Fedora fixes from David Hrdeman.
2008-07-25 12:11:14 +00:00
Chris PeBenito
dc1920b218
trunk: Database labeled networking update from KaiGai Kohei.
2008-07-25 04:07:09 +00:00
Chris PeBenito
2b592aa495
trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus
2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086
trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage.
2008-07-15 15:33:51 +00:00
Chris PeBenito
cfcf5004e5
trunk: bump versions for release.
2008-07-02 14:07:57 +00:00
Chris PeBenito
f7eaeebbae
trunk: more xml doc fixes.
2008-06-24 14:43:47 +00:00
Chris PeBenito
c5cfd2d405
trunk: Add unused interface/template parameter metadata in XML.
2008-06-24 14:23:40 +00:00
Chris PeBenito
b1a903654f
trunk: add missing requires.
2008-06-24 12:53:30 +00:00
Chris PeBenito
fe5618edf5
trunk: add /usr/lib32 symlink labeling for debian.
2008-06-13 13:55:22 +00:00
Chris PeBenito
e8cb08aefa
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
Chris PeBenito
d87efeec73
trunk: fixes for gentoo targeted systems.
2008-05-27 12:07:03 +00:00
Chris PeBenito
7d8fbdc062
trunk: fix bad cifs interface.
2008-05-23 14:41:36 +00:00
Chris PeBenito
b34db7a8ec
trunk: another pile of misc fixes.
2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0
trunk: a pile of misc fixes, mainly sync xml docs with interface implementation.
2008-05-15 13:10:34 +00:00
Chris PeBenito
e9c6cda7da
trunk: Move user roles into individual modules.
2008-04-29 13:58:34 +00:00
Chris PeBenito
2083db2e40
trunk: Cryptsetup runs shell scripts. Patch from Martin Orr.
2008-04-18 15:32:03 +00:00
Chris PeBenito
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
Chris PeBenito
e828954c63
trunk: 4 patches from dan.
2008-03-27 15:20:16 +00:00
Chris PeBenito
2ed4f5aedf
trunk: small fixes for gentoo system.
2008-03-20 14:55:17 +00:00
Chris PeBenito
91d6c92160
trunk: a pair of tweaks from gentoo systems.
2008-03-14 14:55:34 +00:00
Chris PeBenito
47333d8246
trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.
2008-03-10 19:29:47 +00:00
Chris PeBenito
e065ac8ab5
trunk: Apt updates for ptys and logs, from Martin Orr.
2008-03-04 19:48:58 +00:00
Chris PeBenito
834401ff97
trunk: dovecot fix from Stefan Schulze Frielinghaus.
2008-02-25 19:31:03 +00:00
Chris PeBenito
90c3c561ef
trunk: fc fix and if addtion from Stefan Schulze Frielinghaus.
2008-02-25 14:20:56 +00:00
Chris PeBenito
9fa023ff58
trunk: Pam and samba updates from Stefan Schulze Frielinghaus.
2008-02-19 19:33:48 +00:00
Chris PeBenito
ee6608baeb
trunk: 8 patches from dan.
2008-02-18 18:44:40 +00:00
Chris PeBenito
6e7a1fc871
trunk: fix userdom_role_change_template() xml.
2008-02-13 20:26:18 +00:00
Chris PeBenito
12cf805e1c
trunk: add basic ubuntu support
2008-02-05 18:24:43 +00:00
Chris PeBenito
9323a50bcc
trunk: add run_init domtrans to chk passwd.
2008-01-03 19:46:40 +00:00
Chris PeBenito
7cbfeb97cf
trunk: uncomment set loginuid for functional login programs under strict.
2008-01-03 18:30:45 +00:00
Chris PeBenito
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
Chris PeBenito
1abafe3707
trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581
trunk: several fc updates from dan.
2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae
trunk: add openoffice locations in gentoo.
2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e
trunk: Improve several tunables descriptions from Dan Walsh.
2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea
trunk: another round of nsswitch from dan.
2007-12-06 16:04:14 +00:00
Chris PeBenito
c0cf6e0a6e
trunk: clean up nsswitch usage, from dan.
2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215
trunk: add /dev symlink relabel since its not short circuited.
2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29
trunk: version bump for newrole fixes.
2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5
trunk: test fix 2 for newrole.
2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e
trunk: test fix for newrole.
2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5
trunk: handle early boot on debian, for /dev labeling.
2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da
trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik.
2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5
trunk: version bumps for previous commit.
2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb
trunk: More complete labeled networking infrastructure from KaiGai Kohei.
2007-11-26 16:44:57 +00:00
Chris PeBenito
ccf6611bdd
trunk: add unconfined_run_to().
2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1
trunk: switch newrole and run_init over to use nsswitch.
2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa
trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config().
2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d
trunk: reorganize selinuxutil.
2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c
trunk: 9 patches from dan.
2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762
trunk: 8 patches from dan.
2007-11-15 16:54:18 +00:00
Chris PeBenito
9820351703
trunk: add in polmatch for default spd.
2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6
trunk: add labeled networking support to unconfined.
2007-11-14 14:38:45 +00:00
Chris PeBenito
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
Chris PeBenito
eaed904cd5
trunk: 3 patches from dan.
2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e
trunk: fix init_ranged_system_domain range_transition object class, from james carter.
2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
Chris PeBenito
bd973e3e68
trunk: remove unused types from dbus.
2007-10-26 18:04:38 +00:00
Chris PeBenito
cdf98fedc0
trunk: 10 patches from dan.
2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
Chris PeBenito
6c53a10e28
trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust.
2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
aef93a760f
trunk: one-liner from Shintaro Fujiwara
2007-09-26 14:28:20 +00:00
Chris PeBenito
6f49b490b8
trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara.
2007-09-17 18:04:35 +00:00
Chris PeBenito
14add30d03
trunk: 3 patches from dan.
2007-09-12 14:53:39 +00:00