Commit Graph

1447 Commits

Author SHA1 Message Date
Chris PeBenito
5fb5bf2686 Additional docs for logging_log_filetrans(). 2010-03-01 10:38:24 -05:00
Chris PeBenito
42eb0f10a9 Improve the documentation of corenetwork interfaces
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
14e543cb1c Improve the documentation of unconfined_domain(). 2010-02-26 13:47:17 -05:00
Chris PeBenito
45185c0783 Improve the documentation of logging_log_file() and logging_log_filetrans(). 2010-02-26 09:34:41 -05:00
Chris PeBenito
3a744d1275 Improve documentation of corecmd_exec_bin() and corecmd_exec_shell(). 2010-02-26 08:58:32 -05:00
Chris PeBenito
13f000d2ef Improve the documentation of:
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()
2010-02-25 16:00:58 -05:00
Chris PeBenito
d6887176c1 Improve sysnet_read_config() documentation. 2010-02-25 13:54:34 -05:00
Chris PeBenito
81a0fb4024 Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage. 2010-02-25 13:53:52 -05:00
Chris PeBenito
7a0c0b4088 Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks(). 2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4 Add additional documentation to files_type(). 2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e Rearrange files interfaces. 2010-02-25 08:32:22 -05:00
Chris PeBenito
6e48775f75 Improve documentation on logging_send_syslog_msg(). 2010-02-24 15:56:05 -05:00
Chris PeBenito
fca4a96bae Improve documentation on files_read_etc_files(). 2010-02-24 15:20:03 -05:00
Chris PeBenito
611bc9311d Improve documentation on miscfiles_read_localization(). 2010-02-24 14:56:07 -05:00
Chris PeBenito
d124921979 Module version bump for cd17345. 2010-02-24 10:13:12 -05:00
Dominick Grift
cd17345324 Various abrt fixes.
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:11:51 -05:00
Chris PeBenito
2040268b01 Module version bump for 534e57b. 2010-02-24 10:08:41 -05:00
Dominick Grift
534e57b770 Various afs fixes.
Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:07:28 -05:00
Dominick Grift
6306637c89 mysqlmanagerd_var_run_t is not a domain type.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:00:05 -05:00
Chris PeBenito
1021460884 Minor tweaks and module version bump for 68cda59. 2010-02-23 13:58:18 -05:00
Chris Richards
68cda59844 Add MySQL Manager to MySQL policy module
Second submission to fix mistakes from first.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
1049180cd8 Automount patch from Dan Walsh. 2010-02-19 13:50:01 -05:00
Chris PeBenito
fa03ecc046 Shorewall patch from Dan Walsh. 2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378 Vbetool patch from Dan Walsh. 2010-02-19 11:34:28 -05:00
Chris PeBenito
4fd0889171 Java patch from Dan Walsh. 2010-02-19 11:21:38 -05:00
Chris PeBenito
1e0f483a18 Mono patch from Dan Walsh. 2010-02-19 10:42:43 -05:00
Chris PeBenito
a777957b49 Rename qemu_unconfined_t to unconfined_qemu_t. 2010-02-19 10:27:09 -05:00
Chris PeBenito
8a1c9c505f Rearrage qemu.if. 2010-02-19 10:16:28 -05:00
Chris PeBenito
72295e93e1 Qemu patch from Dan Walsh. 2010-02-19 10:15:19 -05:00
Chris PeBenito
29b580ce8f Add sectoolm by Miroslav Grepl. 2010-02-19 09:39:06 -05:00
Chris PeBenito
4796d07ee0 Wine patch from Dan Walsh. 2010-02-19 09:17:51 -05:00
Chris PeBenito
6a9da24987 Useradd home dir creation fix from Gentoo. 2010-02-17 20:34:23 -05:00
Chris PeBenito
2f84a77d22 Syslog fixes from Gentoo. 2010-02-17 20:33:53 -05:00
Chris PeBenito
8b8501991e Clean up leaked portage file descriptors. 2010-02-17 20:33:31 -05:00
Chris PeBenito
d08a3df046 Ssh key creation fix from Gentoo. 2010-02-17 20:32:08 -05:00
Chris PeBenito
2c05132062 Utmp fix from Gentoo. 2010-02-17 20:31:46 -05:00
Chris PeBenito
72c8a37c2b Setfiles fix from Gentoo. 2010-02-17 20:30:42 -05:00
Chris PeBenito
679a63d09f Mount usbfs fix from Gentoo. 2010-02-17 20:30:13 -05:00
Chris PeBenito
aadcb968f9 Move netlink route sockets from nsswitch to DNS name resolve. 2010-02-17 20:28:59 -05:00
Chris PeBenito
15d80e3646 Misc portage fixes. 2010-02-17 20:25:39 -05:00
Chris PeBenito
05bd2f9837 Portage fixes for installing SELinux-aware programs. 2010-02-17 20:23:41 -05:00
Chris PeBenito
c06a4452e2 Xguest patch from Dan Walsh. 2010-02-17 09:23:17 -05:00
Chris PeBenito
6f30d7e770 Pulseaudio patch from Dan Walsh. 2010-02-16 15:13:08 -05:00
Chris PeBenito
a513794b4c Chronyd from Miroslav Grepl. 2010-02-16 14:53:59 -05:00
Chris PeBenito
3fb2b72c65 Ccs patch from Dan Walsh. 2010-02-16 11:28:08 -05:00
Chris PeBenito
0ab2c1eae9 Clear xserver TODO. 2010-02-12 10:29:41 -05:00
Chris PeBenito
6246e7d30a Non-drawing X client support for consolekit. 2010-02-12 10:29:00 -05:00
Chris PeBenito
1322a1af4d Remove redundant conditional user_ping terminal rules. 2010-02-11 14:35:38 -05:00
Chris PeBenito
c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito
ed03a5b916 Sudo patch from Dan Walsh. 2010-02-11 09:15:45 -05:00
Chris PeBenito
ca5dc2f1cb Consoletype patch from Dan Walsh. 2010-02-11 08:56:53 -05:00
Chris PeBenito
21673b238a Hal patch from Dan Walsh. 2010-02-11 08:42:00 -05:00
Chris PeBenito
3079cbceb1 Virt/svirt patch from Dan Walsh. 2010-02-09 10:28:17 -05:00
Chris PeBenito
aa9e3b4b65 Ktalk patch from Dan Walsh. 2010-02-09 10:28:00 -05:00
Chris PeBenito
16412e2ff9 Merge branch 'master' of git+ssh://cpebenito@oss.tresys.com/home/git/refpolicy 2010-02-08 14:47:06 -05:00
Chris PeBenito
27eab81f2f Misc fixes for 1031ee6. 2010-02-08 13:38:48 -05:00
Chris PeBenito
7d2f96783c Module version number bump for 1031ee6. 2010-02-08 13:37:42 -05:00
Dominick Grift
1031ee6f6a Implement cobblerd policy.
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.

Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.

As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.

Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
Chris PeBenito
2d743657f4 Userdomain patch from Stefan Schulze Frielinghaus. 2010-02-08 11:43:44 -05:00
Chris PeBenito
e526fca176 Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl. 2010-02-08 11:29:12 -05:00
Chris PeBenito
4ebfec7303 Add pyicqt from Stefan Schulze Frielinghaus. 2010-02-08 10:58:16 -05:00
Chris PeBenito
22a2874dbf Add dbadm, from KaiGai Kohei. 2010-02-08 10:34:08 -05:00
Chris PeBenito
edc2f7dea4 Fix home_ssh_t usage. 2010-01-25 08:34:28 -05:00
Chris PeBenito
82b5d290cc PPP patch from Dan Walsh. 2010-01-15 15:46:07 -05:00
Chris PeBenito
cde15072d0 SSH patch from Dan Walsh. 2010-01-15 15:28:27 -05:00
Chris PeBenito
fee5bb73bc Uucp patch from Dan Walsh. 2010-01-08 10:37:47 -05:00
Chris PeBenito
c155e042d8 Sendmail patch from Dan Walsh. 2010-01-08 10:37:37 -05:00
Chris PeBenito
3624ef76d2 Mailman patch from Dan Walsh. 2010-01-08 10:37:23 -05:00
Chris PeBenito
8a8b24a4ba Lircd patch from Dan Walsh. 2010-01-08 10:37:13 -05:00
Chris PeBenito
07ba15168b Courier patch from Dan Walsh. 2010-01-08 10:37:01 -05:00
Chris PeBenito
d2acef78f4 Inetd patch from Dan Walsh. 2010-01-08 10:36:49 -05:00
Chris PeBenito
c292cb96ad Avahi patch from Dan Walsh. 2010-01-08 10:35:47 -05:00
Chris PeBenito
00808a9b13 Fprintd patch from Dan Walsh. 2010-01-07 11:51:17 -05:00
Chris PeBenito
ef6ea56c4b Fetchmail patch from Dan Walsh. 2010-01-07 11:51:05 -05:00
Chris PeBenito
84a45c9617 Exim patch from Dan Walsh. 2010-01-07 11:50:55 -05:00
Chris PeBenito
4dd84bbf0e Dovecot patch from Dan Walsh. 2010-01-07 11:50:47 -05:00
Chris PeBenito
14c7865f1f Ddclient patch from Dan Walsh. 2010-01-07 11:50:35 -05:00
Chris PeBenito
dcabb11eb5 DCC patch from Dan Walsh. 2010-01-07 11:50:20 -05:00
Chris PeBenito
30958fb7e7 Cyrus patch from Dan Walsh. 2010-01-07 11:49:55 -05:00
Chris PeBenito
192fb874f5 Clamav patch from Dan Walsh. 2010-01-07 11:49:44 -05:00
Chris PeBenito
c5155ac008 Bluetooth patch from Dan Walsh. 2010-01-07 11:49:32 -05:00
Chris PeBenito
96831fe421 Move rules from mta mailserver delivery from interface to .te to use the attribute. 2010-01-07 09:56:21 -05:00
Chris PeBenito
9c40673ff5 MTA patch from Dan Walsh. 2010-01-07 09:48:35 -05:00
Chris PeBenito
2650ca57ec Tftp patch from Dan Walsh. 2010-01-07 09:01:10 -05:00
Chris PeBenito
f3890b25db Sssd patch from Dan Walsh. 2010-01-07 09:00:59 -05:00
Chris PeBenito
207c4d1e6e Snmp patch from Dan Walsh. 2010-01-07 09:00:48 -05:00
Chris PeBenito
82cdffce58 ntp patch from Dan Walsh. 2010-01-07 09:00:39 -05:00
Chris PeBenito
f37b7bd0cb gpsd patch from Dan Walsh. 2010-01-07 08:59:38 -05:00
Chris PeBenito
b11dcd43b6 Tuned patch from Dan Walsh. 2009-12-18 10:45:56 -05:00
Chris PeBenito
ff785b93df Rpcbind patch from Dan Walsh. 2009-12-18 10:45:39 -05:00
Chris PeBenito
733f494802 Radvd patch from Dan Walsh. 2009-12-18 10:45:29 -05:00
Chris PeBenito
b36ae9786f Privoxy patch from Dan Walsh. 2009-12-18 10:45:22 -05:00
Chris PeBenito
1232a50c5f Prelude patch from Dan Walsh. 2009-12-18 10:45:09 -05:00
Chris PeBenito
6df09cfef7 PCSCD patch from Dan Walsh. 2009-12-18 10:44:59 -05:00
Chris PeBenito
2d59a828b6 Nslcd patch from Dan Walsh. 2009-12-18 10:44:49 -05:00
Chris PeBenito
80f0587459 Mysql patch from Dan Walsh. 2009-12-18 10:44:35 -05:00
Chris PeBenito
d3c612ffd8 Modemmanager patch from Dan Walsh. 2009-12-18 10:44:26 -05:00
Chris PeBenito
0000b795ea Milter patch from Dan Walsh. 2009-12-18 10:42:08 -05:00
Chris PeBenito
a32226612a Memcached patch from Dan Walsh. 2009-12-18 10:41:56 -05:00
Chris PeBenito
6aa333b47e Kerneloops patch from Dan Walsh. 2009-12-18 10:41:41 -05:00
Chris PeBenito
e1b8b54739 Kerberos patch from Dan Walsh. 2009-12-18 10:40:53 -05:00
Chris PeBenito
7d05af77c3 Irqbalance patch from Dan Walsh. 2009-12-18 10:39:36 -05:00
Chris PeBenito
d7b98c8902 GPM patch from Dan Walsh. 2009-12-18 10:39:23 -05:00
Chris PeBenito
ce8a71a960 Fail2ban patch from Dan Walsh. 2009-12-18 10:39:10 -05:00
Chris PeBenito
bd21cb1e09 Certmaster patch from Dan Walsh. 2009-12-18 10:38:57 -05:00
Chris PeBenito
a7d606860b Bitlbee patch from Dan Walsh. 2009-12-18 10:38:30 -05:00
Chris PeBenito
5894c3e4fb Amavis patch from Dan Walsh. 2009-12-18 10:38:17 -05:00
Chris PeBenito
32f27a7489 asterisk patch from Dan Walsh. 2009-12-18 10:37:52 -05:00
Chris PeBenito
7e81399d84 apm patch from Dan Walsh. 2009-12-18 10:35:31 -05:00
Chris PeBenito
41c139dc77 afs patch from Dan Walsh. 2009-12-18 10:35:03 -05:00
Chris PeBenito
b84d6ec491 smartmon patch from Dan Walsh. 2009-12-18 10:33:50 -05:00
Chris PeBenito
7fc72a02d9 Changelog and version bump for X object manager changes. 2009-12-03 10:40:42 -05:00
Chris PeBenito
e331a05c77 Merge branch 'master' into xselinux 2009-12-03 10:13:41 -05:00
Chris PeBenito
46b03739ac Seunshare patch from Dan Walsh. 2009-12-01 10:31:28 -05:00
Chris PeBenito
d7776f58c2 Screen patch from Dan Walsh. 2009-12-01 10:31:17 -05:00
Chris PeBenito
6394ea6143 Podsleuth patch from Dan Walsh. 2009-12-01 10:30:50 -05:00
Chris PeBenito
b77daab0ed Mozilla patch from Dan Walsh. 2009-12-01 10:30:30 -05:00
Chris PeBenito
36ded4bd36 GPG patch from Dan Walsh. 2009-12-01 10:30:07 -05:00
Chris PeBenito
962d6fb9b0 Calamaris patch from Dan Walsh. 2009-12-01 10:29:51 -05:00
Chris PeBenito
7491a9ed62 Iptables and modutils patches from Dan Walsh. 2009-12-01 09:23:11 -05:00
Chris PeBenito
d913e793ae Kismet and tzdata patches from Dan Walsh. 2009-11-25 15:12:52 -05:00
Chris PeBenito
0cad9a734e RAID patch from Dan Walsh. 2009-11-25 11:17:19 -05:00
Chris PeBenito
77c71b54e5 Fstools and Xen patches from Dan Walsh. 2009-11-25 10:27:31 -05:00
Chris PeBenito
e21162e471 Kdump reads the kernel core. 2009-11-25 10:04:40 -05:00
Chris PeBenito
837163cfe7 UDEV patch from Dan Walsh. 2009-11-25 09:44:14 -05:00
Chris PeBenito
832c1be4ca IPSEC patch from Dan Walsh. 2009-11-24 14:09:10 -05:00
Chris PeBenito
5ed061769e Application patch from Dan Walsh. 2009-11-24 11:48:39 -05:00
Chris PeBenito
dccbb80cb0 Whitespace cleanup. 2009-11-24 11:11:38 -05:00
Chris PeBenito
0f982dada2 ISCSI patch from Dan Walsh. 2009-11-24 11:08:22 -05:00
Chris PeBenito
0a119a0142 Setrans patch from Dan Walsh. 2009-11-24 09:41:03 -05:00
Chris PeBenito
bd34ef71df LVM patch from Dan Walsh. 2009-11-24 09:19:45 -05:00
Chris PeBenito
9dfdd48fec Miscfiles patch from Dan Walsh. 2009-11-24 09:04:48 -05:00
Chris PeBenito
910b1d8ecb Files patch from Dan Walsh. 2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020 Corecommands patch from Dan Walsh. 2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00 Filesystem patch from Dan Walsh. 2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557 Add terminal patch from Dan Walsh. 2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42 Add devices patch from Dan Walsh. 2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0 Add kernel patch from Dan Walsh 2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785 Add storage patch, from Dan Walsh. 2009-11-19 09:03:36 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf adding puppet configuration management system
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
f272825b2d one further rearrangement of tgtd. 2009-11-03 09:41:24 -05:00
Chris PeBenito
222d5b5987 clean up 0bca409 and add changelog entry. 2009-11-03 09:25:37 -05:00
Matthew Ife
0bca409d74 RESET tgtd daemon.
This one makes an effort to check for syntax and that it actually compiles.

Signed-off-by: Matthew Ife <deleriux@airattack-central.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-03 09:11:43 -05:00
Chris PeBenito
9448ca6e07 restore removed aliases. 2009-11-02 08:48:58 -05:00
Eamon Walsh
5025a463cf Drop the xserver_unprotected interface.
The motivation for this was xdm_t objects not getting cleaned up,
so the user session tried to interact with them.  But since the
default user type is unconfined this problem has gone away for now.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-30 08:55:58 -04:00
Eamon Walsh
5242ecceac X Object Manager policy revisions to xserver.if.
X Object Manager policy revisions to xserver.if.

This commit consists of two parts:

1. Revisions to xserver_object_types_template and
   xserver_common_x_domain_template.  This reflects the dropping
   of many of the specific event, extension, and property types.

2. New interfaces:
   xserver_manage_core_devices: Gives control over core mouse/keyboard.
   xserver_unprotected: Allows all clients to access a domain's X objects.
   Modified interfaces:
   xserver_unconfined: Added x_domain typeattribute statement.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:26 -04:00
Eamon Walsh
f267f85390 X Object Manager policy revisions to xserver.te.
X Object Manager policy revisions to xserver.te.

This commit consists of three main parts:

1. Code movement.  There were X object manager-related statements
   scattered somewhat throughout the file; these have been consolidated,
   which resulted in some other statements moving (e.g. iceauth_t).

2. Type changes.  Many of the specific event, extension, and property
   types have been dropped for the time being.  The rootwindow_t and
   remote_xclient_t types have been renamed, and a root_xcolormap_t
   type has been (re-)added.  This is for naming consistency.
   An "xserver_unprotected" alias has been added for use in labeling
   clients whose resources should be globally accessible (e.g. xdm_t).

3. Policy changes.  These are mostly related to devices, which now have
   separate x_keyboard and x_pointer classes.  The "Hacks" section
   has been cleaned up, and various other classes have had the default
   permissions tweaked.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:22 -04:00
Chris PeBenito
b04669aaea add tuned from miroslav grepl. 2009-10-26 09:42:11 -04:00
Chris PeBenito
a1a45de06e reorganize a92ee50 2009-10-22 10:35:45 -04:00
Dominick Grift
a92ee50126 Implement screen-locking feature.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-22 10:33:05 -04:00
Chris PeBenito
808341bb9b revise MCS constraints to use only MCS-specific attributes. 2009-10-07 11:48:14 -04:00
Chris PeBenito
4be8dd10b9 add seunshare from dan. 2009-09-28 15:40:06 -04:00
Chris PeBenito
5a6b1fe2b4 add dkim from stefan schulze frielinghaus. 2009-09-17 09:12:33 -04:00
Chris PeBenito
21b1d1096f add gnomeclock from dan. 2009-09-16 08:38:58 -04:00
Chris PeBenito
ed70158a39 add rtkit from dan. 2009-09-15 09:53:24 -04:00
Chris PeBenito
1d3b9e384c clean up xscreensaver. 2009-09-15 09:41:42 -04:00
corentin.labbe
31f9c109c1 SELinux xscreensaver policy support
Hello

This a patch for adding xscreensaver policy.

I think it need a specific policy because of the auth_domtrans_chk_passwd.

cordially

Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
2009-09-15 08:46:28 -04:00
Chris PeBenito
c141d835f1 add modemmanager from dan. 2009-09-14 09:48:13 -04:00
Chris PeBenito
e3a90e358a add abrt from dan. 2009-09-14 09:22:24 -04:00
Chris PeBenito
6af53d08ed rearrange readahead rules. 2009-09-09 09:53:28 -04:00
Chris PeBenito
c1e5b195f7 readahead patch from dan. 2009-09-09 09:45:34 -04:00
Chris PeBenito
937b2c4d91 nscd patch from dan. 2009-09-09 09:35:37 -04:00
Chris PeBenito
c61b35048a cron patch from dan. 2009-09-09 09:28:04 -04:00
Chris PeBenito
163ddfaa80 prelink patch from dan. 2009-09-09 08:18:51 -04:00
Chris PeBenito
81bca10b28 nslcd policy from dan. 2009-09-08 10:31:19 -04:00
Chris PeBenito
f67bc918d4 term_write_all_terms() patch from Stefan Schulze Frielinghaus 2009-09-08 10:06:38 -04:00
Chris PeBenito
dbed95369c add gitosis from miroslav grepl. 2009-09-03 09:52:08 -04:00
Chris PeBenito
634a13c21f cpufreqselector patch from dan. 2009-09-03 09:15:17 -04:00
Chris PeBenito
f6137171f3 add an additional vmware host program. 2009-09-03 08:56:58 -04:00
Chris PeBenito
6fdef06522 screen patch from dan. 2009-09-03 08:49:26 -04:00
Chris PeBenito
72b834ccb0 remove stale screen_dir_t references
The screen_dir_t was made an alias of the screen_var_run_t type.
Remove the remaining references to this type.
2009-09-03 08:39:42 -04:00
Chris PeBenito
ca7fa520e7 gpg patch from dan.
gpg sends sigstop and signull

Reads usb devices

Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
2009-09-03 08:23:18 -04:00
Chris PeBenito
f2f296ba60 openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories. 2009-09-02 09:24:10 -04:00
Chris PeBenito
93be4ba581 Webalizer does not list inotify, this was caused by leaked file descriptors in either dbus or cron. Both of which have been cleaned up. 2009-09-02 09:10:30 -04:00
Chris PeBenito
625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito
71965a1fc5 add kdump from dan. 2009-09-02 08:33:25 -04:00
Chris PeBenito
a4b6385b9d cdrecord patch from dan. 2009-09-01 09:22:40 -04:00
Chris PeBenito
1a79193449 awstats patch from dan. 2009-09-01 08:59:24 -04:00
Chris PeBenito
b2324fa76d certwatch patch from dan. 2009-09-01 08:50:39 -04:00
Chris PeBenito
b515ab0182 mrtg patch from dan. 2009-09-01 08:44:20 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Chris PeBenito
aac56b12b7 add ptchown policy from dan. 2009-08-31 10:21:01 -04:00
Chris PeBenito
a3dd1499ef pulseaudio patch from dan. 2009-08-31 10:07:57 -04:00
Chris PeBenito
6774578327 module version number bump for nscd patch. 2009-08-31 09:44:38 -04:00
Manoj Srivastava
2a79debe9b nscd cache location changed from /var/db/nscd to /var/cache/nscd
The nscd policy module uses the old nscd cache location. The cache location
changed with glibc 2.7-1, and the current nscd does place the files in
/var/cache/nscd/.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
2009-08-31 09:43:52 -04:00
Chris PeBenito
a9e9678fc7 kismet patch from dan. 2009-08-31 09:38:47 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Chris PeBenito
0be901ba40 rename admin_tun_type to admindomain. 2009-08-31 09:03:51 -04:00
Chris PeBenito
bd75703c7d reorganize tun patch changes. 2009-08-31 08:49:57 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
Chris PeBenito
fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
dbb7dd9484 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Chris PeBenito
0484277038 reorganize dbus.fc. 2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1 Gentoo dbus in libexec 2009-08-18 13:13:40 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
LABBE Corentin
58cc9903dd Missing comma in policykit 2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr.
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
2009-08-18 09:49:31 -04:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t.
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain.
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
2009-08-12 14:15:39 -04:00
Chris PeBenito
97e42114db remove redundant xen_append_log() call in hostname. 2009-08-11 14:19:38 -04:00
Chris PeBenito
e51390dfcb fix refpolicy ticket #48. 2009-08-10 11:14:03 -04:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types.
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625 fix ordering in sysnetwork. 2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc fix ordering in raid. 2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646 fix ordering in pcmcia. 2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2 fix ordering in mount. 2009-08-05 10:16:41 -04:00
Chris PeBenito
54327d48ee fix ordering in modutils. 2009-08-05 10:15:45 -04:00
Chris PeBenito
568efbe895 fix ordering of interface calls in lvm. 2009-08-05 10:07:35 -04:00
Chris PeBenito
8cd1306e5b fix ordering of interface calls in locallogin. 2009-08-05 10:06:04 -04:00
Chris PeBenito
e6985f91ab fix ordering of interface calls in iptables. 2009-08-05 10:04:13 -04:00
Chris PeBenito
464ffa57fd fix ordering of interface calls in init. 2009-08-05 10:01:06 -04:00
Chris PeBenito
14d282253f fix ordering of interface calls in hostname. 2009-08-05 09:57:14 -04:00
Chris PeBenito
5b5300c823 fix ordering of interface calls in getty. 2009-08-05 09:55:58 -04:00
Chris PeBenito
79ca728b5f fix ordering of interface calls in fstools. 2009-08-05 09:54:52 -04:00
Chris PeBenito
08638af216 fix ordering of interface calls in clock. 2009-08-05 09:52:34 -04:00
Chris PeBenito
2acba7bbdb fix ordering of interface calls in authlogin. 2009-08-05 09:51:47 -04:00
Chris PeBenito
9c47227c7a fix ordering of interface calls in sudo. 2009-08-05 09:48:46 -04:00
Chris PeBenito
78a9c2815d add bin_t labeling for gentoo dhcpcd-run-hooks location 2009-07-30 09:34:00 -04:00
Chris PeBenito
4c92f08f75 openrc unfortunately mounts a tmpfs at /lib/rc 2009-07-30 08:57:15 -04:00
Chris PeBenito
cfdbf366cb gentoo init script system uses tmpfs for state data 2009-07-30 08:33:43 -04:00
Chris PeBenito
efa0acccea gentoo init script system sends audit messages. 2009-07-29 21:50:32 -04:00
Chris PeBenito
3162277ade alsa file location update for debian, from Manoj. 2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0 whitespace fixes in apt. 2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d clean up 6a192f70d4 2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4 Update apt/aptitude policy to add support for lock/log files
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
2009-07-29 15:00:39 -04:00
Chris PeBenito
50458c8bb7 pull most of fedora changes to rpc. 2009-07-29 14:55:30 -04:00
Chris PeBenito
0c89174f7f pull most of fedora changes to samba. 2009-07-29 14:40:34 -04:00
Chris PeBenito
105e85ac8e /dev/fuse should be s0 not mls_high
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device.  Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs.  It will also make it unusable I
believe on an MLS machine.  Mostly I have seen fusefs used for remote
access to data.  sshfs for example.
2009-07-29 11:08:50 -04:00
Chris PeBenito
363e8fb98a pull in part of fedora mta changes 2009-07-29 10:59:09 -04:00
Chris PeBenito
20c3ccee1a add fprintd module from dan. 2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea add devicekit module from dan. 2009-07-29 10:02:06 -04:00
Chris PeBenito
4e7c0a93a6 consolekit patch from dan. 2009-07-29 09:13:54 -04:00
Chris PeBenito
33322290f2 automount patch from dan. 2009-07-29 08:59:26 -04:00
Chris PeBenito
8f3bddfbfd cups patch from dan. 2009-07-28 15:46:26 -04:00
Chris PeBenito
4be3e11094 pull in apache_admin() from fedora 2009-07-28 13:24:08 -04:00
Chris PeBenito
91550027de vmware patch from dan. 2009-07-28 11:37:34 -04:00
Chris PeBenito
423a4a3a2c fix dbus type transition conflict.
switch dbus ranged calls from daemon domain to system domain.  This works
around a type transition conflict.  It is also why the non-ranged
init_system_domain() is used instead of init_daemon_domain().
2009-07-28 11:05:19 -04:00
Chris PeBenito
41ea887598 sudo patch from dan. 2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814 readahead patch from dan. 2009-07-28 10:08:02 -04:00
Chris PeBenito
4083191c4b add missing userdom interfaces 2009-07-28 09:35:46 -04:00
Chris PeBenito
c7ae9ae1c8 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-07-28 08:00:03 -04:00
Chris PeBenito
ebf3ec9063 snort patch from dan. 2009-07-27 16:04:10 -04:00
Chris PeBenito
5f6c30f8bd wm policy from dan 2009-07-27 15:11:22 -04:00
Chris PeBenito
708a74a212 oddjob patch from dan. 2009-07-27 10:52:20 -04:00
Chris PeBenito
fa50187c5e kerneloops patch from dan 2009-07-27 10:44:19 -04:00
Chris PeBenito
9de7c1706d hal patch from dan. 2009-07-27 10:18:50 -04:00
Chris PeBenito
fe1205a810 avahi patch from dan 2009-07-27 09:57:20 -04:00
Chris PeBenito
e04438840b dbus patch from dan 2009-07-27 09:46:35 -04:00
Chris PeBenito
5be35f2acd tmpreaper patch from dan. 2009-07-27 09:11:38 -04:00
Chris PeBenito
06625d302c mozilla patch from dan. 2009-07-27 09:11:12 -04:00
Chris PeBenito
f4962ab15b add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
5bb5ec1d40 podsleuth patch from dan. 2009-07-21 10:11:16 -04:00
Chris PeBenito
13306f56b6 afs client patch from dan. 2009-07-21 10:11:03 -04:00
Chris PeBenito
b93a7dacca bluetooth patch from dan. 2009-07-21 10:10:47 -04:00
Chris PeBenito
ad0aea536b clamav patch from dan. 2009-07-21 10:10:31 -04:00
Chris PeBenito
92f08c7130 mailman patch from dan. 2009-07-21 10:10:17 -04:00
Chris PeBenito
1847443ea3 ricci patch from dan. 2009-07-21 10:10:00 -04:00
Chris PeBenito
d8822462c4 fix policykit interface 2009-07-21 10:09:14 -04:00
Chris PeBenito
e4f73afb8e gpg patch from dan 2009-07-21 10:07:38 -04:00
Chris PeBenito
5271dd30bc module version bump for 9b1907b217 2009-07-21 10:07:10 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
7395f80119 ppp patch from dan 2009-07-20 15:41:19 -04:00
Chris PeBenito
4aa075262a kerberos patch from dan 2009-07-20 15:41:08 -04:00
Chris PeBenito
8f17f7c2ee dnsmasq patch from dan. 2009-07-20 15:40:57 -04:00
Chris PeBenito
93d300831d dhcp patch from dan 2009-07-20 15:40:41 -04:00
Chris PeBenito
af5374d3a5 policykit.if whitespace fix 2009-07-20 11:37:22 -04:00
Chris PeBenito
adea587572 4 patches from dan. 2009-07-20 11:34:46 -04:00
Chris PeBenito
edb7b90d89 add kismet and pulseaudio ports. fix sorting of ports. 2009-07-20 11:17:31 -04:00
Chris PeBenito
9e90ce33db add policykit from dan. 2009-07-20 11:15:09 -04:00
Chris PeBenito
b67201eae7 fix bad varnishd interface names 2009-07-20 09:44:25 -04:00
Chris PeBenito
7694abdff7 module version bump for f2583aa83b 2009-07-15 09:30:08 -04:00
Manoj Srivastava
f2583aa83b Remove duplicate distro_redhat context
A recent update added an generic context for the lock files, so the
entry in distro_redhat can be removed.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-07-15 09:27:36 -04:00
Chris PeBenito
ce6fee6575 5 patches from dan 2009-07-14 10:30:22 -04:00
Chris PeBenito
10b03f376b three debian patches from manoj 2009-07-14 09:05:59 -04:00
Chris PeBenito
84d88df579 trunk: fix typo in guest role decl. 2009-07-08 15:23:29 +00:00
Chris PeBenito
bb88161284 trunk: 3 patches from dan. 2009-06-30 19:27:21 +00:00
Chris PeBenito
45b975db5b trunk: add missing varnish port. 2009-06-30 17:48:15 +00:00
Chris PeBenito
50824a99ca trunk: pads from dan. 2009-06-30 15:03:20 +00:00
Chris PeBenito
46e2fa6d39 trunk: prelude patch from dan. 2009-06-30 14:44:50 +00:00
Chris PeBenito
267d9c60c5 trunk: varnishd from dan. 2009-06-30 13:49:53 +00:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
20272c2b27 trunk: 7 patches from dan. 2009-06-26 13:22:39 +00:00
Chris PeBenito
c989807d4a trunk: nis patch from dan. 2009-06-25 15:16:29 +00:00
Chris PeBenito
c017ee17ab trunk: add sssd from dan. 2009-06-22 15:33:21 +00:00
Chris PeBenito
26410ddf54 trunk: remove unnecessary semicolons after interface/template calls. 2009-06-19 13:52:33 +00:00
Chris PeBenito
c9c0d846de trunk: Greylist milter from Paul Howarth. 2009-06-18 14:36:35 +00:00
Chris PeBenito
c7dc1c7222 trunk: Allow unix_update to change the security attributes associate with files so
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
Chris PeBenito
df28a0c444 trunk: Misc fixes for unix_update from Brandon Whalen. 2009-06-18 13:36:40 +00:00
Chris PeBenito
45515556d4 trunk: 10 patches from dan. 2009-06-12 19:44:10 +00:00
Chris PeBenito
30425aa876 trunk: 1 patch from dan. 2009-06-12 15:30:15 +00:00
Chris PeBenito
a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito
731008ad85 trunk: 2 patches from dan. 2009-06-08 17:18:26 +00:00
Chris PeBenito
16fd1fd814 trunk: MLS constraints for the x_selection class, from Eamon Walsh. 2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe trunk: add gpsd from miroslav grepl 2009-06-02 14:28:40 +00:00
Chris PeBenito
63f0a71c8a trunk: 9 patches from dan. 2009-06-01 16:03:42 +00:00
Chris PeBenito
22894e33c4 trunk: add libjackserver.so textrel fc. 2009-06-01 13:04:40 +00:00
Chris PeBenito
996779dfad trunk:
The attached patch allows unprivileged clients to export from or import
to the largeobject owned by themselves.

The current security policy does not allow them to import/export any
largeobjects without any clear reason.

NOTE: Export of the largeobject means that it dumps whole of the
largeobject into a local file, so SE-PostgreSQL checks both of
db_blob:{read export} on the largeobject and file:{write} on the
local file. Import is a reversal behavior.

KaiGai Kohei
2009-05-22 13:37:32 +00:00
Chris PeBenito
e0ea7b15ca trunk:
The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl.

The current policy allows users/unprivs to run ALTER TABLE statement
unconditionally, because db_table/db_column:{setattr} is allowed outside
of the boolean. It should be moved to conditional section.

In addition, they are also allowed to db_procedure:{create drop setattr}
for xxxx_sepgsql_proc_exec_t, but it means we allows them to create, drop
or alter definition of the functions unconditionally. So, it also should
be moved to conditional section.

The postgresql.te allows sepgsql_client_type to modify sepgsql_table_t
and sepgsql_sysobj_t when sepgsql_enable_users_ddl is enabled, but
it should not be allowed.

KaiGai Kohei
2009-05-21 11:49:33 +00:00
Chris PeBenito
a01a4a7183 trunk:
OK, the attached patch adds the following types for unprivileged clients.
 - unpriv_sepgsql_table_t
 - unpriv_sepgsql_sysobj_t
 - unpriv_sepgsql_proc_exec_t
 - unpriv_sepgsql_blob_t

These types are the default for unprivileged and unprefixed domains,
such as httpd_t and others.

In addition, TYPE_TRANSITION rules are moved to outside of tunable
of the sepgsql_enable_users_ddl. IIRC, it was enclosed within the
tunable because UBAC domains (user_t and so on) were allowed to
create sepgsql_table_t, and its default was pointed to this type
when sepgsql_enable_users_ddl is disabled.
However, it has different meanings now, so the TYPE_TRANSITION rules
should be unconditional.

KaiGai Kohei
2009-05-21 11:28:14 +00:00
Chris PeBenito
80348b73a0 trunk: 4 patches from dan. 2009-05-14 14:41:50 +00:00
Chris PeBenito
a47eb527e5 trunk: whitespace fix for squid.fc. 2009-05-11 12:07:07 +00:00
Chris PeBenito
350ed89156 se-postgresql update from kaigai
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
    db_database:{getattr}
    db_table:{getattr lock}
    db_column:{getattr}
    db_procedure:{drop getattr setattr}
    db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
  impossible to refer read-only table with foreign-key constraint.
  (FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
  on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
  It should allow them on sepgsql_trusted_proc_exec_t.
  I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
  such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
  sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
  procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
  but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
Chris PeBenito
da3ed0667f trunk: lircd from miroslav grepl 2009-05-06 15:09:46 +00:00
Chris PeBenito
c0f5fa011a trunk: whitespace fixes. 2009-05-06 14:44:57 +00:00
Chris PeBenito
3392356f36 trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
Chris PeBenito
0cf1d56018 trunk: Milter state directory patch from Paul Howarth. 2009-04-21 20:40:45 +00:00
Chris PeBenito
a5ef553c2d trunk: 5 modules from dan. 2009-04-20 19:03:15 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
09125ae411 trunk: module version bump for previous commit. 2009-04-03 14:15:53 +00:00
Chris PeBenito
d6605bc48b trunk: 3 patches from dan. 2009-04-03 14:14:43 +00:00
Chris PeBenito
42d567c3f4 trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
Chris PeBenito
8f800d48df trunk: 14 patches from dan. 2009-03-23 14:56:43 +00:00
Chris PeBenito
244b45d225 trunk: 3 patches from dan. 2009-03-20 13:58:15 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
79a5a8084d trunk: 2 patches from dan. 2009-03-11 14:19:50 +00:00
Chris PeBenito
c90440a7cd trunk: 4 patches from dan. 2009-03-11 13:32:23 +00:00
Chris PeBenito
e21bd28bc8 trunk: add mysql db lnk_file transition. 2009-03-11 11:59:04 +00:00
Chris PeBenito
da04234f32 trunk: 5 patches from dan. 2009-03-10 19:32:04 +00:00
Chris PeBenito
11c944faf1 trunk: fix typo in devices file contexts. 2009-03-05 17:46:22 +00:00
Chris PeBenito
2c664e7fb8 trunk: storage patch from dan. 2009-03-05 15:49:41 +00:00
Chris PeBenito
7b76207e37 trunk: devices patch from dan. 2009-03-05 15:36:41 +00:00
Chris PeBenito
be5aaebfd6 trunk: corecommands patch from dan. 2009-03-05 14:43:03 +00:00
Chris PeBenito
c45fdad85b trunk: filesystem patch from dan. 2009-03-04 15:53:07 +00:00
Chris PeBenito
e1a70f1dde trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls.  Based on
the following post to the SELinux Reference Policy mailing list:

 * http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385 trunk: Drop write permission from fs_read_rpc_sockets(). 2009-02-24 20:00:15 +00:00
Chris PeBenito
81fa19ed73 trunk: remove unused udev_runtime_t type. 2009-02-24 19:31:08 +00:00
Chris PeBenito
f3fcadfe04 trunk: Patch for RadSec port from Glen Turner. 2009-02-23 13:41:28 +00:00
Chris PeBenito
f79314234a trunk: 6 patches from dan. 2009-02-11 19:28:30 +00:00
Chris PeBenito
c1e501136b trunk: add context contains to setrans. 2009-02-09 13:58:22 +00:00
Chris PeBenito
7722c29e88 trunk: Enable network_peer_controls policy capability from Paul Moore. 2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09 trunk: btrfs from Paul Moore. 2009-01-30 13:44:14 +00:00
Chris PeBenito
466e22a8ba trunk: Add db_procedure install permission from KaiGai Kohei. 2009-01-23 19:49:36 +00:00
Chris PeBenito
019dfaf9dc trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project. 2009-01-15 20:31:06 +00:00
Chris PeBenito
64daa85393 trunk: add sysadm_entry_spec_domtrans_to() interface from clip. 2009-01-15 15:07:37 +00:00
Chris PeBenito
9e7a338509 trunk: su fixes from clip. 2009-01-13 19:44:23 +00:00
Chris PeBenito
f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
59d599642e trunk: fix certwatch version number. 2009-01-06 19:33:24 +00:00
Chris PeBenito
17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito
3196971ae8 trunk: Fix consistency of audioentropy and iscsi module naming. 2008-12-09 16:47:33 +00:00
Chris PeBenito
9ff89c44e7 trunk: 2 patches from dan. 2008-12-04 15:01:12 +00:00
Chris PeBenito
ff8f0a63f4 trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito
a057e0462e trunk: fix missing xml parameter. 2008-12-03 15:51:53 +00:00
Chris PeBenito
fb4826f424 trunk: 3 patches from dan. 2008-12-03 15:21:33 +00:00
Chris PeBenito
14c0edc7e9 trunk: 2 patches from dan. 2008-12-02 22:40:49 +00:00
Chris PeBenito
b3eb124654 trunk: Debian file context fix for xen from Russell Coker. 2008-11-24 15:34:54 +00:00
Chris PeBenito
b9e5238a24 trunk: add milter module from Paul Howarth. 2008-11-24 15:06:58 +00:00
Chris PeBenito
b3b607eb43 trunk: a fix on the previous commit. 2008-11-19 16:02:13 +00:00
Chris PeBenito
fcee22ad0d trunk: 5 patches from dan. 2008-11-19 15:24:10 +00:00
Chris PeBenito
01e9e7dbf5 trunk: 4 patches from dan. 2008-11-18 19:55:10 +00:00
Chris PeBenito
659c8650c7 trunk 2 patches from dan. 2008-11-17 15:48:12 +00:00
Chris PeBenito
7f49194215 trunk: Xserver MLS fix from Eamon Walsh. 2008-11-17 13:49:19 +00:00
Chris PeBenito
7a4c282536 trunk: fix logging admin interfaces. 2008-11-14 13:53:21 +00:00
Chris PeBenito
73c77e2c9b trunk: 2 fixes from martin orr. 2008-11-13 18:44:23 +00:00
Chris PeBenito
99282e6be0 trunk: add omapi port for dhcpcd. 2008-11-12 13:11:00 +00:00
Chris PeBenito
5843d066b6 trunk: 10 patches from dan. 2008-11-11 16:38:34 +00:00
Chris PeBenito
27337d8c21 trunk: patch from Mike Edenfield to add udevadm fc entry. 2008-11-11 15:03:06 +00:00
Chris PeBenito
657c226c40 trunk: 7 patches from dan. 2008-11-06 22:36:50 +00:00
Chris PeBenito
ba796982df trunk: tweaks from russell and martin orr. 2008-11-06 15:01:15 +00:00
Chris PeBenito
0003940ff2 trunk: add missing ubac module. 2008-11-05 16:11:27 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
932c3536f8 trunk: additional open fixes. 2008-11-04 14:37:05 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
6e68e6bb5e trunk: Move shared library calls from individual modules to the domain module. 2008-10-17 17:36:56 +00:00
Chris PeBenito
2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito
2a98379a24 trunk: additional whitespace fixes. 2008-10-17 15:52:39 +00:00
Chris PeBenito
88cf0a9c2b trunk: whitespace fix; collapse multiple blank lines into one. 2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40 trunk: Remove hierarchy from portage module as it is not a good example of hieararchy. 2008-10-15 19:56:33 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
74993c4dae trunk: 8 patches from dan. 2008-10-13 15:06:23 +00:00
Chris PeBenito
aa7c463e5d trunk: a pile of misc fixes. 2008-10-13 13:36:50 +00:00
Chris PeBenito
06099da657 trunk: 3 patches from dan. 2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035 trunk: missing bits from dan's previous round of patches. 2008-10-09 14:01:53 +00:00
Chris PeBenito
967fd1ba3f trunk: 8 patches from dan. 2008-10-08 20:03:24 +00:00
Chris PeBenito
e87221cefe trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00
Chris PeBenito
ed8ae5ebeb trunk: fix typo 2008-10-06 18:33:44 +00:00
Chris PeBenito
12c61f36f4 trunk: 7 patches from dan, 1 from eamon. 2008-10-06 17:27:49 +00:00
Chris PeBenito
73edbc9101 trunk: add oident from dominick grift. 2008-10-06 14:01:59 +00:00
Chris PeBenito
6d8af27cad trunk: fix dupe fc. 2008-10-03 13:17:56 +00:00
Chris PeBenito
4bdf192962 trunk: firstboot update from dan. 2008-10-02 17:32:03 +00:00
Chris PeBenito
bf9f3480e5 trunk: readahead fix from dan. 2008-09-23 13:07:28 +00:00
Chris PeBenito
3daef6999a trunk: cvs update from dan. 2008-09-23 12:56:00 +00:00
Chris PeBenito
88c02e0538 trunk: init script for setrans. 2008-09-18 18:20:31 +00:00
Chris PeBenito
658f4d3dd9 trunk: rpcbind update from dan. 2008-09-18 18:09:34 +00:00
Chris PeBenito
fd49feff49 trunk: last bit of wpa_supplicant update from martin orr. 2008-09-18 15:06:29 +00:00
Chris PeBenito
c9824ec5ce trunk: remove incomplete sshd_extern. 2008-09-18 14:06:30 +00:00
Chris PeBenito
64c5b9975b trunk: add interface to transition to initrc_t on labeled init scripts. 2008-09-18 13:47:43 +00:00
Chris PeBenito
cfafe4a7a8 trunk: logging update from dan. 2008-09-18 13:20:57 +00:00
Chris PeBenito
f5394cc3cb trunk: bind update from dan. 2008-09-15 17:02:57 +00:00
Chris PeBenito
48f6456344 trunk: rename labeled init scripts with initrc convention. 2008-09-15 14:20:20 +00:00
Chris PeBenito
a46b60549a trunk: squid update from dan. 2008-09-15 13:31:28 +00:00
Chris PeBenito
21ea2b1884 trunk: firstboot update from dan. 2008-09-12 15:54:11 +00:00
Chris PeBenito
36095d11ce trunk: kudzu and mta patches from dan. 2008-09-12 14:18:20 +00:00
Chris PeBenito
bc85e826ec trunk: promote networkmanager debian fc entries out of build options. 2008-09-12 12:14:52 +00:00
Chris PeBenito
8786916e8d trunk: ntp and setrans update from dan. 2008-09-11 14:54:40 +00:00
Chris PeBenito
52ceaaac6e trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr. 2008-09-11 14:02:53 +00:00
Chris PeBenito
ae3386373a trunk: networkmanager/ppp patch from dan. 2008-09-11 13:35:06 +00:00
Chris PeBenito
859135dcdd trunk: fix bad apcupsd interface name. 2008-09-09 15:56:26 +00:00
Chris PeBenito
54341818ac trunk: fix fail2ban init script regex. 2008-09-05 14:37:35 +00:00
Chris PeBenito
cdac989dee trunk: fail2ban update from dan. 2008-09-05 14:17:18 +00:00
Chris PeBenito
96851b1d63 trunk: fix bad require. 2008-09-03 15:37:24 +00:00
Chris PeBenito
a71e136cc3 trunk: add cyphesis from dan. 2008-09-03 14:46:10 +00:00
Chris PeBenito
e40fa634b2 trunk: Logrotate and Bind updates from Vaclav Ovsik. 2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635 trunk: first part of init script labeling support. 2008-08-29 19:00:02 +00:00
Chris PeBenito
9bcfb6dfa5 trunk: hplip uses dbus. 2008-08-29 14:25:09 +00:00
Chris PeBenito
24af9b1d34 trunk: inetd update from dan. 2008-08-29 13:21:53 +00:00
Chris PeBenito
e4171e8048 trunk: fix unconfined mail sending out by postfix and qmail. 2008-08-29 12:50:31 +00:00
Chris PeBenito
c11057f7ae trunk: fedora update cherry picked by david hardeman. 2008-08-22 15:17:01 +00:00
Chris PeBenito
32f8ff393b trunk: add w3c from dan. 2008-08-21 13:52:52 +00:00
Chris PeBenito
93f445b8c0 trunk: firstboot update from dan. 2008-08-20 19:45:39 +00:00
Chris PeBenito
770c015f88 trunk: 2 patches from dan. 2008-08-14 15:10:41 +00:00
Chris PeBenito
3e59876583 trunk: 6 patches from the fedora policy, cherry picked by david hardeman. 2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac trunk: two small patches from dan. 2008-08-14 13:08:53 +00:00
Chris PeBenito
9acf481bd0 trunk: fix from fedora policy, cherry picked from David Hardeman. 2008-08-12 19:52:29 +00:00
Chris PeBenito
9c4500b2f4 trunk: Glibc 2.7 fix from Vaclav Ovsik. 2008-08-12 19:33:18 +00:00
Chris PeBenito
cc1eee1202 trunk: add an empty m4 string so the index macro is not invoked, to prevent a warning. 2008-08-12 19:30:54 +00:00
Chris PeBenito
e0ed765c0e trunk: 3 patches from the fedora policy, cherry picked by David Hardeman. 2008-08-11 14:03:36 +00:00
Chris PeBenito
7aabe358f4 trunk: missed fixes on previous commit. 2008-08-07 14:45:37 +00:00
Chris PeBenito
8a948caf2b trunk: 11 more cherry picks from fedora policy, by david hardeman. 2008-08-07 14:17:50 +00:00
Chris PeBenito
b81bfc2651 trunk: Samba/winbind update from Mike Edenfield. 2008-08-05 12:54:11 +00:00
Chris PeBenito
3338f231d5 trunk: Policy size optimization with a non-security file attribute from James Carter. 2008-07-31 14:05:46 +00:00
Chris PeBenito
d13f876df7 trunk: another patch from the fedora policy, cherry picked by david hrdeman. 2008-07-28 15:10:32 +00:00
Chris PeBenito
556556cdd0 trunk: 3 more cherry picked Fedora fixes from David Hrdeman. 2008-07-25 12:11:14 +00:00
Chris PeBenito
dc1920b218 trunk: Database labeled networking update from KaiGai Kohei. 2008-07-25 04:07:09 +00:00
Chris PeBenito
6224fc1485 trunk: 7 patches from Fedora policy, cherry picked by david hrdeman. 2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8 trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
Chris PeBenito
2b592aa495 trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus 2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086 trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage. 2008-07-15 15:33:51 +00:00
Chris PeBenito
cfcf5004e5 trunk: bump versions for release. 2008-07-02 14:07:57 +00:00
Chris PeBenito
e311e23a44 trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide. 2008-07-01 13:57:53 +00:00
Chris PeBenito
5fe7de9ea9 trunk: apache script connections to postgres, from kaigai. 2008-06-25 13:03:59 +00:00
Chris PeBenito
f7eaeebbae trunk: more xml doc fixes. 2008-06-24 14:43:47 +00:00
Chris PeBenito
c5cfd2d405 trunk: Add unused interface/template parameter metadata in XML. 2008-06-24 14:23:40 +00:00
Chris PeBenito
8c6292b7a4 trunk: Patch to handle postfix data_directory from Vaclav Ovsik. 2008-06-24 13:21:35 +00:00
Chris PeBenito
7f4005e348 trunk: fix up stored procedure naming patch from kaigai. 2008-06-24 12:57:06 +00:00
Chris PeBenito
b1a903654f trunk: add missing requires. 2008-06-24 12:53:30 +00:00
Chris PeBenito
a713ad8b8a trunk: pull in most of dans vmware patch. 2008-06-18 15:35:49 +00:00
Chris PeBenito
c54eb87d43 trunk: two small updates from dan. 2008-06-18 13:15:25 +00:00
Chris PeBenito
131634a581 trunk: podsleuth and hal updates from dan. 2008-06-17 14:07:44 +00:00
Chris PeBenito
eb4216397c trunk: add qemu and virt from dan. 2008-06-16 18:59:07 +00:00
Chris PeBenito
fe5618edf5 trunk: add /usr/lib32 symlink labeling for debian. 2008-06-13 13:55:22 +00:00
Chris PeBenito
8e7d43c8ac trunk: additional patch from kaigai to fix up some type transitions for unpriv clients. 2008-06-13 13:33:36 +00:00
Chris PeBenito
e8cb08aefa trunk: add sepostgresql policy from kaigai kohei. 2008-06-10 15:33:18 +00:00
Chris PeBenito
67b6207a9e trunk: trivial kernel patch from dan. 2008-06-07 13:53:29 +00:00
Chris PeBenito
ef55a11980 trunk: Patch for X.org dbus support from Martin Orr. 2008-06-07 13:31:48 +00:00
Chris PeBenito
4b28c2ecc2 trunk: misc gentoo fc fixes. 2008-06-06 03:40:27 +00:00
Chris PeBenito
cdbd09f65e trunk: add prelude from dan. 2008-06-06 03:13:42 +00:00
Chris PeBenito
147af4d309 trunk: misc fixes. 2008-05-27 18:09:18 +00:00
Chris PeBenito
d87efeec73 trunk: fixes for gentoo targeted systems. 2008-05-27 12:07:03 +00:00
Chris PeBenito
b4921b5804 trunk: fs update from dan. 2008-05-26 21:07:22 +00:00
Chris PeBenito
308baad28c trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore. 2008-05-26 18:38:06 +00:00
Chris PeBenito
0ecd829ab4 trunk: add additional portage log locations. 2008-05-26 18:37:05 +00:00
Chris PeBenito
8926b25f39 trunk: tweak kerneloops. 2008-05-26 17:48:56 +00:00
Chris PeBenito
782c10e949 trunk: add kerneloops from dan. 2008-05-26 17:47:49 +00:00
Chris PeBenito
ff79b83c51 trunk: add kismet from dan. 2008-05-26 15:35:25 +00:00
Chris PeBenito
cbe82b179b trunk: start adding open perm to obvious places. 2008-05-23 18:22:57 +00:00
Chris PeBenito
7d8fbdc062 trunk: fix bad cifs interface. 2008-05-23 14:41:36 +00:00
Chris PeBenito
e6fdb59601 trunk: fix typo 2008-05-23 13:50:38 +00:00
Chris PeBenito
4416c416fa trunk: Module loading now requires setsched on kernel threads. 2008-05-22 18:39:03 +00:00
Chris PeBenito
b34db7a8ec trunk: another pile of misc fixes. 2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0 trunk: a pile of misc fixes, mainly sync xml docs with interface implementation. 2008-05-15 13:10:34 +00:00
Chris PeBenito
a42ce93a4d trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik. 2008-05-12 20:05:32 +00:00
Chris PeBenito
e9c6cda7da trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
Chris PeBenito
a0647afa0c trunk: add missing mplayer_etc_t require in role template. 2008-04-21 12:47:09 +00:00
Chris PeBenito
7e11b74087 trunk: make hald_log_t a log file. 2008-04-18 16:04:15 +00:00
Chris PeBenito
f12302af92 trunk: hal xml doc fix pointed out by Rob Myers. 2008-04-18 15:55:03 +00:00
Chris PeBenito
2083db2e40 trunk: Cryptsetup runs shell scripts. Patch from Martin Orr. 2008-04-18 15:32:03 +00:00
Chris PeBenito
8152a78836 trunk: 7 patches from dan. 2008-04-04 17:08:34 +00:00
Chris PeBenito
0a14f3ae09 trunk: bump module version numbers for release. 2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad trunk: add core xselinux support. 2008-04-01 20:23:23 +00:00
Chris PeBenito
e828954c63 trunk: 4 patches from dan. 2008-03-27 15:20:16 +00:00
Chris PeBenito
9377a3e59c trunk: fix winbind socket connection interface for default location of the sock_file. 2008-03-21 14:18:13 +00:00
Chris PeBenito
9e8c3aa651 trunk: add type transition to fix mysql socket creation. 2008-03-21 14:16:17 +00:00
Chris PeBenito
2ed4f5aedf trunk: small fixes for gentoo system. 2008-03-20 14:55:17 +00:00
Chris PeBenito
6e2123fc72 trunk: add wireshark. 2008-03-14 15:26:52 +00:00
Chris PeBenito
91d6c92160 trunk: a pair of tweaks from gentoo systems. 2008-03-14 14:55:34 +00:00
Chris PeBenito
47333d8246 trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too. 2008-03-10 19:29:47 +00:00
Chris PeBenito
e065ac8ab5 trunk: Apt updates for ptys and logs, from Martin Orr. 2008-03-04 19:48:58 +00:00
Chris PeBenito
01e8ff4ab3 trunk: rpc update from Vaclav Ovsik. 2008-03-04 19:14:08 +00:00
Chris PeBenito
737fcf232c trunk: dontaudit init fds in loadkeys. 2008-03-04 18:48:30 +00:00
Chris PeBenito
d57a094347 trunk: Exim updates on Debian from Devin Carrawy. 2008-03-04 18:25:13 +00:00
Chris PeBenito
834401ff97 trunk: dovecot fix from Stefan Schulze Frielinghaus. 2008-02-25 19:31:03 +00:00
Chris PeBenito
90c3c561ef trunk: fc fix and if addtion from Stefan Schulze Frielinghaus. 2008-02-25 14:20:56 +00:00
Chris PeBenito
9fa023ff58 trunk: Pam and samba updates from Stefan Schulze Frielinghaus. 2008-02-19 19:33:48 +00:00
Chris PeBenito
45b56b01e8 trunk: Backup update on Debian from Vaclav Ovsik. 2008-02-19 14:26:59 +00:00
Chris PeBenito
51223bfc56 trunk: Cracklib update on Deban from Vaclav Ovsik. 2008-02-19 14:06:11 +00:00
Chris PeBenito
ee6608baeb trunk: 8 patches from dan. 2008-02-18 18:44:40 +00:00
Chris PeBenito
f508567646 trunk: 4 patches from dan. 2008-02-18 14:55:25 +00:00
Chris PeBenito
037fc0f4e6 trunk: label /proc/kallsyms with system_map_t. 2008-02-15 19:59:10 +00:00
Chris PeBenito
4f017813ab trunk: fix pppd admin interface. 2008-02-14 16:03:24 +00:00
Chris PeBenito
6e7a1fc871 trunk: fix userdom_role_change_template() xml. 2008-02-13 20:26:18 +00:00
Chris PeBenito
7a5e2d8a37 trunk: 12 patches from dan. 2008-02-07 16:37:47 +00:00
Chris PeBenito
12cf805e1c trunk: add basic ubuntu support 2008-02-05 18:24:43 +00:00
Chris PeBenito
ce8a5299a8 trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00
Chris PeBenito
320ea98330 trunk: add 3rd party corenet interfaces for (secmark) packets. 2008-01-17 15:28:24 +00:00
Chris PeBenito
c8d4c38258 trunk: fix missing lo netif alias for standard and mcs configs. 2008-01-10 16:39:36 +00:00
Chris PeBenito
936f286c16 trunk: add mls constraints to dbus. 2008-01-03 20:37:25 +00:00
Chris PeBenito
9323a50bcc trunk: add run_init domtrans to chk passwd. 2008-01-03 19:46:40 +00:00
Chris PeBenito
7cbfeb97cf trunk: uncomment set loginuid for functional login programs under strict. 2008-01-03 18:30:45 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
1abafe3707 trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. 2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581 trunk: several fc updates from dan. 2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae trunk: add openoffice locations in gentoo. 2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e trunk: Improve several tunables descriptions from Dan Walsh. 2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito
74d920c3b5 trunk: add setrlimit to debian cron. 2007-12-06 14:35:44 +00:00
Chris PeBenito
5f63dd12a3 trunk: fix xconsole rw interface. 2007-12-04 15:11:53 +00:00
Chris PeBenito
c0cf6e0a6e trunk: clean up nsswitch usage, from dan. 2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215 trunk: add /dev symlink relabel since its not short circuited. 2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29 trunk: version bump for newrole fixes. 2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5 trunk: test fix 2 for newrole. 2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e trunk: test fix for newrole. 2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5 trunk: handle early boot on debian, for /dev labeling. 2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik. 2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5 trunk: version bumps for previous commit. 2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb trunk: More complete labeled networking infrastructure from KaiGai Kohei. 2007-11-26 16:44:57 +00:00
Chris PeBenito
8d1f9d9e14 trunk: add missing tcp_socket rules for xfs. 2007-11-19 20:36:33 +00:00
Chris PeBenito
6ab634a512 trunk: fix dup specification for /var/spool/cups/* 2007-11-16 20:03:18 +00:00
Chris PeBenito
ccf6611bdd trunk: add unconfined_run_to(). 2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1 trunk: switch newrole and run_init over to use nsswitch. 2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config(). 2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d trunk: reorganize selinuxutil. 2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c trunk: 9 patches from dan. 2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762 trunk: 8 patches from dan. 2007-11-15 16:54:18 +00:00
Chris PeBenito
2999cea1f2 trunk: remove duplicate specifiction for /usr/lib/devices on debian. 2007-11-14 20:12:44 +00:00
Chris PeBenito
9820351703 trunk: add in polmatch for default spd. 2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6 trunk: add labeled networking support to unconfined. 2007-11-14 14:38:45 +00:00
Chris PeBenito
a56055e362 trunk: rearrange the bottom of domain.if and fix domain_ipsec_labels(). 2007-11-14 13:40:25 +00:00
Chris PeBenito
847937da7d trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh. 2007-11-13 19:31:43 +00:00
Chris PeBenito
3b498a9105 trunk: add gentoo hal fc entry. 2007-11-12 14:17:39 +00:00
Chris PeBenito
4605adcba7 trunk: add postfixpolicyd from Jan-Frode Myklebust. 2007-11-07 20:17:44 +00:00
Chris PeBenito
eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e trunk: fix init_ranged_system_domain range_transition object class, from james carter. 2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito
495df41602 trunk: 11 patches from dan. 2007-10-29 18:35:32 +00:00
Chris PeBenito
bd973e3e68 trunk: remove unused types from dbus. 2007-10-26 18:04:38 +00:00
Chris PeBenito
8e2fb69f88 trunk: filesystem patch from dan. 2007-10-24 18:37:26 +00:00
Chris PeBenito
6bf8bf4f5c trunk: add exim from dan. 2007-10-24 15:07:40 +00:00
Chris PeBenito
3c99e5989a trunk: add /var/lib search for system bus template. 2007-10-22 15:53:31 +00:00
Chris PeBenito
2f27163c1b trunk: 3 patches from dan. 2007-10-18 19:31:14 +00:00
Chris PeBenito
a334d2918f trunk: add infrastructure for managing user web content. 2007-10-18 19:23:33 +00:00
Chris PeBenito
36627094e8 trunk: fix unconditional call to nscd from usermanage run interfaces. 2007-10-15 18:16:00 +00:00
Chris PeBenito
a27d1c6e84 trunk: gdm is in /usr/sbin on rawhide machines, from Eamon Walsh. 2007-10-15 17:50:07 +00:00
Chris PeBenito
f48782758e trunk: reorganize amanda and bind 2007-10-12 17:50:11 +00:00
Chris PeBenito
bc01b352f6 trunk: 2 patches from dan. 2007-10-12 17:35:56 +00:00
Chris PeBenito
cdf98fedc0 trunk: 10 patches from dan. 2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
81d4c88f8c trunk: remove stale user_net_control reference in usernetctl.if. 2007-10-08 13:38:25 +00:00
Chris PeBenito
6c53a10e28 trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. 2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito
aef93a760f trunk: one-liner from Shintaro Fujiwara 2007-09-26 14:28:20 +00:00
Chris PeBenito
4ddc7ba539 trunk: xml doc one-liner from Stefan Schulze Frielinghaus. 2007-09-24 13:01:17 +00:00
Chris PeBenito
ff4085dacc trunk: one-liner from Shintaro Fujiwara. 2007-09-18 19:49:35 +00:00
Chris PeBenito
6f49b490b8 trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara. 2007-09-17 18:04:35 +00:00
Chris PeBenito
0cf6df55e5 trunk: add awstats from Stefan Schulze Frielinghaus. 2007-09-17 17:25:40 +00:00
Chris PeBenito
8242f5a68d trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain(). 2007-09-17 14:33:40 +00:00
Chris PeBenito
14add30d03 trunk: 3 patches from dan. 2007-09-12 14:53:39 +00:00
Chris PeBenito
134a799c75 trunk: 3 patches from dan. 2007-09-11 19:24:32 +00:00
Chris PeBenito
8a9d6f6449 trunk: 6 patches from dan. 2007-09-07 13:41:20 +00:00
Chris PeBenito
abc89340c4 trunk: two tiny patches from Stefan Schulze Frielinghaus 2007-09-06 19:29:54 +00:00
Chris PeBenito
72f82c47c2 trunk: six patches from dan. 2007-09-06 18:34:40 +00:00
Chris PeBenito
8241b538af trunk: udev update and brctl module from dan. 2007-09-05 17:55:57 +00:00
Chris PeBenito
016e5c5cdc trunk: 4 patches from dan. 2007-09-05 14:48:21 +00:00
Chris PeBenito
0a0b8078ca trunk: 5 patches from dan. 2007-09-04 18:57:58 +00:00
Chris PeBenito
ce2c80f3c6 trunk: make coda nfs_t, ticket #39. 2007-09-04 13:38:39 +00:00
Chris PeBenito
4922765ec6 trunk: fix certwatch_run() interface, which had a typo in the name. 2007-08-30 15:01:48 +00:00
Chris PeBenito
6dd721a686 trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate. 2007-08-27 17:57:36 +00:00
Chris PeBenito
a2f444884b trunk: patch to allow sendmail to read ssl/tls certificates from Stefan Schulze Frielinghaus. 2007-08-27 17:00:18 +00:00
Chris PeBenito
752ddf588f trunk: add missing commas in can_exec in daemontools that worked by luck. 2007-08-24 15:55:06 +00:00
Chris PeBenito
d62c0881e2 Update MLS constraints from LSPP evaluated policy. 2007-08-24 14:14:29 +00:00
Chris PeBenito
2af7b42a06 trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels. 2007-08-22 20:21:52 +00:00
Chris PeBenito
8d2c34195e trunk: updates from dan on 9 modules 2007-08-22 20:02:41 +00:00
Chris PeBenito
80d5e02c81 trunk: Files and radvd updates from Stefan Schulze Frielinghaus. 2007-08-21 19:03:34 +00:00
Chris PeBenito
1779bef032 trunk: fix gdm xsession scripts on redhat machines. 2007-08-20 18:54:29 +00:00
Chris PeBenito
f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf trunk: several MLS enhancements. 2007-08-20 15:15:03 +00:00
Chris PeBenito
9760cbec2d trunk: Database userspace object manager classes from KaiGai Kohei. 2007-08-09 13:15:07 +00:00
Chris PeBenito
3d6e962dfa trunk: filesystem patch from dan 2007-08-08 20:04:28 +00:00
Chris PeBenito
939a4287b3 trunk: 3 patches from dan 2007-08-07 17:06:32 +00:00
Chris PeBenito
371d11ec04 trunk: add 3rd party interface for apache cgi. 2007-07-26 19:48:40 +00:00
Chris PeBenito
708aab1393 trunk: fix targeted sshd. When the domain was unaliased from unconfined_t, a transition to unconfined_t was not added. 2007-07-20 18:25:26 +00:00
Chris PeBenito
d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito
6929521e0a trunk: fix missed netlabel deprecation 2007-07-19 15:11:19 +00:00
Chris PeBenito
f80a0e4f25 trunk: Add debian apcupsd binary location, from Stefan Schulze Frielinghaus. 2007-07-02 15:25:46 +00:00
Chris PeBenito
116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito
113b4fc4a2 Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module. 2007-06-28 17:25:46 +00:00
Chris PeBenito
e5e55ace89 trunk, strict-targeted-merge: add mmap_zero to xserver domains. 2007-06-28 12:34:08 +00:00
Chris PeBenito
f5842c1fa5 trunk: minor amanda update from dan 2007-06-27 19:19:20 +00:00
Chris PeBenito
7b61fe506d trunk: add rpcbind from dan 2007-06-27 16:31:55 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
2c3ac47d45 trunk: pyzor and clamav updates from dan 2007-06-26 18:43:11 +00:00
Chris PeBenito
22bff65f4d trunk: fix typo in vmware.fc 2007-06-26 14:31:31 +00:00
Chris PeBenito
02f2c3e979 trunk: nagios update from dan 2007-06-21 17:23:19 +00:00
Chris PeBenito
a90a256f64 trunk: procmail tweak from dan. 2007-06-21 14:54:34 +00:00
Chris PeBenito
7f089782ae trunk: xen updates from dan 2007-06-21 13:36:05 +00:00
Chris PeBenito
92d1ade254 trunk: trivial gentoo tweaks 2007-06-20 20:08:26 +00:00
Chris PeBenito
5bf9deb5bb trunk: 3 patches from dan 2007-06-20 19:47:10 +00:00
Chris PeBenito
99b5a56cb6 trunk: radius one-liner from dan 2007-06-20 15:03:55 +00:00
Chris PeBenito
40df56772f trunk: big samba update from dan 2007-06-19 19:11:35 +00:00
Chris PeBenito
788d88c923 trunk: drop snmpd_etc_t. 2007-06-19 17:39:35 +00:00
Chris PeBenito
6c8aba7b31 trunk: confine sendmail and logrotate on targeted 2007-06-19 17:01:39 +00:00
Chris PeBenito
cb10a2d5bf trunk: Tunable connection to postgresql for users from KaiGai Kohei. 2007-06-19 14:30:06 +00:00
Chris PeBenito
41337aa8b9 Memprotect support patch from Stephen Smalley. 2007-06-19 13:02:26 +00:00
Chris PeBenito
d139413c64 trunk: 2 patches from dan 2007-06-13 13:54:56 +00:00
Chris PeBenito
a74d1ad7cd trunk: add amtu from dan 2007-06-12 18:58:36 +00:00
Chris PeBenito
d5b81a81ff trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). 2007-06-12 18:46:14 +00:00
Chris PeBenito
262def165a trunk: version bumps for previous commit. 2007-06-12 13:08:19 +00:00
Chris PeBenito
f7101c5430 trunk: 7 simple patches from dan. 2007-06-12 13:06:13 +00:00
Chris PeBenito
6649aec9d0 trunk: 3 patches from dan 2007-06-11 15:43:37 +00:00
Chris PeBenito
d534d35a7e trunk: 5 patches from dan 2007-06-11 15:01:10 +00:00
Chris PeBenito
f6a590d7b4 six simple patches from dan 2007-06-11 14:09:09 +00:00
Chris PeBenito
7782966db1 add fc entry for make_reiser4 2007-06-08 20:01:34 +00:00
Chris PeBenito
17b9cb7dda trunk: fix line in evolution to be strict-only; was being covered up by genhomedircon. 2007-05-22 17:01:38 +00:00
Chris PeBenito
a39a931362 trunk: snmp tweak from dan 2007-05-15 18:06:31 +00:00
Chris PeBenito
c412be6bef trunk: remaining pieces for apcupsd module 2007-05-15 15:43:00 +00:00
Chris PeBenito
38d0cf1b8a trunk: long overdue cleanup from when range_transitions were only in the base module 2007-05-14 15:35:47 +00:00
Chris PeBenito
762d2cb989 merge restorecon into setfiles 2007-05-11 17:10:43 +00:00
Chris PeBenito
12217cc286 Patch to begin separating out hald helper programs from Dan Walsh. 2007-05-07 17:57:48 +00:00
Chris PeBenito
78f17e6d6c add apcupsd from dan 2007-05-07 14:55:54 +00:00
Chris PeBenito
b129e2001c Fixes for squid, dovecot, and snmp from Dan Walsh. 2007-05-07 13:45:17 +00:00
Chris PeBenito
4967aaa320 Miscellaneous consolekit fixes from Dan Walsh. 2007-05-03 14:15:38 +00:00
Chris PeBenito
0ef5d66468 textrel lib update from dan 2007-05-03 13:43:44 +00:00
Chris PeBenito
ed4b7301fb Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh. 2007-05-03 12:45:28 +00:00
Chris PeBenito
517618f0b4 Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh. 2007-05-02 17:55:03 +00:00
Chris PeBenito
882186c933 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
Chris PeBenito
6a2975706a add rwho from Nalin Dahyabhai 2007-04-30 17:39:01 +00:00
Chris PeBenito
747ab18400 Patch to allow amavis to read spamassassin libraries from Dan Walsh. 2007-04-30 15:19:47 +00:00
Chris PeBenito
ae32fb7e7b trivial aide fix from dan 2007-04-30 15:09:15 +00:00
Chris PeBenito
f9029fc5b6 Patch to allow slocate to getattr other filesystems and directories on those filesystems from Dan Walsh. 2007-04-30 15:01:19 +00:00
Chris PeBenito
27c570f755 trivial fix for netutils from dan 2007-04-30 14:44:04 +00:00
Chris PeBenito
7487a66705 trivial fix from dan for bluetooth 2007-04-30 14:33:12 +00:00
Chris PeBenito
b4beb0a0fb missed piece of clip patch 2007-04-30 14:32:31 +00:00
Chris PeBenito
d28e528b0d Fixes for RHEL4 from the CLIP project. 2007-04-27 15:08:15 +00:00
Chris PeBenito
cd16fe6e2c Replace the old lrrd fc entries with correct munin ones. 2007-04-23 17:36:35 +00:00
Chris PeBenito
b4dfdc7d30 Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties. 2007-04-19 14:30:57 +00:00
Chris PeBenito
7a4bd42ea3 Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface. 2007-04-19 14:24:02 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
4029f11670 last piece of previous consolekit patch 2007-04-11 20:02:59 +00:00
Chris PeBenito
97e8156ecb add zabbix from dan 2007-04-11 18:55:44 +00:00
Chris PeBenito
697489040e 5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes 2007-04-11 17:56:03 +00:00
Chris PeBenito
99064c9fbd more consolekit updates from dan 2007-04-11 14:04:35 +00:00
Chris PeBenito
82e284bb89 last piece of dan's previous patch 2007-04-11 13:31:10 +00:00
Chris PeBenito
19b2dee3cc confine ldconfig in targeted, from dan 2007-04-10 19:39:22 +00:00
Chris PeBenito
ebc1e8be97 from dan:
kadmind trys to setattr on krb5kdc file.  Just a library checking access.
2007-04-10 17:20:07 +00:00
Chris PeBenito
9af48eef6e six patches from dan 2007-04-10 13:10:58 +00:00
Chris PeBenito
98faba122c gentoo /lib can be a symlink on x86-64 systems 2007-04-02 13:33:18 +00:00
Chris PeBenito
39d8dcdb4f fix http_script_domains, it was incorrectly applied to the content type rather than the script domain. bug #24. 2007-04-02 13:20:55 +00:00
Chris PeBenito
a26923c32e Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file. 2007-03-28 18:47:45 +00:00
Chris PeBenito
9e8f65c83e six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed 2007-03-26 20:47:29 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89 remove disable_trans booleans 2007-03-23 21:01:49 +00:00
Chris PeBenito
5f5b7a1ec6 network fix from dan 2007-03-22 14:33:00 +00:00
Chris PeBenito
cc9130b90a one-liner from dan 2007-03-22 14:01:55 +00:00
Chris PeBenito
19fd9301e6 patch from dan to have ricci modstorage transition to lvm 2007-03-21 20:02:50 +00:00
Chris PeBenito
cd3ee91a4b add fail2ban from dan 2007-03-21 15:51:52 +00:00
Chris PeBenito
efcf9df253 kudzu will telinit to make init re-read the inittab after configuring serial consoles 2007-03-20 19:00:35 +00:00
Chris PeBenito
a5f5eba459 Add dontaudits for init fds and console to init_daemon_domain(). 2007-03-20 18:47:18 +00:00
Chris PeBenito
4832f0e066 create user gpg keys dir patch from dan 2007-03-19 19:10:43 +00:00
Chris PeBenito
93784927ca add kvmfs support, from dan 2007-03-19 18:48:14 +00:00
Chris PeBenito
7200146ea8 trivial patch for radius from dan 2007-03-19 18:42:57 +00:00
Chris PeBenito
86b28c9594 trivial patch from dan for sysstat access to sysfs 2007-03-19 18:38:54 +00:00
Chris PeBenito
e66689f7be other part of consolekit addition 2007-03-19 18:36:36 +00:00
Chris PeBenito
c224d91c7b from Dan:
This is a new policy for the User Switching capability coming in gnome.

consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
6c20f77e80 patch from Dan for sudo:
sudo should be able to getattr on all executables not just 
bin_t/sbin_t.  Confined executeables run from sudo need this.

sudo_exec_t needs to be marked as exec_type so prelink will work correctly.

sudo semanage should work
2007-03-19 16:32:44 +00:00
Chris PeBenito
0cca516db7 fix for rh bug 203290 2007-03-08 19:01:21 +00:00
Chris PeBenito
b5a6c86f46 last bit of dans patch 2007-03-08 17:53:52 +00:00
Chris PeBenito
cdc91b9aeb Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh. 2007-03-08 15:14:45 +00:00
Chris PeBenito
59bedc1886 procmail uses /tmp files
Wants to send signull to itself
Can exec ls
Read spamassinn_lib_dirs
New directory for spamassin /var/lib/
pyzor uses tmp files
2007-03-07 21:33:22 +00:00
Chris PeBenito
7aefc69117 trivial change from dan 2007-03-06 17:44:26 +00:00
Chris PeBenito
7aca2aa827 setroubleshoot has a plugin that checks the file context on disk versus a matchpathcon. So needs additional privs 2007-03-06 17:16:08 +00:00
Chris PeBenito
c23eb5b1c4 Patch for gssd fixes from Dan Walsh 2007-03-06 16:18:59 +00:00
Chris PeBenito
c5561c777d patches for lvm and ricci fixes from Dan Walsh. 2007-03-06 15:35:02 +00:00
Chris PeBenito
f2c69c47b3 lmtp and smtp are the same file require same context of setfiles complains
postfix_pickup_t wants to read postfix_spool_maildrop_t dir
2007-03-01 20:41:19 +00:00
Chris PeBenito
ecc98e19e3 patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh. 2007-03-01 15:43:39 +00:00
Chris PeBenito
4900fdf7d1 Patch for kerberized telnet fixes from Dan Walsh. 2007-02-28 17:17:52 +00:00
Chris PeBenito
09c56f5496 Patch for kerberized ftp and other ftp fixes from Dan Walsh. 2007-02-28 17:01:47 +00:00
Chris PeBenito
2aea366ffc Patch for an additional wine executable from Dan Walsh. 2007-02-28 16:23:06 +00:00
Chris PeBenito
bf39cdb807 Patch for additional games file contexts from Dan Walsh. 2007-02-28 15:30:38 +00:00
Chris PeBenito
86d754eed6 Add support for libselinux 2.0.5 init_selinuxmnt() changes. 2007-02-27 17:02:35 +00:00
Chris PeBenito
ca448bd66c add init_exec() to init_telinit(). 2007-02-26 20:19:53 +00:00
Chris PeBenito
f0eaed31be Patch for misc fixes to bluetooth from Dan Walsh. 2007-02-26 17:23:52 +00:00
Chris PeBenito
5b06477c8e On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote:
> Eliminate excess avc messages created when using kerberos libraries
> 
> krb5kdc wans to setsched
> 
> Also uses a fifo_file to communicate.
> 
> Needs to search_network_sysctl
2007-02-26 17:04:56 +00:00
Chris PeBenito
bbb7cc8927 Patch to start deprecating usercanread attribute from Ryan Bradetich. 2007-02-26 16:13:23 +00:00