Commit Graph

19 Commits

Author SHA1 Message Date
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
40df56772f trunk: big samba update from dan 2007-06-19 19:11:35 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
a5f5eba459 Add dontaudits for init fds and console to init_daemon_domain(). 2007-03-20 18:47:18 +00:00
Chris PeBenito
d114071e7a While using samba and SELinux with Debian GNU/Linux (etch) the
following files need to be labeled correctly:
/var/run/samba/gencache.tdb
/var/run/samba/share_info.tdb

Should also concern other distributions than Debian.

-Stefan
2007-02-23 19:30:17 +00:00
Chris PeBenito
42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Chris PeBenito
a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito
85f0c35922 make optional the inetd dependency in samba 2006-10-10 13:11:58 +00:00
Chris PeBenito
3c3c0439f6 patch from russell, Thu, 5 Oct 2006 22:44:49 +1000
Allow unconfined processes to see unlabeled processes in ps.

Removed a redundant rule in samba.te

Removed support for the pre-Fedora Red Hat code to create sym-links in /boot.

Removed support for devpts_t files in /tmp (there is no way that would ever 
work).

Allowed postgrey to create socket files.

Made the specs for the /lib and /lib64 directories better support stem 
compression.
2006-10-05 19:57:37 +00:00
Chris PeBenito
95b8223eed cleanups 2006-09-08 17:21:28 +00:00
Chris PeBenito
a5e2133bc8 patch from dan Wed, 23 Aug 2006 14:03:49 -0400 2006-08-29 02:41:00 +00:00
Chris PeBenito
3ef029db7c add nscd_socket_use() to auth_use_nsswitch() since it caches nss lookups. 2006-08-22 19:37:56 +00:00
Chris PeBenito
46551033aa patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00
Chris PeBenito
17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00