Chris PeBenito
32f27a7489
asterisk patch from Dan Walsh.
2009-12-18 10:37:52 -05:00
Chris PeBenito
7e81399d84
apm patch from Dan Walsh.
2009-12-18 10:35:31 -05:00
Chris PeBenito
41c139dc77
afs patch from Dan Walsh.
2009-12-18 10:35:03 -05:00
Chris PeBenito
b84d6ec491
smartmon patch from Dan Walsh.
2009-12-18 10:33:50 -05:00
Justin P. Mattock
3fe6f6ad60
Typo in policy/users
...
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-12-18 08:51:58 -05:00
Chris PeBenito
7fc72a02d9
Changelog and version bump for X object manager changes.
2009-12-03 10:40:42 -05:00
Chris PeBenito
e331a05c77
Merge branch 'master' into xselinux
2009-12-03 10:13:41 -05:00
Chris PeBenito
46b03739ac
Seunshare patch from Dan Walsh.
2009-12-01 10:31:28 -05:00
Chris PeBenito
d7776f58c2
Screen patch from Dan Walsh.
2009-12-01 10:31:17 -05:00
Chris PeBenito
6394ea6143
Podsleuth patch from Dan Walsh.
2009-12-01 10:30:50 -05:00
Chris PeBenito
b77daab0ed
Mozilla patch from Dan Walsh.
2009-12-01 10:30:30 -05:00
Chris PeBenito
36ded4bd36
GPG patch from Dan Walsh.
2009-12-01 10:30:07 -05:00
Chris PeBenito
962d6fb9b0
Calamaris patch from Dan Walsh.
2009-12-01 10:29:51 -05:00
Chris PeBenito
7491a9ed62
Iptables and modutils patches from Dan Walsh.
2009-12-01 09:23:11 -05:00
Chris PeBenito
d913e793ae
Kismet and tzdata patches from Dan Walsh.
2009-11-25 15:12:52 -05:00
Chris PeBenito
0cad9a734e
RAID patch from Dan Walsh.
2009-11-25 11:17:19 -05:00
Chris PeBenito
c8d563fcbc
Permission set updates from Dan Walsh.
2009-11-25 10:52:16 -05:00
Chris PeBenito
77c71b54e5
Fstools and Xen patches from Dan Walsh.
2009-11-25 10:27:31 -05:00
Chris PeBenito
e21162e471
Kdump reads the kernel core.
2009-11-25 10:04:40 -05:00
Chris PeBenito
837163cfe7
UDEV patch from Dan Walsh.
2009-11-25 09:44:14 -05:00
Chris PeBenito
832c1be4ca
IPSEC patch from Dan Walsh.
2009-11-24 14:09:10 -05:00
Chris PeBenito
5ed061769e
Application patch from Dan Walsh.
2009-11-24 11:48:39 -05:00
Chris PeBenito
dccbb80cb0
Whitespace cleanup.
2009-11-24 11:11:38 -05:00
Chris PeBenito
0f982dada2
ISCSI patch from Dan Walsh.
2009-11-24 11:08:22 -05:00
Chris PeBenito
0a119a0142
Setrans patch from Dan Walsh.
2009-11-24 09:41:03 -05:00
Chris PeBenito
bd34ef71df
LVM patch from Dan Walsh.
2009-11-24 09:19:45 -05:00
Chris PeBenito
9dfdd48fec
Miscfiles patch from Dan Walsh.
2009-11-24 09:04:48 -05:00
Chris PeBenito
910b1d8ecb
Files patch from Dan Walsh.
2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020
Corecommands patch from Dan Walsh.
2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00
Filesystem patch from Dan Walsh.
2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557
Add terminal patch from Dan Walsh.
2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42
Add devices patch from Dan Walsh.
2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0
Add kernel patch from Dan Walsh
2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785
Add storage patch, from Dan Walsh.
2009-11-19 09:03:36 -05:00
Chris PeBenito
deb527262a
Add module_request permission, from Dan Walsh.
2009-11-19 08:52:06 -05:00
Chris PeBenito
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50
additional cleanup for e877913
.
2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf
adding puppet configuration management system
...
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
f272825b2d
one further rearrangement of tgtd.
2009-11-03 09:41:24 -05:00
Chris PeBenito
222d5b5987
clean up 0bca409
and add changelog entry.
2009-11-03 09:25:37 -05:00
Matthew Ife
0bca409d74
RESET tgtd daemon.
...
This one makes an effort to check for syntax and that it actually compiles.
Signed-off-by: Matthew Ife <deleriux@airattack-central.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-03 09:11:43 -05:00
Chris PeBenito
9448ca6e07
restore removed aliases.
2009-11-02 08:48:58 -05:00
Eamon Walsh
5025a463cf
Drop the xserver_unprotected interface.
...
The motivation for this was xdm_t objects not getting cleaned up,
so the user session tried to interact with them. But since the
default user type is unconfined this problem has gone away for now.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-30 08:55:58 -04:00
Eamon Walsh
5242ecceac
X Object Manager policy revisions to xserver.if.
...
X Object Manager policy revisions to xserver.if.
This commit consists of two parts:
1. Revisions to xserver_object_types_template and
xserver_common_x_domain_template. This reflects the dropping
of many of the specific event, extension, and property types.
2. New interfaces:
xserver_manage_core_devices: Gives control over core mouse/keyboard.
xserver_unprotected: Allows all clients to access a domain's X objects.
Modified interfaces:
xserver_unconfined: Added x_domain typeattribute statement.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:26 -04:00
Eamon Walsh
f267f85390
X Object Manager policy revisions to xserver.te.
...
X Object Manager policy revisions to xserver.te.
This commit consists of three main parts:
1. Code movement. There were X object manager-related statements
scattered somewhat throughout the file; these have been consolidated,
which resulted in some other statements moving (e.g. iceauth_t).
2. Type changes. Many of the specific event, extension, and property
types have been dropped for the time being. The rootwindow_t and
remote_xclient_t types have been renamed, and a root_xcolormap_t
type has been (re-)added. This is for naming consistency.
An "xserver_unprotected" alias has been added for use in labeling
clients whose resources should be globally accessible (e.g. xdm_t).
3. Policy changes. These are mostly related to devices, which now have
separate x_keyboard and x_pointer classes. The "Hacks" section
has been cleaned up, and various other classes have had the default
permissions tweaked.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:22 -04:00
Chris PeBenito
b04669aaea
add tuned from miroslav grepl.
2009-10-26 09:42:11 -04:00
Chris PeBenito
a1a45de06e
reorganize a92ee50
2009-10-22 10:35:45 -04:00
Dominick Grift
a92ee50126
Implement screen-locking feature.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-22 10:33:05 -04:00
Justin P. Mattock
5b6bd09213
Fix a typo of SElinux to SELinux.
...
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
2009-10-22 09:47:52 -04:00
Chris PeBenito
7ca3f559d7
add open to search_dir_perms.
2009-10-22 09:13:04 -04:00
Eamon Walsh
e4928c5f79
Add separate x_pointer and x_keyboard classes inheriting from x_device.
...
This is needed to allow more fine-grained control over X devices without
using different types. Using different types is problematic because
devices act as subjects in the X Flask implementation, and subjects
cannot be labeled through a type transition (since the output role is
hardcoded to object_r).
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-10-14 08:44:44 -04:00
Chris PeBenito
808341bb9b
revise MCS constraints to use only MCS-specific attributes.
2009-10-07 11:48:14 -04:00
Chris PeBenito
4be8dd10b9
add seunshare from dan.
2009-09-28 15:40:06 -04:00
Chris PeBenito
5a6b1fe2b4
add dkim from stefan schulze frielinghaus.
2009-09-17 09:12:33 -04:00
Chris PeBenito
21b1d1096f
add gnomeclock from dan.
2009-09-16 08:38:58 -04:00
Chris PeBenito
ed70158a39
add rtkit from dan.
2009-09-15 09:53:24 -04:00
Chris PeBenito
1d3b9e384c
clean up xscreensaver.
2009-09-15 09:41:42 -04:00
corentin.labbe
31f9c109c1
SELinux xscreensaver policy support
...
Hello
This a patch for adding xscreensaver policy.
I think it need a specific policy because of the auth_domtrans_chk_passwd.
cordially
Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
2009-09-15 08:46:28 -04:00
Chris PeBenito
c141d835f1
add modemmanager from dan.
2009-09-14 09:48:13 -04:00
Chris PeBenito
e3a90e358a
add abrt from dan.
2009-09-14 09:22:24 -04:00
Chris PeBenito
6af53d08ed
rearrange readahead rules.
2009-09-09 09:53:28 -04:00
Chris PeBenito
c1e5b195f7
readahead patch from dan.
2009-09-09 09:45:34 -04:00
Chris PeBenito
937b2c4d91
nscd patch from dan.
2009-09-09 09:35:37 -04:00
Chris PeBenito
c61b35048a
cron patch from dan.
2009-09-09 09:28:04 -04:00
Chris PeBenito
163ddfaa80
prelink patch from dan.
2009-09-09 08:18:51 -04:00
Chris PeBenito
81bca10b28
nslcd policy from dan.
2009-09-08 10:31:19 -04:00
Chris PeBenito
f67bc918d4
term_write_all_terms() patch from Stefan Schulze Frielinghaus
2009-09-08 10:06:38 -04:00
Chris PeBenito
dbed95369c
add gitosis from miroslav grepl.
2009-09-03 09:52:08 -04:00
Chris PeBenito
634a13c21f
cpufreqselector patch from dan.
2009-09-03 09:15:17 -04:00
Chris PeBenito
f6137171f3
add an additional vmware host program.
2009-09-03 08:56:58 -04:00
Chris PeBenito
6fdef06522
screen patch from dan.
2009-09-03 08:49:26 -04:00
Chris PeBenito
72b834ccb0
remove stale screen_dir_t references
...
The screen_dir_t was made an alias of the screen_var_run_t type.
Remove the remaining references to this type.
2009-09-03 08:39:42 -04:00
Chris PeBenito
ca7fa520e7
gpg patch from dan.
...
gpg sends sigstop and signull
Reads usb devices
Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
2009-09-03 08:23:18 -04:00
Chris PeBenito
f2f296ba60
openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories.
2009-09-02 09:24:10 -04:00
Chris PeBenito
93be4ba581
Webalizer does not list inotify, this was caused by leaked file descriptors in either dbus or cron. Both of which have been cleaned up.
2009-09-02 09:10:30 -04:00
Chris PeBenito
625be1b4e6
add shorewall from dan.
2009-09-02 08:58:52 -04:00
Chris PeBenito
71965a1fc5
add kdump from dan.
2009-09-02 08:33:25 -04:00
Chris PeBenito
a4b6385b9d
cdrecord patch from dan.
2009-09-01 09:22:40 -04:00
Chris PeBenito
1a79193449
awstats patch from dan.
2009-09-01 08:59:24 -04:00
Chris PeBenito
b2324fa76d
certwatch patch from dan.
2009-09-01 08:50:39 -04:00
Chris PeBenito
b515ab0182
mrtg patch from dan.
2009-09-01 08:44:20 -04:00
Chris PeBenito
aa83007d5a
add hddtemp from dan.
2009-09-01 08:34:04 -04:00
Chris PeBenito
aac56b12b7
add ptchown policy from dan.
2009-08-31 10:21:01 -04:00
Chris PeBenito
a3dd1499ef
pulseaudio patch from dan.
2009-08-31 10:07:57 -04:00
Chris PeBenito
6774578327
module version number bump for nscd patch.
2009-08-31 09:44:38 -04:00
Manoj Srivastava
2a79debe9b
nscd cache location changed from /var/db/nscd to /var/cache/nscd
...
The nscd policy module uses the old nscd cache location. The cache location
changed with glibc 2.7-1, and the current nscd does place the files in
/var/cache/nscd/.
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
2009-08-31 09:43:52 -04:00
Chris PeBenito
a9e9678fc7
kismet patch from dan.
2009-08-31 09:38:47 -04:00
Chris PeBenito
aaff2fcfcd
module version number bump for tun patches
2009-08-31 09:17:31 -04:00
Chris PeBenito
0be901ba40
rename admin_tun_type to admindomain.
2009-08-31 09:03:51 -04:00
Chris PeBenito
bd75703c7d
reorganize tun patch changes.
2009-08-31 08:49:57 -04:00
Paul Moore
9dc3cd1635
refpol: Policy for the new TUN driver access controls
...
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices. The policy rules for creating and attaching to a device are as
shown below:
# create a new device
allow domain_t self:tun_socket { create };
# attach to a persistent device (created by tunlbl_t)
allow domain_t tunlbl_t:tun_socket { relabelfrom };
allow domain_t self:tun_socket { relabelto };
Further discussion can be found on this thread:
* http://marc.info/?t=125080850900002&r=1&w=2
Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Paul Moore
333494fd59
refpol: Add the "tun_socket" object class flask definitions
...
Add the new "tun_socket" class to the flask definitions. The "tun_socket"
object class is used by the new TUN driver hooks which allow policy to control
access to TUN/TAP devices.
Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:00 -04:00
Chris PeBenito
4279891d1f
patch from Eamon Walsh to remove useage of deprecated xserver interfaces.
2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04
deprecate userdom_xwindows_client_template
...
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role(). Deprecate
the former and put the rules into the latter.
For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
Chris PeBenito
fef5dcf3af
Remove excessive permissions in logging_send_syslog_msg(). Ticket #14 .
2009-08-26 10:05:36 -04:00
Chris PeBenito
e27827b86c
split dev_create_cardmgr_dev() into a create and a filetrans interface.
2009-08-25 09:56:56 -04:00
Chris PeBenito
dbb7dd9484
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd
split dev_manage_dri_dev() into a manage and a filetrans interface.
2009-08-25 09:43:38 -04:00
Chris PeBenito
0484277038
reorganize dbus.fc.
2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546
module version bumps and changelog update for the previous 3 commits.
2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1
Gentoo dbus in libexec
2009-08-18 13:13:40 -04:00
LABBE Corentin
755c52b8f7
portage need capability sys_nice
2009-08-18 13:13:31 -04:00
LABBE Corentin
58cc9903dd
Missing comma in policykit
2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b
Debian policykit fixes from Martin Orr.
...
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that. Also a couple of policykit rules.
2009-08-18 09:49:31 -04:00
Chris PeBenito
b2648249d9
Fix unconfined_r use of unconfined_java_t.
...
The unconfined role is running java in the unconfined_java_t. The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r. Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
4254cec711
Add missing x_device rules for XI2 functions, from Eamon Walsh.
...
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy. You can now create one or more
> "master devices" (mouse cursor and keyboard focus). The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device. Create/destroy controls the ability to create new master
> devices.
2009-08-14 13:18:16 -04:00
Chris PeBenito
2a77737d4e
Add missing rules to make unconfined_cronjob_t a valid cron job domain.
...
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain. This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
2009-08-12 14:15:39 -04:00
Chris PeBenito
97e42114db
remove redundant xen_append_log() call in hostname.
2009-08-11 14:19:38 -04:00
Chris PeBenito
e51390dfcb
fix refpolicy ticket #48 .
2009-08-10 11:14:03 -04:00
Chris PeBenito
02e594d5dc
Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49 .
2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197
Add missing compatibility aliases for xdm_xserver*_t types.
...
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625
fix ordering in sysnetwork.
2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc
fix ordering in raid.
2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646
fix ordering in pcmcia.
2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2
fix ordering in mount.
2009-08-05 10:16:41 -04:00
Chris PeBenito
54327d48ee
fix ordering in modutils.
2009-08-05 10:15:45 -04:00
Chris PeBenito
568efbe895
fix ordering of interface calls in lvm.
2009-08-05 10:07:35 -04:00
Chris PeBenito
8cd1306e5b
fix ordering of interface calls in locallogin.
2009-08-05 10:06:04 -04:00
Chris PeBenito
e6985f91ab
fix ordering of interface calls in iptables.
2009-08-05 10:04:13 -04:00
Chris PeBenito
464ffa57fd
fix ordering of interface calls in init.
2009-08-05 10:01:06 -04:00
Chris PeBenito
14d282253f
fix ordering of interface calls in hostname.
2009-08-05 09:57:14 -04:00
Chris PeBenito
5b5300c823
fix ordering of interface calls in getty.
2009-08-05 09:55:58 -04:00
Chris PeBenito
79ca728b5f
fix ordering of interface calls in fstools.
2009-08-05 09:54:52 -04:00
Chris PeBenito
08638af216
fix ordering of interface calls in clock.
2009-08-05 09:52:34 -04:00
Chris PeBenito
2acba7bbdb
fix ordering of interface calls in authlogin.
2009-08-05 09:51:47 -04:00
Chris PeBenito
9c47227c7a
fix ordering of interface calls in sudo.
2009-08-05 09:48:46 -04:00
Chris PeBenito
78a9c2815d
add bin_t labeling for gentoo dhcpcd-run-hooks location
2009-07-30 09:34:00 -04:00
Chris PeBenito
4c92f08f75
openrc unfortunately mounts a tmpfs at /lib/rc
2009-07-30 08:57:15 -04:00
Chris PeBenito
cfdbf366cb
gentoo init script system uses tmpfs for state data
2009-07-30 08:33:43 -04:00
Chris PeBenito
efa0acccea
gentoo init script system sends audit messages.
2009-07-29 21:50:32 -04:00
Chris PeBenito
3162277ade
alsa file location update for debian, from Manoj.
2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0
whitespace fixes in apt.
2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d
clean up 6a192f70d4
2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4
Update apt/aptitude policy to add support for lock/log files
...
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
2009-07-29 15:00:39 -04:00
Chris PeBenito
50458c8bb7
pull most of fedora changes to rpc.
2009-07-29 14:55:30 -04:00
Chris PeBenito
0c89174f7f
pull most of fedora changes to samba.
2009-07-29 14:40:34 -04:00
Chris PeBenito
105e85ac8e
/dev/fuse should be s0 not mls_high
...
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device. Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs. It will also make it unusable I
believe on an MLS machine. Mostly I have seen fusefs used for remote
access to data. sshfs for example.
2009-07-29 11:08:50 -04:00
Chris PeBenito
363e8fb98a
pull in part of fedora mta changes
2009-07-29 10:59:09 -04:00
Chris PeBenito
20c3ccee1a
add fprintd module from dan.
2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea
add devicekit module from dan.
2009-07-29 10:02:06 -04:00
Chris PeBenito
4e7c0a93a6
consolekit patch from dan.
2009-07-29 09:13:54 -04:00
Chris PeBenito
33322290f2
automount patch from dan.
2009-07-29 08:59:26 -04:00
Chris PeBenito
8f3bddfbfd
cups patch from dan.
2009-07-28 15:46:26 -04:00
Chris PeBenito
4be3e11094
pull in apache_admin() from fedora
2009-07-28 13:24:08 -04:00
Chris PeBenito
91550027de
vmware patch from dan.
2009-07-28 11:37:34 -04:00
Chris PeBenito
423a4a3a2c
fix dbus type transition conflict.
...
switch dbus ranged calls from daemon domain to system domain. This works
around a type transition conflict. It is also why the non-ranged
init_system_domain() is used instead of init_daemon_domain().
2009-07-28 11:05:19 -04:00
Chris PeBenito
41ea887598
sudo patch from dan.
2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814
readahead patch from dan.
2009-07-28 10:08:02 -04:00
Chris PeBenito
4083191c4b
add missing userdom interfaces
2009-07-28 09:35:46 -04:00
Chris PeBenito
c7ae9ae1c8
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-07-28 08:00:03 -04:00
Chris PeBenito
ebf3ec9063
snort patch from dan.
2009-07-27 16:04:10 -04:00
Chris PeBenito
5f6c30f8bd
wm policy from dan
2009-07-27 15:11:22 -04:00
Chris PeBenito
708a74a212
oddjob patch from dan.
2009-07-27 10:52:20 -04:00
Chris PeBenito
fa50187c5e
kerneloops patch from dan
2009-07-27 10:44:19 -04:00
Chris PeBenito
9de7c1706d
hal patch from dan.
2009-07-27 10:18:50 -04:00
Chris PeBenito
fe1205a810
avahi patch from dan
2009-07-27 09:57:20 -04:00
Chris PeBenito
e04438840b
dbus patch from dan
2009-07-27 09:46:35 -04:00
Chris PeBenito
5be35f2acd
tmpreaper patch from dan.
2009-07-27 09:11:38 -04:00
Chris PeBenito
06625d302c
mozilla patch from dan.
2009-07-27 09:11:12 -04:00
Chris PeBenito
f4962ab15b
add cpufreqselector from dan
2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
5bb5ec1d40
podsleuth patch from dan.
2009-07-21 10:11:16 -04:00
Chris PeBenito
13306f56b6
afs client patch from dan.
2009-07-21 10:11:03 -04:00
Chris PeBenito
b93a7dacca
bluetooth patch from dan.
2009-07-21 10:10:47 -04:00
Chris PeBenito
ad0aea536b
clamav patch from dan.
2009-07-21 10:10:31 -04:00
Chris PeBenito
92f08c7130
mailman patch from dan.
2009-07-21 10:10:17 -04:00
Chris PeBenito
1847443ea3
ricci patch from dan.
2009-07-21 10:10:00 -04:00
Chris PeBenito
d8822462c4
fix policykit interface
2009-07-21 10:09:14 -04:00
Chris PeBenito
e4f73afb8e
gpg patch from dan
2009-07-21 10:07:38 -04:00
Chris PeBenito
5271dd30bc
module version bump for 9b1907b217
2009-07-21 10:07:10 -04:00
Chris PeBenito
9b1907b217
add pulseaudio from dan.
2009-07-21 10:05:38 -04:00
Chris PeBenito
7395f80119
ppp patch from dan
2009-07-20 15:41:19 -04:00
Chris PeBenito
4aa075262a
kerberos patch from dan
2009-07-20 15:41:08 -04:00
Chris PeBenito
8f17f7c2ee
dnsmasq patch from dan.
2009-07-20 15:40:57 -04:00
Chris PeBenito
93d300831d
dhcp patch from dan
2009-07-20 15:40:41 -04:00
Chris PeBenito
af5374d3a5
policykit.if whitespace fix
2009-07-20 11:37:22 -04:00
Chris PeBenito
adea587572
4 patches from dan.
2009-07-20 11:34:46 -04:00
Chris PeBenito
edb7b90d89
add kismet and pulseaudio ports. fix sorting of ports.
2009-07-20 11:17:31 -04:00
Chris PeBenito
9e90ce33db
add policykit from dan.
2009-07-20 11:15:09 -04:00
Chris PeBenito
b67201eae7
fix bad varnishd interface names
2009-07-20 09:44:25 -04:00
Chris PeBenito
7694abdff7
module version bump for f2583aa83b
2009-07-15 09:30:08 -04:00
Manoj Srivastava
f2583aa83b
Remove duplicate distro_redhat context
...
A recent update added an generic context for the lock files, so the
entry in distro_redhat can be removed.
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-07-15 09:27:36 -04:00
Chris PeBenito
ce6fee6575
5 patches from dan
2009-07-14 10:30:22 -04:00
Chris PeBenito
10b03f376b
three debian patches from manoj
2009-07-14 09:05:59 -04:00
Chris PeBenito
84d88df579
trunk: fix typo in guest role decl.
2009-07-08 15:23:29 +00:00
Chris PeBenito
9ac9739087
trunk: update policycaps comments for sock_file open perm.
2009-07-01 13:34:54 +00:00
Chris PeBenito
bb88161284
trunk: 3 patches from dan.
2009-06-30 19:27:21 +00:00
Chris PeBenito
45b975db5b
trunk: add missing varnish port.
2009-06-30 17:48:15 +00:00
Chris PeBenito
50824a99ca
trunk: pads from dan.
2009-06-30 15:03:20 +00:00
Chris PeBenito
46e2fa6d39
trunk: prelude patch from dan.
2009-06-30 14:44:50 +00:00
Chris PeBenito
267d9c60c5
trunk: varnishd from dan.
2009-06-30 13:49:53 +00:00
Chris PeBenito
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
Chris PeBenito
20272c2b27
trunk: 7 patches from dan.
2009-06-26 13:22:39 +00:00
Chris PeBenito
c989807d4a
trunk: nis patch from dan.
2009-06-25 15:16:29 +00:00
Chris PeBenito
c017ee17ab
trunk: add sssd from dan.
2009-06-22 15:33:21 +00:00
Chris PeBenito
26410ddf54
trunk: remove unnecessary semicolons after interface/template calls.
2009-06-19 13:52:33 +00:00
Chris PeBenito
c9c0d846de
trunk: Greylist milter from Paul Howarth.
2009-06-18 14:36:35 +00:00
Chris PeBenito
c7dc1c7222
trunk: Allow unix_update to change the security attributes associate with files so
...
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
Chris PeBenito
df28a0c444
trunk: Misc fixes for unix_update from Brandon Whalen.
2009-06-18 13:36:40 +00:00
Chris PeBenito
95ea7d6986
trunk: Add x_device permissions for XI2 functions, from Eamon Walsh.
2009-06-18 13:07:23 +00:00
Chris PeBenito
45515556d4
trunk: 10 patches from dan.
2009-06-12 19:44:10 +00:00
Chris PeBenito
30425aa876
trunk: 1 patch from dan.
2009-06-12 15:30:15 +00:00
Chris PeBenito
a65fd90a50
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
Chris PeBenito
731008ad85
trunk: 2 patches from dan.
2009-06-08 17:18:26 +00:00
Chris PeBenito
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe
trunk: add gpsd from miroslav grepl
2009-06-02 14:28:40 +00:00
Chris PeBenito
63f0a71c8a
trunk: 9 patches from dan.
2009-06-01 16:03:42 +00:00
Chris PeBenito
22894e33c4
trunk: add libjackserver.so textrel fc.
2009-06-01 13:04:40 +00:00
Chris PeBenito
996779dfad
trunk:
...
The attached patch allows unprivileged clients to export from or import
to the largeobject owned by themselves.
The current security policy does not allow them to import/export any
largeobjects without any clear reason.
NOTE: Export of the largeobject means that it dumps whole of the
largeobject into a local file, so SE-PostgreSQL checks both of
db_blob:{read export} on the largeobject and file:{write} on the
local file. Import is a reversal behavior.
KaiGai Kohei
2009-05-22 13:37:32 +00:00
Chris PeBenito
e0ea7b15ca
trunk:
...
The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl.
The current policy allows users/unprivs to run ALTER TABLE statement
unconditionally, because db_table/db_column:{setattr} is allowed outside
of the boolean. It should be moved to conditional section.
In addition, they are also allowed to db_procedure:{create drop setattr}
for xxxx_sepgsql_proc_exec_t, but it means we allows them to create, drop
or alter definition of the functions unconditionally. So, it also should
be moved to conditional section.
The postgresql.te allows sepgsql_client_type to modify sepgsql_table_t
and sepgsql_sysobj_t when sepgsql_enable_users_ddl is enabled, but
it should not be allowed.
KaiGai Kohei
2009-05-21 11:49:33 +00:00
Chris PeBenito
a01a4a7183
trunk:
...
OK, the attached patch adds the following types for unprivileged clients.
- unpriv_sepgsql_table_t
- unpriv_sepgsql_sysobj_t
- unpriv_sepgsql_proc_exec_t
- unpriv_sepgsql_blob_t
These types are the default for unprivileged and unprefixed domains,
such as httpd_t and others.
In addition, TYPE_TRANSITION rules are moved to outside of tunable
of the sepgsql_enable_users_ddl. IIRC, it was enclosed within the
tunable because UBAC domains (user_t and so on) were allowed to
create sepgsql_table_t, and its default was pointed to this type
when sepgsql_enable_users_ddl is disabled.
However, it has different meanings now, so the TYPE_TRANSITION rules
should be unconditional.
KaiGai Kohei
2009-05-21 11:28:14 +00:00
Chris PeBenito
80348b73a0
trunk: 4 patches from dan.
2009-05-14 14:41:50 +00:00
Chris PeBenito
a47eb527e5
trunk: whitespace fix for squid.fc.
2009-05-11 12:07:07 +00:00
Chris PeBenito
350ed89156
se-postgresql update from kaigai
...
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
db_database:{getattr}
db_table:{getattr lock}
db_column:{getattr}
db_procedure:{drop getattr setattr}
db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
impossible to refer read-only table with foreign-key constraint.
(FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
It should allow them on sepgsql_trusted_proc_exec_t.
I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
Chris PeBenito
da3ed0667f
trunk: lircd from miroslav grepl
2009-05-06 15:09:46 +00:00
Chris PeBenito
c0f5fa011a
trunk: whitespace fixes.
2009-05-06 14:44:57 +00:00
Chris PeBenito
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
Chris PeBenito
0cf1d56018
trunk: Milter state directory patch from Paul Howarth.
2009-04-21 20:40:45 +00:00
Chris PeBenito
a5ef553c2d
trunk: 5 modules from dan.
2009-04-20 19:03:15 +00:00
Chris PeBenito
153fe24bdc
trunk: 5 patches from dan.
2009-04-07 14:09:43 +00:00
Chris PeBenito
09125ae411
trunk: module version bump for previous commit.
2009-04-03 14:15:53 +00:00
Chris PeBenito
d6605bc48b
trunk: 3 patches from dan.
2009-04-03 14:14:43 +00:00
Chris PeBenito
42d567c3f4
trunk: 6 patches from dan.
2009-03-31 13:40:59 +00:00
Chris PeBenito
8f800d48df
trunk: 14 patches from dan.
2009-03-23 14:56:43 +00:00
Chris PeBenito
244b45d225
trunk: 3 patches from dan.
2009-03-20 13:58:15 +00:00
Chris PeBenito
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
Chris PeBenito
d3cdc3d07c
trunk: add open perm to sock_file.
2009-03-11 14:58:03 +00:00
Chris PeBenito
79a5a8084d
trunk: 2 patches from dan.
2009-03-11 14:19:50 +00:00
Chris PeBenito
c90440a7cd
trunk: 4 patches from dan.
2009-03-11 13:32:23 +00:00
Chris PeBenito
e21bd28bc8
trunk: add mysql db lnk_file transition.
2009-03-11 11:59:04 +00:00
Chris PeBenito
da04234f32
trunk: 5 patches from dan.
2009-03-10 19:32:04 +00:00
Chris PeBenito
11c944faf1
trunk: fix typo in devices file contexts.
2009-03-05 17:46:22 +00:00
Chris PeBenito
2c664e7fb8
trunk: storage patch from dan.
2009-03-05 15:49:41 +00:00
Chris PeBenito
7b76207e37
trunk: devices patch from dan.
2009-03-05 15:36:41 +00:00
Chris PeBenito
be5aaebfd6
trunk: corecommands patch from dan.
2009-03-05 14:43:03 +00:00
Chris PeBenito
b4ad699e57
trunk: add nlmsg_tty_audit permission.
2009-03-05 14:11:24 +00:00
Chris PeBenito
c45fdad85b
trunk: filesystem patch from dan.
2009-03-04 15:53:07 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
Chris PeBenito
81fa19ed73
trunk: remove unused udev_runtime_t type.
2009-02-24 19:31:08 +00:00
Chris PeBenito
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
Chris PeBenito
f79314234a
trunk: 6 patches from dan.
2009-02-11 19:28:30 +00:00
Chris PeBenito
c1e501136b
trunk: add context contains to setrans.
2009-02-09 13:58:22 +00:00
Chris PeBenito
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09
trunk: btrfs from Paul Moore.
2009-01-30 13:44:14 +00:00
Chris PeBenito
466e22a8ba
trunk: Add db_procedure install permission from KaiGai Kohei.
2009-01-23 19:49:36 +00:00
Chris PeBenito
019dfaf9dc
trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project.
2009-01-15 20:31:06 +00:00
Chris PeBenito
64daa85393
trunk: add sysadm_entry_spec_domtrans_to() interface from clip.
2009-01-15 15:07:37 +00:00
Chris PeBenito
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
Chris PeBenito
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
Chris PeBenito
59d599642e
trunk: fix certwatch version number.
2009-01-06 19:33:24 +00:00
Chris PeBenito
347a701119
trunk: Add kernel_service access vectors, from Stephen Smalley.
2009-01-05 21:44:33 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
3196971ae8
trunk: Fix consistency of audioentropy and iscsi module naming.
2008-12-09 16:47:33 +00:00
Chris PeBenito
9ff89c44e7
trunk: 2 patches from dan.
2008-12-04 15:01:12 +00:00
Chris PeBenito
f657cb14e5
trunk: fix role change constraint.
2008-12-03 20:16:08 +00:00
Chris PeBenito
ff8f0a63f4
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13
trunk: whitespace fix changing multiple spaces into tabs.
2008-12-03 18:33:19 +00:00
Chris PeBenito
a057e0462e
trunk: fix missing xml parameter.
2008-12-03 15:51:53 +00:00
Chris PeBenito
fb4826f424
trunk: 3 patches from dan.
2008-12-03 15:21:33 +00:00
Chris PeBenito
14c0edc7e9
trunk: 2 patches from dan.
2008-12-02 22:40:49 +00:00
Chris PeBenito
b3eb124654
trunk: Debian file context fix for xen from Russell Coker.
2008-11-24 15:34:54 +00:00
Chris PeBenito
b9e5238a24
trunk: add milter module from Paul Howarth.
2008-11-24 15:06:58 +00:00
Chris PeBenito
b3b607eb43
trunk: a fix on the previous commit.
2008-11-19 16:02:13 +00:00
Chris PeBenito
fcee22ad0d
trunk: 5 patches from dan.
2008-11-19 15:24:10 +00:00
Chris PeBenito
01e9e7dbf5
trunk: 4 patches from dan.
2008-11-18 19:55:10 +00:00
Chris PeBenito
659c8650c7
trunk 2 patches from dan.
2008-11-17 15:48:12 +00:00
Chris PeBenito
7f49194215
trunk: Xserver MLS fix from Eamon Walsh.
2008-11-17 13:49:19 +00:00
Chris PeBenito
7a4c282536
trunk: fix logging admin interfaces.
2008-11-14 13:53:21 +00:00
Chris PeBenito
23d5ab8de7
trunk: fix disable ubac condition for process perms.
2008-11-14 13:17:51 +00:00
Chris PeBenito
73c77e2c9b
trunk: 2 fixes from martin orr.
2008-11-13 18:44:23 +00:00
Chris PeBenito
99282e6be0
trunk: add omapi port for dhcpcd.
2008-11-12 13:11:00 +00:00
Chris PeBenito
5843d066b6
trunk: 10 patches from dan.
2008-11-11 16:38:34 +00:00
Chris PeBenito
27337d8c21
trunk: patch from Mike Edenfield to add udevadm fc entry.
2008-11-11 15:03:06 +00:00
Chris PeBenito
657c226c40
trunk: 7 patches from dan.
2008-11-06 22:36:50 +00:00
Chris PeBenito
ba796982df
trunk: tweaks from russell and martin orr.
2008-11-06 15:01:15 +00:00
Chris PeBenito
0003940ff2
trunk: add missing ubac module.
2008-11-05 16:11:27 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
932c3536f8
trunk: additional open fixes.
2008-11-04 14:37:05 +00:00
Chris PeBenito
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
Chris PeBenito
6e68e6bb5e
trunk: Move shared library calls from individual modules to the domain module.
2008-10-17 17:36:56 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
Chris PeBenito
2a98379a24
trunk: additional whitespace fixes.
2008-10-17 15:52:39 +00:00
Chris PeBenito
88cf0a9c2b
trunk: whitespace fix; collapse multiple blank lines into one.
2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40
trunk: Remove hierarchy from portage module as it is not a good example of hieararchy.
2008-10-15 19:56:33 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
74993c4dae
trunk: 8 patches from dan.
2008-10-13 15:06:23 +00:00
Chris PeBenito
aa7c463e5d
trunk: a pile of misc fixes.
2008-10-13 13:36:50 +00:00
Chris PeBenito
06099da657
trunk: 3 patches from dan.
2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
Chris PeBenito
967fd1ba3f
trunk: 8 patches from dan.
2008-10-08 20:03:24 +00:00
Chris PeBenito
e87221cefe
trunk: 21 patches from dan.
2008-10-08 15:50:03 +00:00
Chris PeBenito
ed8ae5ebeb
trunk: fix typo
2008-10-06 18:33:44 +00:00
Chris PeBenito
12c61f36f4
trunk: 7 patches from dan, 1 from eamon.
2008-10-06 17:27:49 +00:00
Chris PeBenito
73edbc9101
trunk: add oident from dominick grift.
2008-10-06 14:01:59 +00:00
Chris PeBenito
6d8af27cad
trunk: fix dupe fc.
2008-10-03 13:17:56 +00:00
Chris PeBenito
4bdf192962
trunk: firstboot update from dan.
2008-10-02 17:32:03 +00:00
Chris PeBenito
bf9f3480e5
trunk: readahead fix from dan.
2008-09-23 13:07:28 +00:00
Chris PeBenito
3daef6999a
trunk: cvs update from dan.
2008-09-23 12:56:00 +00:00
Chris PeBenito
4a475507be
trunk: remove stale pax class comments as that class was removed.
2008-09-22 19:06:34 +00:00
Chris PeBenito
88c02e0538
trunk: init script for setrans.
2008-09-18 18:20:31 +00:00
Chris PeBenito
658f4d3dd9
trunk: rpcbind update from dan.
2008-09-18 18:09:34 +00:00
Chris PeBenito
fd49feff49
trunk: last bit of wpa_supplicant update from martin orr.
2008-09-18 15:06:29 +00:00
Chris PeBenito
c9824ec5ce
trunk: remove incomplete sshd_extern.
2008-09-18 14:06:30 +00:00
Chris PeBenito
64c5b9975b
trunk: add interface to transition to initrc_t on labeled init scripts.
2008-09-18 13:47:43 +00:00
Chris PeBenito
cfafe4a7a8
trunk: logging update from dan.
2008-09-18 13:20:57 +00:00
Chris PeBenito
f5394cc3cb
trunk: bind update from dan.
2008-09-15 17:02:57 +00:00
Chris PeBenito
48f6456344
trunk: rename labeled init scripts with initrc convention.
2008-09-15 14:20:20 +00:00
Chris PeBenito
a46b60549a
trunk: squid update from dan.
2008-09-15 13:31:28 +00:00
Chris PeBenito
21ea2b1884
trunk: firstboot update from dan.
2008-09-12 15:54:11 +00:00
Chris PeBenito
36095d11ce
trunk: kudzu and mta patches from dan.
2008-09-12 14:18:20 +00:00
Chris PeBenito
bc85e826ec
trunk: promote networkmanager debian fc entries out of build options.
2008-09-12 12:14:52 +00:00
Chris PeBenito
8786916e8d
trunk: ntp and setrans update from dan.
2008-09-11 14:54:40 +00:00
Chris PeBenito
52ceaaac6e
trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr.
2008-09-11 14:02:53 +00:00
Chris PeBenito
ae3386373a
trunk: networkmanager/ppp patch from dan.
2008-09-11 13:35:06 +00:00
Chris PeBenito
859135dcdd
trunk: fix bad apcupsd interface name.
2008-09-09 15:56:26 +00:00
Chris PeBenito
54341818ac
trunk: fix fail2ban init script regex.
2008-09-05 14:37:35 +00:00
Chris PeBenito
6a824f630d
trunk: update mls constraints for x_application_data.
2008-09-05 14:27:01 +00:00
Chris PeBenito
cdac989dee
trunk: fail2ban update from dan.
2008-09-05 14:17:18 +00:00
Chris PeBenito
96851b1d63
trunk: fix bad require.
2008-09-03 15:37:24 +00:00
Chris PeBenito
a71e136cc3
trunk: add cyphesis from dan.
2008-09-03 14:46:10 +00:00
Chris PeBenito
e40fa634b2
trunk: Logrotate and Bind updates from Vaclav Ovsik.
2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635
trunk: first part of init script labeling support.
2008-08-29 19:00:02 +00:00
Chris PeBenito
9bcfb6dfa5
trunk: hplip uses dbus.
2008-08-29 14:25:09 +00:00
Chris PeBenito
24af9b1d34
trunk: inetd update from dan.
2008-08-29 13:21:53 +00:00
Chris PeBenito
e4171e8048
trunk: fix unconfined mail sending out by postfix and qmail.
2008-08-29 12:50:31 +00:00
Chris PeBenito
c11057f7ae
trunk: fedora update cherry picked by david hardeman.
2008-08-22 15:17:01 +00:00
Chris PeBenito
32f8ff393b
trunk: add w3c from dan.
2008-08-21 13:52:52 +00:00
Chris PeBenito
93f445b8c0
trunk: firstboot update from dan.
2008-08-20 19:45:39 +00:00
Chris PeBenito
770c015f88
trunk: 2 patches from dan.
2008-08-14 15:10:41 +00:00
Chris PeBenito
3e59876583
trunk: 6 patches from the fedora policy, cherry picked by david hardeman.
2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac
trunk: two small patches from dan.
2008-08-14 13:08:53 +00:00
Chris PeBenito
9acf481bd0
trunk: fix from fedora policy, cherry picked from David Hardeman.
2008-08-12 19:52:29 +00:00
Chris PeBenito
9c4500b2f4
trunk: Glibc 2.7 fix from Vaclav Ovsik.
2008-08-12 19:33:18 +00:00
Chris PeBenito
cc1eee1202
trunk: add an empty m4 string so the index macro is not invoked, to prevent a warning.
2008-08-12 19:30:54 +00:00
Chris PeBenito
e0ed765c0e
trunk: 3 patches from the fedora policy, cherry picked by David Hardeman.
2008-08-11 14:03:36 +00:00
Chris PeBenito
7aabe358f4
trunk: missed fixes on previous commit.
2008-08-07 14:45:37 +00:00
Chris PeBenito
8a948caf2b
trunk: 11 more cherry picks from fedora policy, by david hardeman.
2008-08-07 14:17:50 +00:00
Chris PeBenito
b81bfc2651
trunk: Samba/winbind update from Mike Edenfield.
2008-08-05 12:54:11 +00:00
Chris PeBenito
3338f231d5
trunk: Policy size optimization with a non-security file attribute from James Carter.
2008-07-31 14:05:46 +00:00
Chris PeBenito
d13f876df7
trunk: another patch from the fedora policy, cherry picked by david hrdeman.
2008-07-28 15:10:32 +00:00
Chris PeBenito
556556cdd0
trunk: 3 more cherry picked Fedora fixes from David Hrdeman.
2008-07-25 12:11:14 +00:00
Chris PeBenito
dc1920b218
trunk: Database labeled networking update from KaiGai Kohei.
2008-07-25 04:07:09 +00:00
Chris PeBenito
6224fc1485
trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
Chris PeBenito
2b592aa495
trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus
2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086
trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage.
2008-07-15 15:33:51 +00:00
Chris PeBenito
cfcf5004e5
trunk: bump versions for release.
2008-07-02 14:07:57 +00:00
Chris PeBenito
6aa9918259
trunk: drop workaround rules.
2008-07-02 12:17:38 +00:00
Chris PeBenito
e311e23a44
trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.
2008-07-01 13:57:53 +00:00
Chris PeBenito
5fe7de9ea9
trunk: apache script connections to postgres, from kaigai.
2008-06-25 13:03:59 +00:00
Chris PeBenito
f7eaeebbae
trunk: more xml doc fixes.
2008-06-24 14:43:47 +00:00
Chris PeBenito
c5cfd2d405
trunk: Add unused interface/template parameter metadata in XML.
2008-06-24 14:23:40 +00:00
Chris PeBenito
8c6292b7a4
trunk: Patch to handle postfix data_directory from Vaclav Ovsik.
2008-06-24 13:21:35 +00:00
Chris PeBenito
7f4005e348
trunk: fix up stored procedure naming patch from kaigai.
2008-06-24 12:57:06 +00:00
Chris PeBenito
b1a903654f
trunk: add missing requires.
2008-06-24 12:53:30 +00:00
Chris PeBenito
a713ad8b8a
trunk: pull in most of dans vmware patch.
2008-06-18 15:35:49 +00:00
Chris PeBenito
c54eb87d43
trunk: two small updates from dan.
2008-06-18 13:15:25 +00:00
Chris PeBenito
131634a581
trunk: podsleuth and hal updates from dan.
2008-06-17 14:07:44 +00:00
Chris PeBenito
eb4216397c
trunk: add qemu and virt from dan.
2008-06-16 18:59:07 +00:00
Chris PeBenito
fe5618edf5
trunk: add /usr/lib32 symlink labeling for debian.
2008-06-13 13:55:22 +00:00
Chris PeBenito
8e7d43c8ac
trunk: additional patch from kaigai to fix up some type transitions for unpriv clients.
2008-06-13 13:33:36 +00:00
Chris PeBenito
e8cb08aefa
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
Chris PeBenito
67b6207a9e
trunk: trivial kernel patch from dan.
2008-06-07 13:53:29 +00:00
Chris PeBenito
ef55a11980
trunk: Patch for X.org dbus support from Martin Orr.
2008-06-07 13:31:48 +00:00
Chris PeBenito
4b28c2ecc2
trunk: misc gentoo fc fixes.
2008-06-06 03:40:27 +00:00
Chris PeBenito
cdbd09f65e
trunk: add prelude from dan.
2008-06-06 03:13:42 +00:00
Chris PeBenito
147af4d309
trunk: misc fixes.
2008-05-27 18:09:18 +00:00
Chris PeBenito
d87efeec73
trunk: fixes for gentoo targeted systems.
2008-05-27 12:07:03 +00:00
Chris PeBenito
b4921b5804
trunk: fs update from dan.
2008-05-26 21:07:22 +00:00
Chris PeBenito
308baad28c
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
Chris PeBenito
0ecd829ab4
trunk: add additional portage log locations.
2008-05-26 18:37:05 +00:00
Chris PeBenito
8926b25f39
trunk: tweak kerneloops.
2008-05-26 17:48:56 +00:00
Chris PeBenito
782c10e949
trunk: add kerneloops from dan.
2008-05-26 17:47:49 +00:00
Chris PeBenito
ff79b83c51
trunk: add kismet from dan.
2008-05-26 15:35:25 +00:00
Chris PeBenito
cbe82b179b
trunk: start adding open perm to obvious places.
2008-05-23 18:22:57 +00:00
Chris PeBenito
7d8fbdc062
trunk: fix bad cifs interface.
2008-05-23 14:41:36 +00:00
Chris PeBenito
e6fdb59601
trunk: fix typo
2008-05-23 13:50:38 +00:00
Chris PeBenito
8db508568b
trunk: temp workaround for toolchain breakage.
2008-05-23 12:52:31 +00:00
Chris PeBenito
4416c416fa
trunk: Module loading now requires setsched on kernel threads.
2008-05-22 18:39:03 +00:00
Chris PeBenito
b34db7a8ec
trunk: another pile of misc fixes.
2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0
trunk: a pile of misc fixes, mainly sync xml docs with interface implementation.
2008-05-15 13:10:34 +00:00
Chris PeBenito
a42ce93a4d
trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
2008-05-12 20:05:32 +00:00
Chris PeBenito
d923d54c08
trunk: X application data class from Eamon Walsh and Ted Toth.
2008-05-06 14:37:05 +00:00
Chris PeBenito
e9c6cda7da
trunk: Move user roles into individual modules.
2008-04-29 13:58:34 +00:00
Chris PeBenito
a0647afa0c
trunk: add missing mplayer_etc_t require in role template.
2008-04-21 12:47:09 +00:00
Chris PeBenito
7e11b74087
trunk: make hald_log_t a log file.
2008-04-18 16:04:15 +00:00
Chris PeBenito
f12302af92
trunk: hal xml doc fix pointed out by Rob Myers.
2008-04-18 15:55:03 +00:00
Chris PeBenito
2083db2e40
trunk: Cryptsetup runs shell scripts. Patch from Martin Orr.
2008-04-18 15:32:03 +00:00
Chris PeBenito
c07f9ccd18
trunk: Add file for enabling policy capabilities.
2008-04-18 14:21:01 +00:00
Chris PeBenito
75da4b8ad3
trunk: Patch to fix leaky interface/template call depth calculator from Vaclav Ovsik.
2008-04-18 12:57:01 +00:00
Chris PeBenito
8152a78836
trunk: 7 patches from dan.
2008-04-04 17:08:34 +00:00
Chris PeBenito
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
Chris PeBenito
e828954c63
trunk: 4 patches from dan.
2008-03-27 15:20:16 +00:00
Chris PeBenito
9377a3e59c
trunk: fix winbind socket connection interface for default location of the sock_file.
2008-03-21 14:18:13 +00:00
Chris PeBenito
9e8c3aa651
trunk: add type transition to fix mysql socket creation.
2008-03-21 14:16:17 +00:00
Chris PeBenito
2ed4f5aedf
trunk: small fixes for gentoo system.
2008-03-20 14:55:17 +00:00
Chris PeBenito
6e2123fc72
trunk: add wireshark.
2008-03-14 15:26:52 +00:00
Chris PeBenito
91d6c92160
trunk: a pair of tweaks from gentoo systems.
2008-03-14 14:55:34 +00:00
Chris PeBenito
47333d8246
trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.
2008-03-10 19:29:47 +00:00
Chris PeBenito
210607be61
trunk: Definitions for open permisson on file and similar objects from Eric Paris.
2008-03-04 20:19:29 +00:00
Chris PeBenito
e065ac8ab5
trunk: Apt updates for ptys and logs, from Martin Orr.
2008-03-04 19:48:58 +00:00
Chris PeBenito
01e8ff4ab3
trunk: rpc update from Vaclav Ovsik.
2008-03-04 19:14:08 +00:00
Chris PeBenito
737fcf232c
trunk: dontaudit init fds in loadkeys.
2008-03-04 18:48:30 +00:00
Chris PeBenito
d57a094347
trunk: Exim updates on Debian from Devin Carrawy.
2008-03-04 18:25:13 +00:00
Chris PeBenito
834401ff97
trunk: dovecot fix from Stefan Schulze Frielinghaus.
2008-02-25 19:31:03 +00:00
Chris PeBenito
90c3c561ef
trunk: fc fix and if addtion from Stefan Schulze Frielinghaus.
2008-02-25 14:20:56 +00:00
Chris PeBenito
9fa023ff58
trunk: Pam and samba updates from Stefan Schulze Frielinghaus.
2008-02-19 19:33:48 +00:00
Chris PeBenito
45b56b01e8
trunk: Backup update on Debian from Vaclav Ovsik.
2008-02-19 14:26:59 +00:00
Chris PeBenito
51223bfc56
trunk: Cracklib update on Deban from Vaclav Ovsik.
2008-02-19 14:06:11 +00:00
Chris PeBenito
ee6608baeb
trunk: 8 patches from dan.
2008-02-18 18:44:40 +00:00
Chris PeBenito
f508567646
trunk: 4 patches from dan.
2008-02-18 14:55:25 +00:00
Chris PeBenito
037fc0f4e6
trunk: label /proc/kallsyms with system_map_t.
2008-02-15 19:59:10 +00:00
Chris PeBenito
4f017813ab
trunk: fix pppd admin interface.
2008-02-14 16:03:24 +00:00
Chris PeBenito
6e7a1fc871
trunk: fix userdom_role_change_template() xml.
2008-02-13 20:26:18 +00:00
Chris PeBenito
f03433313a
trunk: labeled networking permission update from paul moore.
2008-02-12 14:46:29 +00:00
Chris PeBenito
8b9ffed517
trunk: add capability2 class, from Stephen Smalley.
2008-02-07 17:51:59 +00:00
Chris PeBenito
7a5e2d8a37
trunk: 12 patches from dan.
2008-02-07 16:37:47 +00:00
Chris PeBenito
12cf805e1c
trunk: add basic ubuntu support
2008-02-05 18:24:43 +00:00
Chris PeBenito
ce8a5299a8
trunk: 3 patches from dan.
2008-02-05 17:41:53 +00:00
Chris PeBenito
320ea98330
trunk: add 3rd party corenet interfaces for (secmark) packets.
2008-01-17 15:28:24 +00:00
Chris PeBenito
d4623f3d24
trunk: add setfcap capabiltiy, from Serge Hallyn.
2008-01-11 14:08:02 +00:00
Chris PeBenito
c8d4c38258
trunk: fix missing lo netif alias for standard and mcs configs.
2008-01-10 16:39:36 +00:00
Chris PeBenito
936f286c16
trunk: add mls constraints to dbus.
2008-01-03 20:37:25 +00:00
Chris PeBenito
9323a50bcc
trunk: add run_init domtrans to chk passwd.
2008-01-03 19:46:40 +00:00
Chris PeBenito
7cbfeb97cf
trunk: uncomment set loginuid for functional login programs under strict.
2008-01-03 18:30:45 +00:00
Chris PeBenito
f3da31d339
trunk: Labeled networking peer object class updates.
2008-01-03 16:20:01 +00:00
Chris PeBenito
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
Chris PeBenito
1abafe3707
trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581
trunk: several fc updates from dan.
2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae
trunk: add openoffice locations in gentoo.
2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e
trunk: Improve several tunables descriptions from Dan Walsh.
2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea
trunk: another round of nsswitch from dan.
2007-12-06 16:04:14 +00:00
Chris PeBenito
74d920c3b5
trunk: add setrlimit to debian cron.
2007-12-06 14:35:44 +00:00
Chris PeBenito
5f63dd12a3
trunk: fix xconsole rw interface.
2007-12-04 15:11:53 +00:00
Chris PeBenito
c0cf6e0a6e
trunk: clean up nsswitch usage, from dan.
2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215
trunk: add /dev symlink relabel since its not short circuited.
2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29
trunk: version bump for newrole fixes.
2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5
trunk: test fix 2 for newrole.
2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e
trunk: test fix for newrole.
2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5
trunk: handle early boot on debian, for /dev labeling.
2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da
trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik.
2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5
trunk: version bumps for previous commit.
2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb
trunk: More complete labeled networking infrastructure from KaiGai Kohei.
2007-11-26 16:44:57 +00:00
Chris PeBenito
8d1f9d9e14
trunk: add missing tcp_socket rules for xfs.
2007-11-19 20:36:33 +00:00
Chris PeBenito
6ab634a512
trunk: fix dup specification for /var/spool/cups/*
2007-11-16 20:03:18 +00:00
Chris PeBenito
ccf6611bdd
trunk: add unconfined_run_to().
2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1
trunk: switch newrole and run_init over to use nsswitch.
2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa
trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config().
2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d
trunk: reorganize selinuxutil.
2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c
trunk: 9 patches from dan.
2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762
trunk: 8 patches from dan.
2007-11-15 16:54:18 +00:00
Chris PeBenito
2999cea1f2
trunk: remove duplicate specifiction for /usr/lib/devices on debian.
2007-11-14 20:12:44 +00:00
Chris PeBenito
9820351703
trunk: add in polmatch for default spd.
2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6
trunk: add labeled networking support to unconfined.
2007-11-14 14:38:45 +00:00
Chris PeBenito
a56055e362
trunk: rearrange the bottom of domain.if and fix domain_ipsec_labels().
2007-11-14 13:40:25 +00:00
Chris PeBenito
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
Chris PeBenito
3b498a9105
trunk: add gentoo hal fc entry.
2007-11-12 14:17:39 +00:00
Chris PeBenito
4605adcba7
trunk: add postfixpolicyd from Jan-Frode Myklebust.
2007-11-07 20:17:44 +00:00
Chris PeBenito
eaed904cd5
trunk: 3 patches from dan.
2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e
trunk: fix init_ranged_system_domain range_transition object class, from james carter.
2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
Chris PeBenito
495df41602
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
Chris PeBenito
bd973e3e68
trunk: remove unused types from dbus.
2007-10-26 18:04:38 +00:00
Chris PeBenito
8e2fb69f88
trunk: filesystem patch from dan.
2007-10-24 18:37:26 +00:00
Chris PeBenito
6bf8bf4f5c
trunk: add exim from dan.
2007-10-24 15:07:40 +00:00
Chris PeBenito
3c99e5989a
trunk: add /var/lib search for system bus template.
2007-10-22 15:53:31 +00:00
Chris PeBenito
2f27163c1b
trunk: 3 patches from dan.
2007-10-18 19:31:14 +00:00
Chris PeBenito
a334d2918f
trunk: add infrastructure for managing user web content.
2007-10-18 19:23:33 +00:00
Chris PeBenito
e83edee5d2
trunk: fix do not userspace commons in kernel version of av_permissions.h.
2007-10-16 19:05:27 +00:00
Chris PeBenito
32c05ccbcd
trunk: fix flask.py Flask class userspace dictionary usage.
2007-10-16 18:56:32 +00:00
Chris PeBenito
651df3ceb6
trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes.
2007-10-16 18:30:23 +00:00
Chris PeBenito
3a9096d94f
trunk: do not emit S_(0, 0, 0) in kernel headers for userspace classes that inherit commons.
2007-10-16 16:02:51 +00:00
Chris PeBenito
36627094e8
trunk: fix unconditional call to nscd from usermanage run interfaces.
2007-10-15 18:16:00 +00:00
Chris PeBenito
a27d1c6e84
trunk: gdm is in /usr/sbin on rawhide machines, from Eamon Walsh.
2007-10-15 17:50:07 +00:00
Chris PeBenito
f48782758e
trunk: reorganize amanda and bind
2007-10-12 17:50:11 +00:00
Chris PeBenito
bc01b352f6
trunk: 2 patches from dan.
2007-10-12 17:35:56 +00:00
Chris PeBenito
cdf98fedc0
trunk: 10 patches from dan.
2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
Chris PeBenito
81d4c88f8c
trunk: remove stale user_net_control reference in usernetctl.if.
2007-10-08 13:38:25 +00:00
Chris PeBenito
6c53a10e28
trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust.
2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
aef93a760f
trunk: one-liner from Shintaro Fujiwara
2007-09-26 14:28:20 +00:00
Chris PeBenito
4ddc7ba539
trunk: xml doc one-liner from Stefan Schulze Frielinghaus.
2007-09-24 13:01:17 +00:00
Chris PeBenito
ff4085dacc
trunk: one-liner from Shintaro Fujiwara.
2007-09-18 19:49:35 +00:00
Chris PeBenito
6f49b490b8
trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara.
2007-09-17 18:04:35 +00:00
Chris PeBenito
0cf6df55e5
trunk: add awstats from Stefan Schulze Frielinghaus.
2007-09-17 17:25:40 +00:00
Chris PeBenito
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00
Chris PeBenito
14add30d03
trunk: 3 patches from dan.
2007-09-12 14:53:39 +00:00
Chris PeBenito
134a799c75
trunk: 3 patches from dan.
2007-09-11 19:24:32 +00:00
Chris PeBenito
8a9d6f6449
trunk: 6 patches from dan.
2007-09-07 13:41:20 +00:00
Chris PeBenito
abc89340c4
trunk: two tiny patches from Stefan Schulze Frielinghaus
2007-09-06 19:29:54 +00:00