Chris PeBenito
42d567c3f4
trunk: 6 patches from dan.
2009-03-31 13:40:59 +00:00
Chris PeBenito
8f800d48df
trunk: 14 patches from dan.
2009-03-23 14:56:43 +00:00
Chris PeBenito
244b45d225
trunk: 3 patches from dan.
2009-03-20 13:58:15 +00:00
Chris PeBenito
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
Chris PeBenito
d3cdc3d07c
trunk: add open perm to sock_file.
2009-03-11 14:58:03 +00:00
Chris PeBenito
79a5a8084d
trunk: 2 patches from dan.
2009-03-11 14:19:50 +00:00
Chris PeBenito
c90440a7cd
trunk: 4 patches from dan.
2009-03-11 13:32:23 +00:00
Chris PeBenito
e21bd28bc8
trunk: add mysql db lnk_file transition.
2009-03-11 11:59:04 +00:00
Chris PeBenito
da04234f32
trunk: 5 patches from dan.
2009-03-10 19:32:04 +00:00
Chris PeBenito
11c944faf1
trunk: fix typo in devices file contexts.
2009-03-05 17:46:22 +00:00
Chris PeBenito
2c664e7fb8
trunk: storage patch from dan.
2009-03-05 15:49:41 +00:00
Chris PeBenito
7b76207e37
trunk: devices patch from dan.
2009-03-05 15:36:41 +00:00
Chris PeBenito
be5aaebfd6
trunk: corecommands patch from dan.
2009-03-05 14:43:03 +00:00
Chris PeBenito
b4ad699e57
trunk: add nlmsg_tty_audit permission.
2009-03-05 14:11:24 +00:00
Chris PeBenito
c45fdad85b
trunk: filesystem patch from dan.
2009-03-04 15:53:07 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
Chris PeBenito
81fa19ed73
trunk: remove unused udev_runtime_t type.
2009-02-24 19:31:08 +00:00
Chris PeBenito
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
Chris PeBenito
f79314234a
trunk: 6 patches from dan.
2009-02-11 19:28:30 +00:00
Chris PeBenito
c1e501136b
trunk: add context contains to setrans.
2009-02-09 13:58:22 +00:00
Chris PeBenito
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09
trunk: btrfs from Paul Moore.
2009-01-30 13:44:14 +00:00
Chris PeBenito
466e22a8ba
trunk: Add db_procedure install permission from KaiGai Kohei.
2009-01-23 19:49:36 +00:00
Chris PeBenito
019dfaf9dc
trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project.
2009-01-15 20:31:06 +00:00
Chris PeBenito
64daa85393
trunk: add sysadm_entry_spec_domtrans_to() interface from clip.
2009-01-15 15:07:37 +00:00
Chris PeBenito
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
Chris PeBenito
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
Chris PeBenito
59d599642e
trunk: fix certwatch version number.
2009-01-06 19:33:24 +00:00
Chris PeBenito
347a701119
trunk: Add kernel_service access vectors, from Stephen Smalley.
2009-01-05 21:44:33 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
3196971ae8
trunk: Fix consistency of audioentropy and iscsi module naming.
2008-12-09 16:47:33 +00:00
Chris PeBenito
9ff89c44e7
trunk: 2 patches from dan.
2008-12-04 15:01:12 +00:00
Chris PeBenito
f657cb14e5
trunk: fix role change constraint.
2008-12-03 20:16:08 +00:00
Chris PeBenito
ff8f0a63f4
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13
trunk: whitespace fix changing multiple spaces into tabs.
2008-12-03 18:33:19 +00:00
Chris PeBenito
a057e0462e
trunk: fix missing xml parameter.
2008-12-03 15:51:53 +00:00
Chris PeBenito
fb4826f424
trunk: 3 patches from dan.
2008-12-03 15:21:33 +00:00
Chris PeBenito
14c0edc7e9
trunk: 2 patches from dan.
2008-12-02 22:40:49 +00:00
Chris PeBenito
b3eb124654
trunk: Debian file context fix for xen from Russell Coker.
2008-11-24 15:34:54 +00:00
Chris PeBenito
b9e5238a24
trunk: add milter module from Paul Howarth.
2008-11-24 15:06:58 +00:00
Chris PeBenito
b3b607eb43
trunk: a fix on the previous commit.
2008-11-19 16:02:13 +00:00
Chris PeBenito
fcee22ad0d
trunk: 5 patches from dan.
2008-11-19 15:24:10 +00:00
Chris PeBenito
01e9e7dbf5
trunk: 4 patches from dan.
2008-11-18 19:55:10 +00:00
Chris PeBenito
659c8650c7
trunk 2 patches from dan.
2008-11-17 15:48:12 +00:00
Chris PeBenito
7f49194215
trunk: Xserver MLS fix from Eamon Walsh.
2008-11-17 13:49:19 +00:00
Chris PeBenito
7a4c282536
trunk: fix logging admin interfaces.
2008-11-14 13:53:21 +00:00
Chris PeBenito
23d5ab8de7
trunk: fix disable ubac condition for process perms.
2008-11-14 13:17:51 +00:00
Chris PeBenito
73c77e2c9b
trunk: 2 fixes from martin orr.
2008-11-13 18:44:23 +00:00
Chris PeBenito
99282e6be0
trunk: add omapi port for dhcpcd.
2008-11-12 13:11:00 +00:00
Chris PeBenito
5843d066b6
trunk: 10 patches from dan.
2008-11-11 16:38:34 +00:00
Chris PeBenito
27337d8c21
trunk: patch from Mike Edenfield to add udevadm fc entry.
2008-11-11 15:03:06 +00:00
Chris PeBenito
657c226c40
trunk: 7 patches from dan.
2008-11-06 22:36:50 +00:00
Chris PeBenito
ba796982df
trunk: tweaks from russell and martin orr.
2008-11-06 15:01:15 +00:00
Chris PeBenito
0003940ff2
trunk: add missing ubac module.
2008-11-05 16:11:27 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
932c3536f8
trunk: additional open fixes.
2008-11-04 14:37:05 +00:00
Chris PeBenito
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
Chris PeBenito
6e68e6bb5e
trunk: Move shared library calls from individual modules to the domain module.
2008-10-17 17:36:56 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
Chris PeBenito
2a98379a24
trunk: additional whitespace fixes.
2008-10-17 15:52:39 +00:00
Chris PeBenito
88cf0a9c2b
trunk: whitespace fix; collapse multiple blank lines into one.
2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40
trunk: Remove hierarchy from portage module as it is not a good example of hieararchy.
2008-10-15 19:56:33 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
74993c4dae
trunk: 8 patches from dan.
2008-10-13 15:06:23 +00:00
Chris PeBenito
aa7c463e5d
trunk: a pile of misc fixes.
2008-10-13 13:36:50 +00:00
Chris PeBenito
06099da657
trunk: 3 patches from dan.
2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
Chris PeBenito
967fd1ba3f
trunk: 8 patches from dan.
2008-10-08 20:03:24 +00:00
Chris PeBenito
e87221cefe
trunk: 21 patches from dan.
2008-10-08 15:50:03 +00:00
Chris PeBenito
ed8ae5ebeb
trunk: fix typo
2008-10-06 18:33:44 +00:00
Chris PeBenito
12c61f36f4
trunk: 7 patches from dan, 1 from eamon.
2008-10-06 17:27:49 +00:00
Chris PeBenito
73edbc9101
trunk: add oident from dominick grift.
2008-10-06 14:01:59 +00:00
Chris PeBenito
6d8af27cad
trunk: fix dupe fc.
2008-10-03 13:17:56 +00:00
Chris PeBenito
4bdf192962
trunk: firstboot update from dan.
2008-10-02 17:32:03 +00:00
Chris PeBenito
bf9f3480e5
trunk: readahead fix from dan.
2008-09-23 13:07:28 +00:00
Chris PeBenito
3daef6999a
trunk: cvs update from dan.
2008-09-23 12:56:00 +00:00
Chris PeBenito
4a475507be
trunk: remove stale pax class comments as that class was removed.
2008-09-22 19:06:34 +00:00
Chris PeBenito
88c02e0538
trunk: init script for setrans.
2008-09-18 18:20:31 +00:00
Chris PeBenito
658f4d3dd9
trunk: rpcbind update from dan.
2008-09-18 18:09:34 +00:00
Chris PeBenito
fd49feff49
trunk: last bit of wpa_supplicant update from martin orr.
2008-09-18 15:06:29 +00:00
Chris PeBenito
c9824ec5ce
trunk: remove incomplete sshd_extern.
2008-09-18 14:06:30 +00:00
Chris PeBenito
64c5b9975b
trunk: add interface to transition to initrc_t on labeled init scripts.
2008-09-18 13:47:43 +00:00
Chris PeBenito
cfafe4a7a8
trunk: logging update from dan.
2008-09-18 13:20:57 +00:00
Chris PeBenito
f5394cc3cb
trunk: bind update from dan.
2008-09-15 17:02:57 +00:00
Chris PeBenito
48f6456344
trunk: rename labeled init scripts with initrc convention.
2008-09-15 14:20:20 +00:00
Chris PeBenito
a46b60549a
trunk: squid update from dan.
2008-09-15 13:31:28 +00:00
Chris PeBenito
21ea2b1884
trunk: firstboot update from dan.
2008-09-12 15:54:11 +00:00
Chris PeBenito
36095d11ce
trunk: kudzu and mta patches from dan.
2008-09-12 14:18:20 +00:00
Chris PeBenito
bc85e826ec
trunk: promote networkmanager debian fc entries out of build options.
2008-09-12 12:14:52 +00:00
Chris PeBenito
8786916e8d
trunk: ntp and setrans update from dan.
2008-09-11 14:54:40 +00:00
Chris PeBenito
52ceaaac6e
trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr.
2008-09-11 14:02:53 +00:00
Chris PeBenito
ae3386373a
trunk: networkmanager/ppp patch from dan.
2008-09-11 13:35:06 +00:00
Chris PeBenito
859135dcdd
trunk: fix bad apcupsd interface name.
2008-09-09 15:56:26 +00:00
Chris PeBenito
54341818ac
trunk: fix fail2ban init script regex.
2008-09-05 14:37:35 +00:00
Chris PeBenito
6a824f630d
trunk: update mls constraints for x_application_data.
2008-09-05 14:27:01 +00:00
Chris PeBenito
cdac989dee
trunk: fail2ban update from dan.
2008-09-05 14:17:18 +00:00
Chris PeBenito
96851b1d63
trunk: fix bad require.
2008-09-03 15:37:24 +00:00
Chris PeBenito
a71e136cc3
trunk: add cyphesis from dan.
2008-09-03 14:46:10 +00:00
Chris PeBenito
e40fa634b2
trunk: Logrotate and Bind updates from Vaclav Ovsik.
2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635
trunk: first part of init script labeling support.
2008-08-29 19:00:02 +00:00
Chris PeBenito
9bcfb6dfa5
trunk: hplip uses dbus.
2008-08-29 14:25:09 +00:00
Chris PeBenito
24af9b1d34
trunk: inetd update from dan.
2008-08-29 13:21:53 +00:00
Chris PeBenito
e4171e8048
trunk: fix unconfined mail sending out by postfix and qmail.
2008-08-29 12:50:31 +00:00
Chris PeBenito
c11057f7ae
trunk: fedora update cherry picked by david hardeman.
2008-08-22 15:17:01 +00:00
Chris PeBenito
32f8ff393b
trunk: add w3c from dan.
2008-08-21 13:52:52 +00:00
Chris PeBenito
93f445b8c0
trunk: firstboot update from dan.
2008-08-20 19:45:39 +00:00
Chris PeBenito
770c015f88
trunk: 2 patches from dan.
2008-08-14 15:10:41 +00:00
Chris PeBenito
3e59876583
trunk: 6 patches from the fedora policy, cherry picked by david hardeman.
2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac
trunk: two small patches from dan.
2008-08-14 13:08:53 +00:00
Chris PeBenito
9acf481bd0
trunk: fix from fedora policy, cherry picked from David Hardeman.
2008-08-12 19:52:29 +00:00
Chris PeBenito
9c4500b2f4
trunk: Glibc 2.7 fix from Vaclav Ovsik.
2008-08-12 19:33:18 +00:00
Chris PeBenito
cc1eee1202
trunk: add an empty m4 string so the index macro is not invoked, to prevent a warning.
2008-08-12 19:30:54 +00:00
Chris PeBenito
e0ed765c0e
trunk: 3 patches from the fedora policy, cherry picked by David Hardeman.
2008-08-11 14:03:36 +00:00
Chris PeBenito
7aabe358f4
trunk: missed fixes on previous commit.
2008-08-07 14:45:37 +00:00
Chris PeBenito
8a948caf2b
trunk: 11 more cherry picks from fedora policy, by david hardeman.
2008-08-07 14:17:50 +00:00
Chris PeBenito
b81bfc2651
trunk: Samba/winbind update from Mike Edenfield.
2008-08-05 12:54:11 +00:00
Chris PeBenito
3338f231d5
trunk: Policy size optimization with a non-security file attribute from James Carter.
2008-07-31 14:05:46 +00:00
Chris PeBenito
d13f876df7
trunk: another patch from the fedora policy, cherry picked by david hrdeman.
2008-07-28 15:10:32 +00:00
Chris PeBenito
556556cdd0
trunk: 3 more cherry picked Fedora fixes from David Hrdeman.
2008-07-25 12:11:14 +00:00
Chris PeBenito
dc1920b218
trunk: Database labeled networking update from KaiGai Kohei.
2008-07-25 04:07:09 +00:00
Chris PeBenito
6224fc1485
trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
Chris PeBenito
2b592aa495
trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus
2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086
trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage.
2008-07-15 15:33:51 +00:00
Chris PeBenito
cfcf5004e5
trunk: bump versions for release.
2008-07-02 14:07:57 +00:00
Chris PeBenito
6aa9918259
trunk: drop workaround rules.
2008-07-02 12:17:38 +00:00
Chris PeBenito
e311e23a44
trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.
2008-07-01 13:57:53 +00:00
Chris PeBenito
5fe7de9ea9
trunk: apache script connections to postgres, from kaigai.
2008-06-25 13:03:59 +00:00
Chris PeBenito
f7eaeebbae
trunk: more xml doc fixes.
2008-06-24 14:43:47 +00:00
Chris PeBenito
c5cfd2d405
trunk: Add unused interface/template parameter metadata in XML.
2008-06-24 14:23:40 +00:00
Chris PeBenito
8c6292b7a4
trunk: Patch to handle postfix data_directory from Vaclav Ovsik.
2008-06-24 13:21:35 +00:00
Chris PeBenito
7f4005e348
trunk: fix up stored procedure naming patch from kaigai.
2008-06-24 12:57:06 +00:00
Chris PeBenito
b1a903654f
trunk: add missing requires.
2008-06-24 12:53:30 +00:00
Chris PeBenito
a713ad8b8a
trunk: pull in most of dans vmware patch.
2008-06-18 15:35:49 +00:00
Chris PeBenito
c54eb87d43
trunk: two small updates from dan.
2008-06-18 13:15:25 +00:00
Chris PeBenito
131634a581
trunk: podsleuth and hal updates from dan.
2008-06-17 14:07:44 +00:00
Chris PeBenito
eb4216397c
trunk: add qemu and virt from dan.
2008-06-16 18:59:07 +00:00
Chris PeBenito
fe5618edf5
trunk: add /usr/lib32 symlink labeling for debian.
2008-06-13 13:55:22 +00:00
Chris PeBenito
8e7d43c8ac
trunk: additional patch from kaigai to fix up some type transitions for unpriv clients.
2008-06-13 13:33:36 +00:00
Chris PeBenito
e8cb08aefa
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
Chris PeBenito
67b6207a9e
trunk: trivial kernel patch from dan.
2008-06-07 13:53:29 +00:00
Chris PeBenito
ef55a11980
trunk: Patch for X.org dbus support from Martin Orr.
2008-06-07 13:31:48 +00:00
Chris PeBenito
4b28c2ecc2
trunk: misc gentoo fc fixes.
2008-06-06 03:40:27 +00:00
Chris PeBenito
cdbd09f65e
trunk: add prelude from dan.
2008-06-06 03:13:42 +00:00
Chris PeBenito
147af4d309
trunk: misc fixes.
2008-05-27 18:09:18 +00:00
Chris PeBenito
d87efeec73
trunk: fixes for gentoo targeted systems.
2008-05-27 12:07:03 +00:00
Chris PeBenito
b4921b5804
trunk: fs update from dan.
2008-05-26 21:07:22 +00:00
Chris PeBenito
308baad28c
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
Chris PeBenito
0ecd829ab4
trunk: add additional portage log locations.
2008-05-26 18:37:05 +00:00
Chris PeBenito
8926b25f39
trunk: tweak kerneloops.
2008-05-26 17:48:56 +00:00
Chris PeBenito
782c10e949
trunk: add kerneloops from dan.
2008-05-26 17:47:49 +00:00
Chris PeBenito
ff79b83c51
trunk: add kismet from dan.
2008-05-26 15:35:25 +00:00
Chris PeBenito
cbe82b179b
trunk: start adding open perm to obvious places.
2008-05-23 18:22:57 +00:00
Chris PeBenito
7d8fbdc062
trunk: fix bad cifs interface.
2008-05-23 14:41:36 +00:00
Chris PeBenito
e6fdb59601
trunk: fix typo
2008-05-23 13:50:38 +00:00
Chris PeBenito
8db508568b
trunk: temp workaround for toolchain breakage.
2008-05-23 12:52:31 +00:00
Chris PeBenito
4416c416fa
trunk: Module loading now requires setsched on kernel threads.
2008-05-22 18:39:03 +00:00
Chris PeBenito
b34db7a8ec
trunk: another pile of misc fixes.
2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0
trunk: a pile of misc fixes, mainly sync xml docs with interface implementation.
2008-05-15 13:10:34 +00:00
Chris PeBenito
a42ce93a4d
trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
2008-05-12 20:05:32 +00:00
Chris PeBenito
d923d54c08
trunk: X application data class from Eamon Walsh and Ted Toth.
2008-05-06 14:37:05 +00:00
Chris PeBenito
e9c6cda7da
trunk: Move user roles into individual modules.
2008-04-29 13:58:34 +00:00
Chris PeBenito
a0647afa0c
trunk: add missing mplayer_etc_t require in role template.
2008-04-21 12:47:09 +00:00
Chris PeBenito
7e11b74087
trunk: make hald_log_t a log file.
2008-04-18 16:04:15 +00:00
Chris PeBenito
f12302af92
trunk: hal xml doc fix pointed out by Rob Myers.
2008-04-18 15:55:03 +00:00
Chris PeBenito
2083db2e40
trunk: Cryptsetup runs shell scripts. Patch from Martin Orr.
2008-04-18 15:32:03 +00:00
Chris PeBenito
c07f9ccd18
trunk: Add file for enabling policy capabilities.
2008-04-18 14:21:01 +00:00
Chris PeBenito
75da4b8ad3
trunk: Patch to fix leaky interface/template call depth calculator from Vaclav Ovsik.
2008-04-18 12:57:01 +00:00
Chris PeBenito
8152a78836
trunk: 7 patches from dan.
2008-04-04 17:08:34 +00:00
Chris PeBenito
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
Chris PeBenito
e828954c63
trunk: 4 patches from dan.
2008-03-27 15:20:16 +00:00
Chris PeBenito
9377a3e59c
trunk: fix winbind socket connection interface for default location of the sock_file.
2008-03-21 14:18:13 +00:00
Chris PeBenito
9e8c3aa651
trunk: add type transition to fix mysql socket creation.
2008-03-21 14:16:17 +00:00
Chris PeBenito
2ed4f5aedf
trunk: small fixes for gentoo system.
2008-03-20 14:55:17 +00:00
Chris PeBenito
6e2123fc72
trunk: add wireshark.
2008-03-14 15:26:52 +00:00
Chris PeBenito
91d6c92160
trunk: a pair of tweaks from gentoo systems.
2008-03-14 14:55:34 +00:00
Chris PeBenito
47333d8246
trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.
2008-03-10 19:29:47 +00:00
Chris PeBenito
210607be61
trunk: Definitions for open permisson on file and similar objects from Eric Paris.
2008-03-04 20:19:29 +00:00
Chris PeBenito
e065ac8ab5
trunk: Apt updates for ptys and logs, from Martin Orr.
2008-03-04 19:48:58 +00:00
Chris PeBenito
01e8ff4ab3
trunk: rpc update from Vaclav Ovsik.
2008-03-04 19:14:08 +00:00
Chris PeBenito
737fcf232c
trunk: dontaudit init fds in loadkeys.
2008-03-04 18:48:30 +00:00
Chris PeBenito
d57a094347
trunk: Exim updates on Debian from Devin Carrawy.
2008-03-04 18:25:13 +00:00
Chris PeBenito
834401ff97
trunk: dovecot fix from Stefan Schulze Frielinghaus.
2008-02-25 19:31:03 +00:00
Chris PeBenito
90c3c561ef
trunk: fc fix and if addtion from Stefan Schulze Frielinghaus.
2008-02-25 14:20:56 +00:00
Chris PeBenito
9fa023ff58
trunk: Pam and samba updates from Stefan Schulze Frielinghaus.
2008-02-19 19:33:48 +00:00
Chris PeBenito
45b56b01e8
trunk: Backup update on Debian from Vaclav Ovsik.
2008-02-19 14:26:59 +00:00
Chris PeBenito
51223bfc56
trunk: Cracklib update on Deban from Vaclav Ovsik.
2008-02-19 14:06:11 +00:00
Chris PeBenito
ee6608baeb
trunk: 8 patches from dan.
2008-02-18 18:44:40 +00:00
Chris PeBenito
f508567646
trunk: 4 patches from dan.
2008-02-18 14:55:25 +00:00
Chris PeBenito
037fc0f4e6
trunk: label /proc/kallsyms with system_map_t.
2008-02-15 19:59:10 +00:00
Chris PeBenito
4f017813ab
trunk: fix pppd admin interface.
2008-02-14 16:03:24 +00:00
Chris PeBenito
6e7a1fc871
trunk: fix userdom_role_change_template() xml.
2008-02-13 20:26:18 +00:00
Chris PeBenito
f03433313a
trunk: labeled networking permission update from paul moore.
2008-02-12 14:46:29 +00:00
Chris PeBenito
8b9ffed517
trunk: add capability2 class, from Stephen Smalley.
2008-02-07 17:51:59 +00:00
Chris PeBenito
7a5e2d8a37
trunk: 12 patches from dan.
2008-02-07 16:37:47 +00:00
Chris PeBenito
12cf805e1c
trunk: add basic ubuntu support
2008-02-05 18:24:43 +00:00
Chris PeBenito
ce8a5299a8
trunk: 3 patches from dan.
2008-02-05 17:41:53 +00:00
Chris PeBenito
320ea98330
trunk: add 3rd party corenet interfaces for (secmark) packets.
2008-01-17 15:28:24 +00:00
Chris PeBenito
d4623f3d24
trunk: add setfcap capabiltiy, from Serge Hallyn.
2008-01-11 14:08:02 +00:00
Chris PeBenito
c8d4c38258
trunk: fix missing lo netif alias for standard and mcs configs.
2008-01-10 16:39:36 +00:00
Chris PeBenito
936f286c16
trunk: add mls constraints to dbus.
2008-01-03 20:37:25 +00:00
Chris PeBenito
9323a50bcc
trunk: add run_init domtrans to chk passwd.
2008-01-03 19:46:40 +00:00
Chris PeBenito
7cbfeb97cf
trunk: uncomment set loginuid for functional login programs under strict.
2008-01-03 18:30:45 +00:00
Chris PeBenito
f3da31d339
trunk: Labeled networking peer object class updates.
2008-01-03 16:20:01 +00:00
Chris PeBenito
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
Chris PeBenito
1abafe3707
trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581
trunk: several fc updates from dan.
2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae
trunk: add openoffice locations in gentoo.
2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e
trunk: Improve several tunables descriptions from Dan Walsh.
2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea
trunk: another round of nsswitch from dan.
2007-12-06 16:04:14 +00:00
Chris PeBenito
74d920c3b5
trunk: add setrlimit to debian cron.
2007-12-06 14:35:44 +00:00
Chris PeBenito
5f63dd12a3
trunk: fix xconsole rw interface.
2007-12-04 15:11:53 +00:00
Chris PeBenito
c0cf6e0a6e
trunk: clean up nsswitch usage, from dan.
2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215
trunk: add /dev symlink relabel since its not short circuited.
2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29
trunk: version bump for newrole fixes.
2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5
trunk: test fix 2 for newrole.
2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e
trunk: test fix for newrole.
2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5
trunk: handle early boot on debian, for /dev labeling.
2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da
trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik.
2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5
trunk: version bumps for previous commit.
2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb
trunk: More complete labeled networking infrastructure from KaiGai Kohei.
2007-11-26 16:44:57 +00:00
Chris PeBenito
8d1f9d9e14
trunk: add missing tcp_socket rules for xfs.
2007-11-19 20:36:33 +00:00
Chris PeBenito
6ab634a512
trunk: fix dup specification for /var/spool/cups/*
2007-11-16 20:03:18 +00:00
Chris PeBenito
ccf6611bdd
trunk: add unconfined_run_to().
2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1
trunk: switch newrole and run_init over to use nsswitch.
2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa
trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config().
2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d
trunk: reorganize selinuxutil.
2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c
trunk: 9 patches from dan.
2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762
trunk: 8 patches from dan.
2007-11-15 16:54:18 +00:00
Chris PeBenito
2999cea1f2
trunk: remove duplicate specifiction for /usr/lib/devices on debian.
2007-11-14 20:12:44 +00:00
Chris PeBenito
9820351703
trunk: add in polmatch for default spd.
2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6
trunk: add labeled networking support to unconfined.
2007-11-14 14:38:45 +00:00
Chris PeBenito
a56055e362
trunk: rearrange the bottom of domain.if and fix domain_ipsec_labels().
2007-11-14 13:40:25 +00:00
Chris PeBenito
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
Chris PeBenito
3b498a9105
trunk: add gentoo hal fc entry.
2007-11-12 14:17:39 +00:00
Chris PeBenito
4605adcba7
trunk: add postfixpolicyd from Jan-Frode Myklebust.
2007-11-07 20:17:44 +00:00
Chris PeBenito
eaed904cd5
trunk: 3 patches from dan.
2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e
trunk: fix init_ranged_system_domain range_transition object class, from james carter.
2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
Chris PeBenito
495df41602
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
Chris PeBenito
bd973e3e68
trunk: remove unused types from dbus.
2007-10-26 18:04:38 +00:00
Chris PeBenito
8e2fb69f88
trunk: filesystem patch from dan.
2007-10-24 18:37:26 +00:00
Chris PeBenito
6bf8bf4f5c
trunk: add exim from dan.
2007-10-24 15:07:40 +00:00
Chris PeBenito
3c99e5989a
trunk: add /var/lib search for system bus template.
2007-10-22 15:53:31 +00:00
Chris PeBenito
2f27163c1b
trunk: 3 patches from dan.
2007-10-18 19:31:14 +00:00
Chris PeBenito
a334d2918f
trunk: add infrastructure for managing user web content.
2007-10-18 19:23:33 +00:00
Chris PeBenito
e83edee5d2
trunk: fix do not userspace commons in kernel version of av_permissions.h.
2007-10-16 19:05:27 +00:00
Chris PeBenito
32c05ccbcd
trunk: fix flask.py Flask class userspace dictionary usage.
2007-10-16 18:56:32 +00:00
Chris PeBenito
651df3ceb6
trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes.
2007-10-16 18:30:23 +00:00
Chris PeBenito
3a9096d94f
trunk: do not emit S_(0, 0, 0) in kernel headers for userspace classes that inherit commons.
2007-10-16 16:02:51 +00:00
Chris PeBenito
36627094e8
trunk: fix unconditional call to nscd from usermanage run interfaces.
2007-10-15 18:16:00 +00:00
Chris PeBenito
a27d1c6e84
trunk: gdm is in /usr/sbin on rawhide machines, from Eamon Walsh.
2007-10-15 17:50:07 +00:00
Chris PeBenito
f48782758e
trunk: reorganize amanda and bind
2007-10-12 17:50:11 +00:00
Chris PeBenito
bc01b352f6
trunk: 2 patches from dan.
2007-10-12 17:35:56 +00:00
Chris PeBenito
cdf98fedc0
trunk: 10 patches from dan.
2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
Chris PeBenito
81d4c88f8c
trunk: remove stale user_net_control reference in usernetctl.if.
2007-10-08 13:38:25 +00:00
Chris PeBenito
6c53a10e28
trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust.
2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
aef93a760f
trunk: one-liner from Shintaro Fujiwara
2007-09-26 14:28:20 +00:00
Chris PeBenito
4ddc7ba539
trunk: xml doc one-liner from Stefan Schulze Frielinghaus.
2007-09-24 13:01:17 +00:00
Chris PeBenito
ff4085dacc
trunk: one-liner from Shintaro Fujiwara.
2007-09-18 19:49:35 +00:00
Chris PeBenito
6f49b490b8
trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara.
2007-09-17 18:04:35 +00:00
Chris PeBenito
0cf6df55e5
trunk: add awstats from Stefan Schulze Frielinghaus.
2007-09-17 17:25:40 +00:00
Chris PeBenito
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00
Chris PeBenito
14add30d03
trunk: 3 patches from dan.
2007-09-12 14:53:39 +00:00
Chris PeBenito
134a799c75
trunk: 3 patches from dan.
2007-09-11 19:24:32 +00:00
Chris PeBenito
8a9d6f6449
trunk: 6 patches from dan.
2007-09-07 13:41:20 +00:00
Chris PeBenito
abc89340c4
trunk: two tiny patches from Stefan Schulze Frielinghaus
2007-09-06 19:29:54 +00:00
Chris PeBenito
72f82c47c2
trunk: six patches from dan.
2007-09-06 18:34:40 +00:00
Chris PeBenito
8241b538af
trunk: udev update and brctl module from dan.
2007-09-05 17:55:57 +00:00
Chris PeBenito
016e5c5cdc
trunk: 4 patches from dan.
2007-09-05 14:48:21 +00:00
Chris PeBenito
0a0b8078ca
trunk: 5 patches from dan.
2007-09-04 18:57:58 +00:00
Chris PeBenito
ce2c80f3c6
trunk: make coda nfs_t, ticket #39 .
2007-09-04 13:38:39 +00:00
Chris PeBenito
4922765ec6
trunk: fix certwatch_run() interface, which had a typo in the name.
2007-08-30 15:01:48 +00:00
Chris PeBenito
6dd721a686
trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate.
2007-08-27 17:57:36 +00:00
Chris PeBenito
a2f444884b
trunk: patch to allow sendmail to read ssl/tls certificates from Stefan Schulze Frielinghaus.
2007-08-27 17:00:18 +00:00
Chris PeBenito
752ddf588f
trunk: add missing commas in can_exec in daemontools that worked by luck.
2007-08-24 15:55:06 +00:00
Chris PeBenito
d62c0881e2
Update MLS constraints from LSPP evaluated policy.
2007-08-24 14:14:29 +00:00
Chris PeBenito
2af7b42a06
trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels.
2007-08-22 20:21:52 +00:00
Chris PeBenito
8d2c34195e
trunk: updates from dan on 9 modules
2007-08-22 20:02:41 +00:00
Chris PeBenito
80d5e02c81
trunk: Files and radvd updates from Stefan Schulze Frielinghaus.
2007-08-21 19:03:34 +00:00
Chris PeBenito
1779bef032
trunk: fix gdm xsession scripts on redhat machines.
2007-08-20 18:54:29 +00:00
Chris PeBenito
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
Chris PeBenito
9760cbec2d
trunk: Database userspace object manager classes from KaiGai Kohei.
2007-08-09 13:15:07 +00:00
Chris PeBenito
3d6e962dfa
trunk: filesystem patch from dan
2007-08-08 20:04:28 +00:00
Chris PeBenito
939a4287b3
trunk: 3 patches from dan
2007-08-07 17:06:32 +00:00
Chris PeBenito
c040ea12b2
trunk: several support macro fixes.
2007-07-31 15:11:22 +00:00
Chris PeBenito
371d11ec04
trunk: add 3rd party interface for apache cgi.
2007-07-26 19:48:40 +00:00
Chris PeBenito
63acaf59d7
trunk: fix pipe permission set in domtrans_pattern().
2007-07-26 19:41:15 +00:00
Chris PeBenito
924f3cc2cb
trunk: add getserv and shmemserv nscd permissions.
2007-07-24 19:52:18 +00:00
Chris PeBenito
708aab1393
trunk: fix targeted sshd. When the domain was unaliased from unconfined_t, a transition to unconfined_t was not added.
2007-07-20 18:25:26 +00:00
Chris PeBenito
d46cfe45cd
trunk: add application module
2007-07-19 18:57:48 +00:00
Chris PeBenito
6929521e0a
trunk: fix missed netlabel deprecation
2007-07-19 15:11:19 +00:00
Chris PeBenito
f80a0e4f25
trunk: Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
2007-07-02 15:25:46 +00:00
Chris PeBenito
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
Chris PeBenito
113b4fc4a2
Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module.
2007-06-28 17:25:46 +00:00
Chris PeBenito
e5e55ace89
trunk, strict-targeted-merge: add mmap_zero to xserver domains.
2007-06-28 12:34:08 +00:00
Chris PeBenito
f5842c1fa5
trunk: minor amanda update from dan
2007-06-27 19:19:20 +00:00
Chris PeBenito
7b61fe506d
trunk: add rpcbind from dan
2007-06-27 16:31:55 +00:00
Chris PeBenito
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
2c3ac47d45
trunk: pyzor and clamav updates from dan
2007-06-26 18:43:11 +00:00
Chris PeBenito
22bff65f4d
trunk: fix typo in vmware.fc
2007-06-26 14:31:31 +00:00
Chris PeBenito
02f2c3e979
trunk: nagios update from dan
2007-06-21 17:23:19 +00:00
Chris PeBenito
a90a256f64
trunk: procmail tweak from dan.
2007-06-21 14:54:34 +00:00
Chris PeBenito
7f089782ae
trunk: xen updates from dan
2007-06-21 13:36:05 +00:00
Chris PeBenito
92d1ade254
trunk: trivial gentoo tweaks
2007-06-20 20:08:26 +00:00
Chris PeBenito
5bf9deb5bb
trunk: 3 patches from dan
2007-06-20 19:47:10 +00:00
Chris PeBenito
99b5a56cb6
trunk: radius one-liner from dan
2007-06-20 15:03:55 +00:00
Chris PeBenito
40df56772f
trunk: big samba update from dan
2007-06-19 19:11:35 +00:00
Chris PeBenito
788d88c923
trunk: drop snmpd_etc_t.
2007-06-19 17:39:35 +00:00
Chris PeBenito
6c8aba7b31
trunk: confine sendmail and logrotate on targeted
2007-06-19 17:01:39 +00:00
Chris PeBenito
cb10a2d5bf
trunk: Tunable connection to postgresql for users from KaiGai Kohei.
2007-06-19 14:30:06 +00:00
Chris PeBenito
41337aa8b9
Memprotect support patch from Stephen Smalley.
2007-06-19 13:02:26 +00:00
Chris PeBenito
d139413c64
trunk: 2 patches from dan
2007-06-13 13:54:56 +00:00
Chris PeBenito
a74d1ad7cd
trunk: add amtu from dan
2007-06-12 18:58:36 +00:00
Chris PeBenito
d5b81a81ff
trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern().
2007-06-12 18:46:14 +00:00
Chris PeBenito
262def165a
trunk: version bumps for previous commit.
2007-06-12 13:08:19 +00:00
Chris PeBenito
f7101c5430
trunk: 7 simple patches from dan.
2007-06-12 13:06:13 +00:00
Chris PeBenito
6649aec9d0
trunk: 3 patches from dan
2007-06-11 15:43:37 +00:00
Chris PeBenito
d534d35a7e
trunk: 5 patches from dan
2007-06-11 15:01:10 +00:00
Chris PeBenito
f6a590d7b4
six simple patches from dan
2007-06-11 14:09:09 +00:00
Chris PeBenito
7782966db1
add fc entry for make_reiser4
2007-06-08 20:01:34 +00:00
Chris PeBenito
17b9cb7dda
trunk: fix line in evolution to be strict-only; was being covered up by genhomedircon.
2007-05-22 17:01:38 +00:00
Chris PeBenito
a39a931362
trunk: snmp tweak from dan
2007-05-15 18:06:31 +00:00
Chris PeBenito
c412be6bef
trunk: remaining pieces for apcupsd module
2007-05-15 15:43:00 +00:00
Chris PeBenito
38d0cf1b8a
trunk: long overdue cleanup from when range_transitions were only in the base module
2007-05-14 15:35:47 +00:00
Chris PeBenito
762d2cb989
merge restorecon into setfiles
2007-05-11 17:10:43 +00:00
Chris PeBenito
12217cc286
Patch to begin separating out hald helper programs from Dan Walsh.
2007-05-07 17:57:48 +00:00
Chris PeBenito
78f17e6d6c
add apcupsd from dan
2007-05-07 14:55:54 +00:00
Chris PeBenito
b129e2001c
Fixes for squid, dovecot, and snmp from Dan Walsh.
2007-05-07 13:45:17 +00:00
Chris PeBenito
4967aaa320
Miscellaneous consolekit fixes from Dan Walsh.
2007-05-03 14:15:38 +00:00
Chris PeBenito
0ef5d66468
textrel lib update from dan
2007-05-03 13:43:44 +00:00
Chris PeBenito
7f819d806d
add missing rename_dir_perms
2007-05-03 13:15:48 +00:00
Chris PeBenito
ed4b7301fb
Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh.
2007-05-03 12:45:28 +00:00
Chris PeBenito
517618f0b4
Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
2007-05-02 17:55:03 +00:00
Chris PeBenito
882186c933
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
...
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
Chris PeBenito
6a2975706a
add rwho from Nalin Dahyabhai
2007-04-30 17:39:01 +00:00
Chris PeBenito
747ab18400
Patch to allow amavis to read spamassassin libraries from Dan Walsh.
2007-04-30 15:19:47 +00:00
Chris PeBenito
ae32fb7e7b
trivial aide fix from dan
2007-04-30 15:09:15 +00:00
Chris PeBenito
f9029fc5b6
Patch to allow slocate to getattr other filesystems and directories on those filesystems from Dan Walsh.
2007-04-30 15:01:19 +00:00
Chris PeBenito
27c570f755
trivial fix for netutils from dan
2007-04-30 14:44:04 +00:00
Chris PeBenito
7487a66705
trivial fix from dan for bluetooth
2007-04-30 14:33:12 +00:00
Chris PeBenito
b4beb0a0fb
missed piece of clip patch
2007-04-30 14:32:31 +00:00
Chris PeBenito
d28e528b0d
Fixes for RHEL4 from the CLIP project.
2007-04-27 15:08:15 +00:00
Chris PeBenito
cd16fe6e2c
Replace the old lrrd fc entries with correct munin ones.
2007-04-23 17:36:35 +00:00
Chris PeBenito
b4dfdc7d30
Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties.
2007-04-19 14:30:57 +00:00
Chris PeBenito
7a4bd42ea3
Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface.
2007-04-19 14:24:02 +00:00
Chris PeBenito
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
Chris PeBenito
4029f11670
last piece of previous consolekit patch
2007-04-11 20:02:59 +00:00
Chris PeBenito
97e8156ecb
add zabbix from dan
2007-04-11 18:55:44 +00:00
Chris PeBenito
697489040e
5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes
2007-04-11 17:56:03 +00:00
Chris PeBenito
99064c9fbd
more consolekit updates from dan
2007-04-11 14:04:35 +00:00
Chris PeBenito
82e284bb89
last piece of dan's previous patch
2007-04-11 13:31:10 +00:00
Chris PeBenito
19b2dee3cc
confine ldconfig in targeted, from dan
2007-04-10 19:39:22 +00:00
Chris PeBenito
ebc1e8be97
from dan:
...
kadmind trys to setattr on krb5kdc file. Just a library checking access.
2007-04-10 17:20:07 +00:00
Chris PeBenito
9af48eef6e
six patches from dan
2007-04-10 13:10:58 +00:00
Chris PeBenito
98faba122c
gentoo /lib can be a symlink on x86-64 systems
2007-04-02 13:33:18 +00:00
Chris PeBenito
39d8dcdb4f
fix http_script_domains, it was incorrectly applied to the content type rather than the script domain. bug #24 .
2007-04-02 13:20:55 +00:00
Chris PeBenito
f88ef60ac0
emit "null" instead of NULL for userspace headers
2007-03-30 20:33:51 +00:00
Chris PeBenito
f6ddd6b9b7
bools in modules fix to require the boolean in optionals that are part of the base module, and move bool declarations in the base module/monolithic
2007-03-30 12:43:15 +00:00
Chris PeBenito
a26923c32e
Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file.
2007-03-28 18:47:45 +00:00
Chris PeBenito
9e8f65c83e
six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed
2007-03-26 20:47:29 +00:00
Chris PeBenito
56e1b3d207
- Move booleans and tunables to modules when it is only used in a single
...
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89
remove disable_trans booleans
2007-03-23 21:01:49 +00:00
Chris PeBenito
e9b0042f35
Output different header sets for kernel and userland from flask headers.
2007-03-23 20:32:23 +00:00
Chris PeBenito
1852cdabce
deprecated pax class
2007-03-23 20:21:06 +00:00
Chris PeBenito
5f5b7a1ec6
network fix from dan
2007-03-22 14:33:00 +00:00
Chris PeBenito
cc9130b90a
one-liner from dan
2007-03-22 14:01:55 +00:00
Chris PeBenito
19fd9301e6
patch from dan to have ricci modstorage transition to lvm
2007-03-21 20:02:50 +00:00
Chris PeBenito
cd3ee91a4b
add fail2ban from dan
2007-03-21 15:51:52 +00:00
Chris PeBenito
efcf9df253
kudzu will telinit to make init re-read the inittab after configuring serial consoles
2007-03-20 19:00:35 +00:00
Chris PeBenito
a5f5eba459
Add dontaudits for init fds and console to init_daemon_domain().
2007-03-20 18:47:18 +00:00
Chris PeBenito
4832f0e066
create user gpg keys dir patch from dan
2007-03-19 19:10:43 +00:00
Chris PeBenito
93784927ca
add kvmfs support, from dan
2007-03-19 18:48:14 +00:00
Chris PeBenito
7200146ea8
trivial patch for radius from dan
2007-03-19 18:42:57 +00:00
Chris PeBenito
86b28c9594
trivial patch from dan for sysstat access to sysfs
2007-03-19 18:38:54 +00:00
Chris PeBenito
e66689f7be
other part of consolekit addition
2007-03-19 18:36:36 +00:00
Chris PeBenito
c224d91c7b
from Dan:
...
This is a new policy for the User Switching capability coming in gnome.
consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
6c20f77e80
patch from Dan for sudo:
...
sudo should be able to getattr on all executables not just
bin_t/sbin_t. Confined executeables run from sudo need this.
sudo_exec_t needs to be marked as exec_type so prelink will work correctly.
sudo semanage should work
2007-03-19 16:32:44 +00:00
Chris PeBenito
b50f2ee48d
It was just pointed out to me that the raw IP socket class is missing from the
...
recvfrom MLS constraint.
Signed-off-by: Paul Moore
2007-03-09 14:45:19 +00:00
Chris PeBenito
0cca516db7
fix for rh bug 203290
2007-03-08 19:01:21 +00:00
Chris PeBenito
b5a6c86f46
last bit of dans patch
2007-03-08 17:53:52 +00:00
Chris PeBenito
cdc91b9aeb
Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh.
2007-03-08 15:14:45 +00:00
Chris PeBenito
59bedc1886
procmail uses /tmp files
...
Wants to send signull to itself
Can exec ls
Read spamassinn_lib_dirs
New directory for spamassin /var/lib/
pyzor uses tmp files
2007-03-07 21:33:22 +00:00
Chris PeBenito
7aefc69117
trivial change from dan
2007-03-06 17:44:26 +00:00
Chris PeBenito
7aca2aa827
setroubleshoot has a plugin that checks the file context on disk versus a matchpathcon. So needs additional privs
2007-03-06 17:16:08 +00:00
Chris PeBenito
c23eb5b1c4
Patch for gssd fixes from Dan Walsh
2007-03-06 16:18:59 +00:00
Chris PeBenito
c5561c777d
patches for lvm and ricci fixes from Dan Walsh.
2007-03-06 15:35:02 +00:00
Chris PeBenito
f2c69c47b3
lmtp and smtp are the same file require same context of setfiles complains
...
postfix_pickup_t wants to read postfix_spool_maildrop_t dir
2007-03-01 20:41:19 +00:00
Chris PeBenito
ecc98e19e3
patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh.
2007-03-01 15:43:39 +00:00
Chris PeBenito
4900fdf7d1
Patch for kerberized telnet fixes from Dan Walsh.
2007-02-28 17:17:52 +00:00
Chris PeBenito
09c56f5496
Patch for kerberized ftp and other ftp fixes from Dan Walsh.
2007-02-28 17:01:47 +00:00
Chris PeBenito
2aea366ffc
Patch for an additional wine executable from Dan Walsh.
2007-02-28 16:23:06 +00:00
Chris PeBenito
bf39cdb807
Patch for additional games file contexts from Dan Walsh.
2007-02-28 15:30:38 +00:00
Chris PeBenito
86d754eed6
Add support for libselinux 2.0.5 init_selinuxmnt() changes.
2007-02-27 17:02:35 +00:00
Chris PeBenito
ca448bd66c
add init_exec() to init_telinit().
2007-02-26 20:19:53 +00:00
Chris PeBenito
f0eaed31be
Patch for misc fixes to bluetooth from Dan Walsh.
2007-02-26 17:23:52 +00:00
Chris PeBenito
5b06477c8e
On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote:
...
> Eliminate excess avc messages created when using kerberos libraries
>
> krb5kdc wans to setsched
>
> Also uses a fifo_file to communicate.
>
> Needs to search_network_sysctl
2007-02-26 17:04:56 +00:00
Chris PeBenito
bbb7cc8927
Patch to start deprecating usercanread attribute from Ryan Bradetich.
2007-02-26 16:13:23 +00:00
Chris PeBenito
a715dc0995
add dccp_socket object class
2007-02-26 15:39:59 +00:00
Chris PeBenito
3a39015792
On Tue, 2007-02-20 at 12:30 -0500, Daniel J Walsh wrote:
...
> prelink creates temporarly files that it then needs to relabel.
2007-02-23 21:20:46 +00:00
Chris PeBenito
5c45eaede1
On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
...
> audit needs fsetid
>
> syslog needs to be able to create a tcp_socket for off machine logging.
2007-02-23 20:19:29 +00:00
Chris PeBenito
66cf194680
Patch to remove redundant mls_trusted_object() call from Dan Walsh.
2007-02-23 20:05:12 +00:00
Chris PeBenito
4685213857
Patch for misc fixes to nis ypxfr policy from Dan Walsh.
2007-02-23 19:52:52 +00:00
Chris PeBenito
aeb54c6dd0
Patch to allow apmd to telinit from Dan Walsh.
2007-02-23 19:41:41 +00:00
Chris PeBenito
d114071e7a
While using samba and SELinux with Debian GNU/Linux (etch) the
...
following files need to be labeled correctly:
/var/run/samba/gencache.tdb
/var/run/samba/share_info.tdb
Should also concern other distributions than Debian.
-Stefan
2007-02-23 19:30:17 +00:00
Chris PeBenito
bcac3a5e3d
Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
2007-02-23 19:08:45 +00:00
Chris PeBenito
f1be09c2b1
make ttys and ptys device nodes
2007-02-20 20:17:07 +00:00
Chris PeBenito
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
Chris PeBenito
10e12095d6
Fix explicit use of httpd_t in openca_domtrans(), bug #22 .
2007-02-07 22:10:45 +00:00
Chris PeBenito
ff943a1b9b
Clean up file context regexes in apache and java, from Eamon Walsh:
...
Some file_contexts regular expressions in refpolicy-strict are causing
genhomedircon to die; refpolicy is failing to build for me entirely.
The regular expressions seem redundant to me, perhaps I am missing
something, but the following patch fixes the problems for me. Please
review and apply
2007-01-24 17:10:31 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863
patch from dan for some missing gen_require()s
2006-11-29 13:44:40 +00:00
Chris PeBenito
bff907113d
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:57:22 +00:00
Chris PeBenito
c31f6724c0
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:47:47 +00:00
Chris PeBenito
fa45da0efd
add aide, ccs, and ricci
2006-11-16 20:56:24 +00:00
Chris PeBenito
d31d3c159e
This modifies the mls constraint for polmatch in the association class.
...
Specifically:
- polmatch need no longer make an exception for unlabeled_t
since a flow will now always match SPD rules with no contexts (per
the IPSec leak fix patch upstreamed a few weeks back), as
opposed to needing polmatch access to unlabeled_t.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
2006-11-16 13:38:14 +00:00
Chris PeBenito
c6a60bb28d
On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
...
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
2006-11-14 13:38:52 +00:00
Chris PeBenito
ed38ca9f3d
fixes from gentoo strict testing:
...
- Allow semanage to read from /root on strict non-MLS for
local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito
0f9a2be65d
add missing gentoo file contexts for initrc and lvm
2006-11-07 19:38:10 +00:00
Chris PeBenito
f497b8df50
Christopher J. PeBenito wrote:
...
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
2006-11-01 15:42:22 +00:00
Chris PeBenito
d9845ae92a
patch from dan Tue, 24 Oct 2006 11:00:28 -0400
2006-10-31 21:01:48 +00:00
Chris PeBenito
582438054d
fix up corecommands perm sets, add seutil_manage_config_dirs()
2006-10-27 13:55:35 +00:00
Chris PeBenito
d5ae683e2b
add seutil_rw_config()
2006-10-25 20:48:04 +00:00
Chris PeBenito
a8671ae5b2
enhanced setransd support from darrel goeddel
2006-10-20 14:44:23 +00:00
Chris PeBenito
a52b4d4f23
bump versions to release numbers
2006-10-18 19:25:27 +00:00
Chris PeBenito
b04eccd87b
fix duplicate /usr/bin/mplayer fc match for targeted
2006-10-18 17:31:14 +00:00
Chris PeBenito
d4a48c41c2
make inetd optional
2006-10-18 15:49:45 +00:00
Chris PeBenito
130f8a4aa5
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
Chris PeBenito
aeaae5185e
fix ticket #16
2006-10-16 16:51:57 +00:00
Chris PeBenito
e45324d1ee
gentoo integrated run_init rules in wrong build option.
2006-10-15 00:23:06 +00:00
Chris PeBenito
0e5c5442c6
fix term_tty() associations
2006-10-14 23:32:30 +00:00
Chris PeBenito
009b377174
more realplayer entries
2006-10-14 23:31:33 +00:00
Chris PeBenito
14b1684aae
gentoo testing fixes.
2006-10-13 21:44:02 +00:00
Chris PeBenito
85f0c35922
make optional the inetd dependency in samba
2006-10-10 13:11:58 +00:00
Chris PeBenito
93ddc66983
change transition from run_init to initrc to spec.
2006-10-09 18:52:19 +00:00
Chris PeBenito
f76d07072a
fix some stuff that does not affect policy
2006-10-06 17:31:52 +00:00