Chris PeBenito
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe
trunk: add gpsd from miroslav grepl
2009-06-02 14:28:40 +00:00
Chris PeBenito
80348b73a0
trunk: 4 patches from dan.
2009-05-14 14:41:50 +00:00
Chris PeBenito
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
Chris PeBenito
a5ef553c2d
trunk: 5 modules from dan.
2009-04-20 19:03:15 +00:00
Chris PeBenito
8f800d48df
trunk: 14 patches from dan.
2009-03-23 14:56:43 +00:00
Chris PeBenito
11c944faf1
trunk: fix typo in devices file contexts.
2009-03-05 17:46:22 +00:00
Chris PeBenito
2c664e7fb8
trunk: storage patch from dan.
2009-03-05 15:49:41 +00:00
Chris PeBenito
7b76207e37
trunk: devices patch from dan.
2009-03-05 15:36:41 +00:00
Chris PeBenito
be5aaebfd6
trunk: corecommands patch from dan.
2009-03-05 14:43:03 +00:00
Chris PeBenito
c45fdad85b
trunk: filesystem patch from dan.
2009-03-04 15:53:07 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
Chris PeBenito
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
Chris PeBenito
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09
trunk: btrfs from Paul Moore.
2009-01-30 13:44:14 +00:00
Chris PeBenito
019dfaf9dc
trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project.
2009-01-15 20:31:06 +00:00
Chris PeBenito
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
ff8f0a63f4
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13
trunk: whitespace fix changing multiple spaces into tabs.
2008-12-03 18:33:19 +00:00
Chris PeBenito
14c0edc7e9
trunk: 2 patches from dan.
2008-12-02 22:40:49 +00:00
Chris PeBenito
99282e6be0
trunk: add omapi port for dhcpcd.
2008-11-12 13:11:00 +00:00
Chris PeBenito
ba796982df
trunk: tweaks from russell and martin orr.
2008-11-06 15:01:15 +00:00
Chris PeBenito
0003940ff2
trunk: add missing ubac module.
2008-11-05 16:11:27 +00:00
Chris PeBenito
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
Chris PeBenito
6e68e6bb5e
trunk: Move shared library calls from individual modules to the domain module.
2008-10-17 17:36:56 +00:00
Chris PeBenito
88cf0a9c2b
trunk: whitespace fix; collapse multiple blank lines into one.
2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
06099da657
trunk: 3 patches from dan.
2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
Chris PeBenito
12c61f36f4
trunk: 7 patches from dan, 1 from eamon.
2008-10-06 17:27:49 +00:00
Chris PeBenito
a46b60549a
trunk: squid update from dan.
2008-09-15 13:31:28 +00:00
Chris PeBenito
cdac989dee
trunk: fail2ban update from dan.
2008-09-05 14:17:18 +00:00
Chris PeBenito
a71e136cc3
trunk: add cyphesis from dan.
2008-09-03 14:46:10 +00:00
Chris PeBenito
770c015f88
trunk: 2 patches from dan.
2008-08-14 15:10:41 +00:00
Chris PeBenito
e0ed765c0e
trunk: 3 patches from the fedora policy, cherry picked by David Hardeman.
2008-08-11 14:03:36 +00:00
Chris PeBenito
7aabe358f4
trunk: missed fixes on previous commit.
2008-08-07 14:45:37 +00:00
Chris PeBenito
8a948caf2b
trunk: 11 more cherry picks from fedora policy, by david hardeman.
2008-08-07 14:17:50 +00:00
Chris PeBenito
3338f231d5
trunk: Policy size optimization with a non-security file attribute from James Carter.
2008-07-31 14:05:46 +00:00
Chris PeBenito
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
Chris PeBenito
cfcf5004e5
trunk: bump versions for release.
2008-07-02 14:07:57 +00:00
Chris PeBenito
c54eb87d43
trunk: two small updates from dan.
2008-06-18 13:15:25 +00:00
Chris PeBenito
e8cb08aefa
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
Chris PeBenito
67b6207a9e
trunk: trivial kernel patch from dan.
2008-06-07 13:53:29 +00:00
Chris PeBenito
4b28c2ecc2
trunk: misc gentoo fc fixes.
2008-06-06 03:40:27 +00:00
Chris PeBenito
b4921b5804
trunk: fs update from dan.
2008-05-26 21:07:22 +00:00
Chris PeBenito
308baad28c
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
Chris PeBenito
7d8fbdc062
trunk: fix bad cifs interface.
2008-05-23 14:41:36 +00:00
Chris PeBenito
e6fdb59601
trunk: fix typo
2008-05-23 13:50:38 +00:00
Chris PeBenito
4416c416fa
trunk: Module loading now requires setsched on kernel threads.
2008-05-22 18:39:03 +00:00
Chris PeBenito
b34db7a8ec
trunk: another pile of misc fixes.
2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0
trunk: a pile of misc fixes, mainly sync xml docs with interface implementation.
2008-05-15 13:10:34 +00:00
Chris PeBenito
8152a78836
trunk: 7 patches from dan.
2008-04-04 17:08:34 +00:00
Chris PeBenito
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
Chris PeBenito
91d6c92160
trunk: a pair of tweaks from gentoo systems.
2008-03-14 14:55:34 +00:00
Chris PeBenito
90c3c561ef
trunk: fc fix and if addtion from Stefan Schulze Frielinghaus.
2008-02-25 14:20:56 +00:00
Chris PeBenito
037fc0f4e6
trunk: label /proc/kallsyms with system_map_t.
2008-02-15 19:59:10 +00:00
Chris PeBenito
320ea98330
trunk: add 3rd party corenet interfaces for (secmark) packets.
2008-01-17 15:28:24 +00:00
Chris PeBenito
c8d4c38258
trunk: fix missing lo netif alias for standard and mcs configs.
2008-01-10 16:39:36 +00:00
Chris PeBenito
936f286c16
trunk: add mls constraints to dbus.
2008-01-03 20:37:25 +00:00
Chris PeBenito
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
Chris PeBenito
02d968c581
trunk: several fc updates from dan.
2007-12-12 15:55:21 +00:00
Chris PeBenito
0aa18d9fd5
trunk: version bumps for previous commit.
2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb
trunk: More complete labeled networking infrastructure from KaiGai Kohei.
2007-11-26 16:44:57 +00:00
Chris PeBenito
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
Chris PeBenito
2999cea1f2
trunk: remove duplicate specifiction for /usr/lib/devices on debian.
2007-11-14 20:12:44 +00:00
Chris PeBenito
bdccbacdd6
trunk: add labeled networking support to unconfined.
2007-11-14 14:38:45 +00:00
Chris PeBenito
a56055e362
trunk: rearrange the bottom of domain.if and fix domain_ipsec_labels().
2007-11-14 13:40:25 +00:00
Chris PeBenito
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
Chris PeBenito
4605adcba7
trunk: add postfixpolicyd from Jan-Frode Myklebust.
2007-11-07 20:17:44 +00:00
Chris PeBenito
7d4161cdc9
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
Chris PeBenito
495df41602
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
Chris PeBenito
8e2fb69f88
trunk: filesystem patch from dan.
2007-10-24 18:37:26 +00:00
Chris PeBenito
cdf98fedc0
trunk: 10 patches from dan.
2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
Chris PeBenito
6c53a10e28
trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust.
2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00
Chris PeBenito
abc89340c4
trunk: two tiny patches from Stefan Schulze Frielinghaus
2007-09-06 19:29:54 +00:00
Chris PeBenito
8241b538af
trunk: udev update and brctl module from dan.
2007-09-05 17:55:57 +00:00
Chris PeBenito
ce2c80f3c6
trunk: make coda nfs_t, ticket #39 .
2007-09-04 13:38:39 +00:00
Chris PeBenito
d62c0881e2
Update MLS constraints from LSPP evaluated policy.
2007-08-24 14:14:29 +00:00
Chris PeBenito
80d5e02c81
trunk: Files and radvd updates from Stefan Schulze Frielinghaus.
2007-08-21 19:03:34 +00:00
Chris PeBenito
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
Chris PeBenito
9760cbec2d
trunk: Database userspace object manager classes from KaiGai Kohei.
2007-08-09 13:15:07 +00:00
Chris PeBenito
3d6e962dfa
trunk: filesystem patch from dan
2007-08-08 20:04:28 +00:00
Chris PeBenito
939a4287b3
trunk: 3 patches from dan
2007-08-07 17:06:32 +00:00
Chris PeBenito
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
Chris PeBenito
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
5bf9deb5bb
trunk: 3 patches from dan
2007-06-20 19:47:10 +00:00
Chris PeBenito
788d88c923
trunk: drop snmpd_etc_t.
2007-06-19 17:39:35 +00:00
Chris PeBenito
41337aa8b9
Memprotect support patch from Stephen Smalley.
2007-06-19 13:02:26 +00:00