Chris PeBenito
|
71fe0fa4c5
|
fixes for module compiling
|
2005-09-14 00:30:10 +00:00 |
|
Chris PeBenito
|
0907bda1e0
|
more merging of NSA CVS policy
|
2005-09-13 13:06:07 +00:00 |
|
Chris PeBenito
|
2705f9a0f3
|
begin merging in upstream NSA CVS changes
|
2005-09-12 21:40:56 +00:00 |
|
Chris PeBenito
|
712566ee41
|
fixes to make base module compilable
|
2005-09-12 15:17:39 +00:00 |
|
Chris PeBenito
|
2e863f8ad0
|
add first part of changes to make base module compilable
|
2005-09-09 20:51:54 +00:00 |
|
Chris PeBenito
|
0fdf3ef75e
|
fix sshd to use initrc transition while typeattribute in conditionals is still broken
|
2005-09-09 20:49:59 +00:00 |
|
Chris PeBenito
|
9ff3003346
|
add zebra. change ssh to default to initrc transition instead of inetd while typeattribute in conditionals doesnt work
|
2005-09-09 13:24:11 +00:00 |
|
Chris PeBenito
|
eb3cb6820a
|
add portmap
|
2005-09-08 17:12:38 +00:00 |
|
Chris PeBenito
|
d17b4d2323
|
add ktalk
|
2005-09-08 13:42:13 +00:00 |
|
Chris PeBenito
|
9b06402eaf
|
add missing rules of other domains using inn
|
2005-09-08 13:23:11 +00:00 |
|
Chris PeBenito
|
763a5e30c6
|
misc fixes
|
2005-09-07 13:31:37 +00:00 |
|
Chris PeBenito
|
8d93523409
|
add inn
|
2005-09-06 18:37:27 +00:00 |
|
Chris PeBenito
|
603f90ab9d
|
misc fixes
|
2005-09-05 18:17:17 +00:00 |
|
Chris PeBenito
|
b11a75a5e3
|
add ntp
|
2005-09-05 16:47:19 +00:00 |
|
Chris PeBenito
|
ce1b44aac4
|
typo
|
2005-09-02 20:55:17 +00:00 |
|
Chris PeBenito
|
ac0483aefe
|
add dictd
|
2005-09-02 20:50:54 +00:00 |
|
Chris PeBenito
|
fdae8e755e
|
add hal
|
2005-09-02 20:29:52 +00:00 |
|
Chris PeBenito
|
f344c0f38e
|
move dhcpd to dhcp
|
2005-09-02 19:18:43 +00:00 |
|
Chris PeBenito
|
0f707d52ab
|
add squid
|
2005-09-02 19:11:07 +00:00 |
|
Chris PeBenito
|
7c8fc35b14
|
add dhcpd
|
2005-09-02 14:52:08 +00:00 |
|
Chris PeBenito
|
9d3bdc25af
|
fix bugs uncovered from sediff
|
2005-09-01 20:13:42 +00:00 |
|
Chris PeBenito
|
c0d1566a13
|
move rhgb_domain into TODO so modules can compile as binary modules
|
2005-09-01 13:52:59 +00:00 |
|
Chris PeBenito
|
631ee4d3cf
|
finish remaining dbus bits
|
2005-09-01 13:34:45 +00:00 |
|
Chris PeBenito
|
0c3d170578
|
add dbus
|
2005-08-31 20:58:12 +00:00 |
|
Chris PeBenito
|
6af06cd8b6
|
fix typos
|
2005-08-31 16:54:19 +00:00 |
|
Chris PeBenito
|
768283ac46
|
cosmetics
|
2005-08-31 16:49:30 +00:00 |
|
Chris PeBenito
|
6e61566dba
|
add comsat. clean up kerberos and nscd interfaces
|
2005-08-31 15:25:12 +00:00 |
|
Chris PeBenito
|
246839f3d2
|
fix up most of mta attribute insanity
|
2005-08-30 20:47:41 +00:00 |
|
Chris PeBenito
|
451c1e3d59
|
send user role to per userdomain templates. update templated interfaces
to have the prefix be the first argument
|
2005-08-30 15:48:57 +00:00 |
|
Chris PeBenito
|
e5d45268fd
|
make corecommands required
|
2005-08-30 14:41:52 +00:00 |
|
Chris PeBenito
|
2a94561a89
|
start adding in templated interfaces
|
2005-08-25 20:27:20 +00:00 |
|
Chris PeBenito
|
d83fdad248
|
add bind
|
2005-08-23 17:26:19 +00:00 |
|
Chris PeBenito
|
902be0ae21
|
add privoxy
|
2005-08-22 21:49:27 +00:00 |
|
Chris PeBenito
|
35ecf83839
|
add rsync
|
2005-08-22 21:17:10 +00:00 |
|
Chris PeBenito
|
f9b11e9615
|
add howl
|
2005-08-22 20:43:20 +00:00 |
|
Chris PeBenito
|
f6e28abbab
|
moved to selinux module
|
2005-08-19 20:05:02 +00:00 |
|
Chris PeBenito
|
fb0a3a98c6
|
initial support for compiling loadable modules
|
2005-08-18 21:27:20 +00:00 |
|
Chris PeBenito
|
f862c35c37
|
add gpm
|
2005-08-17 21:28:31 +00:00 |
|
Chris PeBenito
|
2961e79b55
|
add ldap
|
2005-08-17 18:33:43 +00:00 |
|
Chris PeBenito
|
23ca91f8bb
|
cleanup
|
2005-08-17 17:31:57 +00:00 |
|
Chris PeBenito
|
545b0c9176
|
add rshd
|
2005-08-17 15:23:24 +00:00 |
|
Chris PeBenito
|
57a96cbd0b
|
add firstboot
|
2005-08-17 14:14:07 +00:00 |
|
Chris PeBenito
|
2d803edc73
|
more debian cleanup
|
2005-08-17 14:09:29 +00:00 |
|
Chris PeBenito
|
4806a05cfb
|
fix broken xml of previous commit
|
2005-08-15 19:35:20 +00:00 |
|
Chris PeBenito
|
5f38a65aab
|
try to knock out more of the distro_debian bootloader stuff
|
2005-08-15 19:31:37 +00:00 |
|
Chris PeBenito
|
21468a6076
|
add loadkeys
|
2005-08-15 14:46:17 +00:00 |
|
Chris PeBenito
|
8843093607
|
more comments
|
2005-08-12 19:28:30 +00:00 |
|
Chris PeBenito
|
f0b1efa2a2
|
all dev nodes assoc to tmpfs, since most everyone is moving to udev
|
2005-08-12 19:28:15 +00:00 |
|
Chris PeBenito
|
35b494789d
|
fix some udev naming
|
2005-08-12 18:13:03 +00:00 |
|
Chris PeBenito
|
aae06c1306
|
fix system spool file problem
|
2005-08-12 17:54:55 +00:00 |
|
Chris PeBenito
|
f7ebea06e3
|
finalize desc -> summary xml change
|
2005-08-11 17:46:39 +00:00 |
|
Chris PeBenito
|
4aa0dc20b4
|
add tcpd
|
2005-08-11 15:17:13 +00:00 |
|
Chris PeBenito
|
052c953ae5
|
add quota
|
2005-08-11 14:49:58 +00:00 |
|
Chris PeBenito
|
e784300a62
|
add sudo
|
2005-08-09 19:30:43 +00:00 |
|
Chris PeBenito
|
b9d7d70b33
|
add template xml
|
2005-08-09 19:21:25 +00:00 |
|
Chris PeBenito
|
9489149ec0
|
add su
|
2005-08-08 21:03:23 +00:00 |
|
Chris PeBenito
|
dce68dc48d
|
add updfstab
|
2005-08-08 15:51:15 +00:00 |
|
Chris PeBenito
|
f5e321b0f0
|
fix xml tags
|
2005-08-08 15:43:20 +00:00 |
|
Chris PeBenito
|
7057c18db0
|
a few more ssh touchups
|
2005-08-05 18:49:23 +00:00 |
|
Chris PeBenito
|
ed78ea0034
|
add tmpreaper
|
2005-08-05 15:32:27 +00:00 |
|
Chris PeBenito
|
9a66d4e562
|
add acct
|
2005-08-05 14:32:12 +00:00 |
|
Chris PeBenito
|
3fd8336882
|
misc cleanup
|
2005-08-04 20:54:51 +00:00 |
|
Chris PeBenito
|
42be7c214d
|
add mysql
|
2005-08-03 17:56:26 +00:00 |
|
Chris PeBenito
|
046a21da80
|
search sbin dirs to find the pgms
|
2005-08-03 17:43:41 +00:00 |
|
Chris PeBenito
|
81343a6f90
|
* Rename ipsec connect interface for consistency.
* Add missing parts of unix stream socket connect interface
of ipsec.
* Rename inetd connect interface for consistency.
|
2005-08-03 15:16:33 +00:00 |
|
Chris PeBenito
|
bbdbdb9edf
|
fix stray line that got out of TODO
|
2005-07-29 15:07:15 +00:00 |
|
Chris PeBenito
|
e5590ea5ec
|
work on user transition
|
2005-07-28 20:52:55 +00:00 |
|
Chris PeBenito
|
022f61c0e3
|
add connect interface on ports to handle name_connect tcp perm
|
2005-07-22 15:38:01 +00:00 |
|
Chris PeBenito
|
50527cf581
|
make network_interface able to support multiple interfaces having the same type
|
2005-07-22 14:00:38 +00:00 |
|
Chris PeBenito
|
953541a918
|
update from privmail
|
2005-07-21 20:34:57 +00:00 |
|
Chris PeBenito
|
ea7d571bd7
|
/var/lib is now a mountpoint
|
2005-07-20 17:36:48 +00:00 |
|
Chris PeBenito
|
53857c8c05
|
unconfined can pass all constraints
|
2005-07-20 17:24:23 +00:00 |
|
Chris PeBenito
|
ef424c14d4
|
name_connect only on tcp_sockets
|
2005-07-20 17:10:07 +00:00 |
|
Chris PeBenito
|
9496fd5119
|
unconfined can name_connect to all ports
|
2005-07-20 17:08:07 +00:00 |
|
Chris PeBenito
|
d250634311
|
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
|
2005-07-20 17:06:10 +00:00 |
|
Chris PeBenito
|
f82c6ac64c
|
bah typo
|
2005-07-20 15:08:33 +00:00 |
|
Chris PeBenito
|
0b28a23114
|
user home dirs were missing file type in targ policy
|
2005-07-20 15:06:49 +00:00 |
|
Chris PeBenito
|
1e3f610b3b
|
add missing dir and file perms for selinuxfs in unconfined
|
2005-07-20 14:57:13 +00:00 |
|
Chris PeBenito
|
689f6ddb35
|
fix typos and import some rules from NSA cvs to make targeted policy work
|
2005-07-20 14:25:24 +00:00 |
|
Chris PeBenito
|
474f43d13d
|
should actually try compiling first :x
|
2005-07-20 13:39:10 +00:00 |
|
Chris PeBenito
|
bd7e7a6417
|
missed a line
|
2005-07-20 13:37:18 +00:00 |
|
Chris PeBenito
|
a28f6db576
|
add in some rules from NSA CVS to make targeted policy work
|
2005-07-20 13:30:06 +00:00 |
|
Chris PeBenito
|
8c3f438f75
|
corenet was missing from unconfined
|
2005-07-19 20:38:26 +00:00 |
|
Chris PeBenito
|
892266ca76
|
more targeted policy fixes
|
2005-07-19 20:26:02 +00:00 |
|
Chris PeBenito
|
ec848d247f
|
more fixes for targeted
|
2005-07-19 19:37:43 +00:00 |
|
Chris PeBenito
|
2ec4c9d38f
|
more cleanup
|
2005-07-19 18:40:31 +00:00 |
|
Chris PeBenito
|
8b0bbdda34
|
fixes for targeted policy
|
2005-07-19 18:40:19 +00:00 |
|
Chris PeBenito
|
391edeb577
|
fix assertions for framework
|
2005-07-18 20:17:21 +00:00 |
|
Chris PeBenito
|
a5f339f134
|
more cleanup in system
|
2005-07-18 18:31:49 +00:00 |
|
Chris PeBenito
|
9f103ce14b
|
fix to use context_template()
|
2005-07-18 14:25:05 +00:00 |
|
Chris PeBenito
|
3b6174a142
|
add missing context template
|
2005-07-15 20:54:24 +00:00 |
|
Chris PeBenito
|
50aca6d2f9
|
add raid (mdadm)
|
2005-07-15 20:45:26 +00:00 |
|
Chris PeBenito
|
d9fd8e7562
|
more pcmcia cleanup
|
2005-07-15 19:18:55 +00:00 |
|
Chris PeBenito
|
157c69416f
|
add macro to expand object class sets for use in require blocks
|
2005-07-15 15:53:54 +00:00 |
|
Chris PeBenito
|
50f6503452
|
* break up files_getattr_all_files into correct interfaces
* move stuff out of pcmcia into the appropriate modules
|
2005-07-15 15:17:57 +00:00 |
|
Chris PeBenito
|
f136a944c5
|
reorder in alpha order of type, for sanity purposes
|
2005-07-15 14:30:19 +00:00 |
|
Chris PeBenito
|
e0d57fbcb1
|
add pcmcia
|
2005-07-14 20:57:17 +00:00 |
|
Chris PeBenito
|
c429cb5e26
|
fix up the xml
|
2005-07-14 20:02:53 +00:00 |
|
Chris PeBenito
|
11633bbaa8
|
add ipsec
|
2005-07-14 18:15:47 +00:00 |
|
Chris PeBenito
|
493d6c4adc
|
add nscd
|
2005-07-13 20:48:51 +00:00 |
|
Chris PeBenito
|
df00b2e235
|
* fix chroot exec interface
* more TODO cleanup
* move IPC out of generic domtrans interfaces
|
2005-07-13 18:29:08 +00:00 |
|
Chris PeBenito
|
b24f35d8a3
|
more cleanup of current TODOs
|
2005-07-12 20:34:24 +00:00 |
|
Chris PeBenito
|
4051d15b62
|
fix xml
|
2005-07-11 19:15:54 +00:00 |
|
Chris PeBenito
|
ae9e2716c3
|
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
|
2005-07-11 19:02:50 +00:00 |
|
Chris PeBenito
|
a42ca7ebec
|
another round of TODO cleanup
|
2005-07-08 20:44:57 +00:00 |
|
Chris PeBenito
|
e5f8060316
|
implement direct_sysadm_daemon
|
2005-07-07 15:25:28 +00:00 |
|
Chris PeBenito
|
1aa526281b
|
missing rules uncovered by sediff
|
2005-07-07 15:20:24 +00:00 |
|
Chris PeBenito
|
c98340cfeb
|
support for targeted policy
|
2005-07-06 20:28:29 +00:00 |
|
Chris PeBenito
|
ed1a92b88c
|
ksu moves to su
|
2005-07-06 17:41:58 +00:00 |
|
Chris PeBenito
|
bb32544d61
|
add missing ssh file contexts
|
2005-07-06 15:59:54 +00:00 |
|
Chris PeBenito
|
9726b31857
|
add unconfined
|
2005-07-05 20:59:51 +00:00 |
|
Chris PeBenito
|
2745476e4a
|
add required tags
|
2005-07-05 17:47:15 +00:00 |
|
Chris PeBenito
|
a7a9799d79
|
convert can_kerberos()
|
2005-07-01 13:31:34 +00:00 |
|
Chris PeBenito
|
65c8613766
|
ul has to be in a p
|
2005-07-01 13:10:57 +00:00 |
|
Chris PeBenito
|
5e1ed4903e
|
initial commit
|
2005-06-30 21:11:54 +00:00 |
|
Chris PeBenito
|
fd89e19f12
|
more work on current modules
|
2005-06-30 18:54:08 +00:00 |
|
Chris PeBenito
|
ebdc3b7902
|
clean up more todos
|
2005-06-29 20:53:53 +00:00 |
|
Chris PeBenito
|
d233bfce3f
|
make layer summary required
|
2005-06-29 16:54:13 +00:00 |
|
Chris PeBenito
|
8fd3673225
|
another round of renaming, for consistency
|
2005-06-29 14:26:41 +00:00 |
|
Chris PeBenito
|
96ce00afcc
|
add logrotate, more low-hanging fruit
|
2005-06-28 20:54:49 +00:00 |
|
Chris PeBenito
|
ceebe3b4b0
|
change desc to summary
|
2005-06-28 19:51:46 +00:00 |
|
Chris PeBenito
|
cbca03f513
|
add lost_found_t manage, rename fs_type attribute to filesystem_type and rename fs_make_fs to fs_type
|
2005-06-28 17:48:59 +00:00 |
|
Chris PeBenito
|
783b38347e
|
more low hanging fruit cleanup
|
2005-06-28 17:32:57 +00:00 |
|
Chris PeBenito
|
58c3da55f3
|
add fstools, and more cleanup
|
2005-06-27 20:59:28 +00:00 |
|
Chris PeBenito
|
80436b9b8f
|
changes to make inetd work
|
2005-06-27 18:37:33 +00:00 |
|
Chris PeBenito
|
24bf11c62a
|
initial commit
|
2005-06-27 18:36:56 +00:00 |
|
Chris PeBenito
|
ab940a4cc1
|
autofs_t and ypbind cleanup
|
2005-06-27 16:30:55 +00:00 |
|
Chris PeBenito
|
e88003ffe3
|
xml updates and nis stuff
|
2005-06-24 20:37:09 +00:00 |
|
Chris PeBenito
|
73fbc771d1
|
initial commit
|
2005-06-24 19:49:46 +00:00 |
|
Chris PeBenito
|
62a7b02c5b
|
add/update comments
|
2005-06-24 13:36:57 +00:00 |
|
Chris PeBenito
|
414e415198
|
update for new documentation method
|
2005-06-23 21:30:57 +00:00 |
|
Chris PeBenito
|
aad5b98eba
|
more updates
|
2005-06-23 20:35:48 +00:00 |
|
Chris PeBenito
|
45239964e5
|
move ssh tunables into global_tunables
|
2005-06-23 19:57:15 +00:00 |
|
Chris PeBenito
|
19ea99d495
|
fix
|
2005-06-23 16:06:39 +00:00 |
|
Chris PeBenito
|
261e0e66ee
|
shorten some xml tags
|
2005-06-23 16:00:05 +00:00 |
|
Chris PeBenito
|
d3b892e4fd
|
convert a couple network macros
|
2005-06-23 15:44:18 +00:00 |
|
Chris PeBenito
|
007ca5600c
|
more setcurrent stuff
|
2005-06-23 15:37:39 +00:00 |
|
Chris PeBenito
|
2a3478cf15
|
fixes pointed out by steve, plus fixes revealed by the added assertions
|
2005-06-23 14:19:56 +00:00 |
|
Chris PeBenito
|
9ccd96dfc6
|
more work on ssh, plus import ssh-agent
|
2005-06-22 21:14:48 +00:00 |
|
Chris PeBenito
|
199895e201
|
move all interfaces over to the interface macro. add traceback debugging info
|
2005-06-22 19:21:31 +00:00 |
|
Chris PeBenito
|
cbc9d6951a
|
remove remaining _depend macros to prep for switchover to interface declaration macro
|
2005-06-22 16:07:14 +00:00 |
|
Chris PeBenito
|
0404a3903a
|
initial commit of ssh.
|
2005-06-21 21:07:46 +00:00 |
|
Chris PeBenito
|
21871a5cf6
|
work on newrole policy
|
2005-06-21 17:01:45 +00:00 |
|
Chris PeBenito
|
e04b8e7832
|
initial commit
|
2005-06-20 18:43:14 +00:00 |
|
Chris PeBenito
|
57869a681e
|
XML: encapsulate modules in layers, rather then layer being an attribute of
module tag
|
2005-06-20 18:40:44 +00:00 |
|
Chris PeBenito
|
7a2f20a315
|
more work to clean up and complete current modules
|
2005-06-20 17:41:29 +00:00 |
|
Chris PeBenito
|
2ba9a794db
|
interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
|
2005-06-17 19:17:57 +00:00 |
|
Chris PeBenito
|
bc1fbab472
|
interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
|
2005-06-17 18:59:34 +00:00 |
|
Chris PeBenito
|
5e6f9e5aac
|
services interfaces review
|
2005-06-17 18:41:07 +00:00 |
|
Chris PeBenito
|
7f2e39b8e6
|
review of admin interfaces
|
2005-06-17 18:27:08 +00:00 |
|