Commit Graph

344 Commits

Author SHA1 Message Date
Chris PeBenito
1db1836ab9 Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
c54e7d63dc Module version bump for cgroup patchset. 2010-06-08 09:18:43 -04:00
Chris PeBenito
04dcd73fe3 Whitespace fixes in cgroup and init. 2010-06-08 08:47:26 -04:00
Dominick Grift
e2b9add5f8 How users interact with cgroup.
All login users can list cgroup.
Common users can read and write cgroup files (access governed by dac)

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-08 08:38:33 -04:00
Dominick Grift
73f0985092 How libgroup init scripts interact with libcgroup.
The libcgroup init scripts use tools in /usr/bin like cgexec and cgclear.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-08 08:38:29 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
fe74f71385 Fix deprecated interface usage that crept into lvm.if. 2010-05-24 13:08:08 -04:00
Chris PeBenito
e2c9450235 Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file. Module version bump for d56b33a. 2010-05-18 10:28:17 -04:00
Chris Richards
d56b33a1e4 Create new interface and type for managing /etc/udev/rules.d
udev_var_run_t is used for managing files in /etc/udev/rules.d as well as other files, including udev pid files.  This patch creates a type specifically for rules.d files, and an interface for managing them.  It also gives access to this type to initrc_t so that rules can be properly populated during startup.  This also fixes a problem on Gentoo where udev rules are NOT properly populated on startup.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-05-18 10:20:55 -04:00
Chris Richards
9b3e798ea3 bootmisc init script, 2nd try
Allow to create /var/lock/.keep.  This prevents Portage from destroying /var/lock under certain conditions.  This patch is Gentoo specific.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-04-26 12:59:12 -04:00
Chris PeBenito
4a8bd017aa Module version bump and extra comments for 194d61f. 2010-04-24 08:10:43 -04:00
Chris Richards
194d61fd3c modutils patch for update-modules
update-modules on Gentoo throws errors when run because it sources /etc/init.d/functions.sh, which always scans /var/lib/init.d to set SOFTLEVEL environment var.  This is never used by update-modules.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:08:15 -04:00
Chris PeBenito
78352db924 Module version bump for 8c38fba. 2010-04-24 08:07:51 -04:00
Chris Richards
8c38fba0f0 allow syslog-ng to setrlimit
syslog-ng wants to increase the number of permissible open files from 256 to 4096 on unix/linux systems.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:02:23 -04:00
Chris PeBenito
bc31d12725 Libraries patch from Dan Walsh. 2010-03-19 14:21:23 -04:00
Chris PeBenito
0d86ea1d7b Xen patch from Dan Walsh. 2010-03-19 11:54:50 -04:00
Chris PeBenito
b60df9f57d Getty patch from Dan Walsh. 2010-03-19 11:05:56 -04:00
Chris PeBenito
1fa92b8a55 Sysnetwork patch from Dan Walsh. 2010-03-18 15:40:04 -04:00
Chris PeBenito
ddd786e404 Init patch from Dan Walsh. 2010-03-18 10:19:49 -04:00
Chris PeBenito
153ed8751a Authlogin patch from Dan Walsh. 2010-03-18 08:59:25 -04:00
Chris PeBenito
4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito
a124c0a81f Udev patch from Dan Walsh. 2010-03-17 15:17:48 -04:00
Chris PeBenito
7a8807b627 Logging patch from Dan Walsh. 2010-03-17 14:40:06 -04:00
Chris PeBenito
90e65feca5 Ipsec patch from Dan Walsh. 2010-03-17 13:52:07 -04:00
Chris PeBenito
d13c6758a4 Modutils patch from Dan Walsh. 2010-03-17 11:59:14 -04:00
Chris PeBenito
827060cb04 Style fixes and module version bumps for 38fc1bd. 2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180 Likewise policy.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
2f0e3a4e7e Raid patch from Dan Walsh. 2010-03-09 15:33:29 -05:00
Chris PeBenito
30496b1575 Iscsi and tgtd patches from Dan Walsh. 2010-03-09 15:17:16 -05:00
Chris PeBenito
939eaf2f13 Fstools patch from Dan Walsh. 2010-03-09 14:32:17 -05:00
Chris PeBenito
d0a6df5c47 Miscfiles patch from Dan Walsh. 2010-03-09 10:44:55 -05:00
Chris PeBenito
1112a5bc20 Module version bump for be47d75. 2010-03-04 09:18:04 -05:00
Jeremy Solt
4d2680e508 hotplug transition to brctl from Dan Walsh 2010-03-04 09:18:04 -05:00
Chris PeBenito
402bbb9fe9 Improve documentation of udev_read_db(). 2010-03-03 14:16:36 -05:00
Chris PeBenito
b675cec7f8 Improve documentation of seutil_sigchld_newrole(). 2010-03-03 14:16:22 -05:00
Chris PeBenito
a6bafb5a25 Module version bump for bf530f5. 2010-03-03 13:11:58 -05:00
Dominick Grift
bf530f532c Various permission set fixes.
Fix various interfaces to use permission sets for compatiblity with open permission.

Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.

The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
Chris PeBenito
b58db31da6 Improve the documentation of application_domain(). 2010-03-03 10:37:58 -05:00
Chris PeBenito
d24a7df15c Improve the documentation of auth_use_nsswitch(). 2010-03-03 10:37:37 -05:00
Dominick Grift
4cb24aed7b Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
Chris PeBenito
c46376e665 Improve documentation for userdomain interfaces:
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00
Chris PeBenito
42f1b11482 Module version bump for 03dd57f. 2010-03-01 13:34:10 -05:00
Dominick Grift
03dd57fe7b Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
Chris PeBenito
5fb5bf2686 Additional docs for logging_log_filetrans(). 2010-03-01 10:38:24 -05:00
Chris PeBenito
14e543cb1c Improve the documentation of unconfined_domain(). 2010-02-26 13:47:17 -05:00
Chris PeBenito
45185c0783 Improve the documentation of logging_log_file() and logging_log_filetrans(). 2010-02-26 09:34:41 -05:00
Chris PeBenito
13f000d2ef Improve the documentation of:
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()
2010-02-25 16:00:58 -05:00
Chris PeBenito
d6887176c1 Improve sysnet_read_config() documentation. 2010-02-25 13:54:34 -05:00
Chris PeBenito
81a0fb4024 Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage. 2010-02-25 13:53:52 -05:00