Commit Graph

720 Commits

Author SHA1 Message Date
Chris PeBenito
71fe0fa4c5 fixes for module compiling 2005-09-14 00:30:10 +00:00
Chris PeBenito
0907bda1e0 more merging of NSA CVS policy 2005-09-13 13:06:07 +00:00
Chris PeBenito
2705f9a0f3 begin merging in upstream NSA CVS changes 2005-09-12 21:40:56 +00:00
Chris PeBenito
082dcd9eb2 add base mod changelog entry 2005-09-12 15:58:44 +00:00
Chris PeBenito
712566ee41 fixes to make base module compilable 2005-09-12 15:17:39 +00:00
Chris PeBenito
2e863f8ad0 add first part of changes to make base module compilable 2005-09-09 20:51:54 +00:00
Chris PeBenito
0fdf3ef75e fix sshd to use initrc transition while typeattribute in conditionals is still broken 2005-09-09 20:49:59 +00:00
Chris PeBenito
9ff3003346 add zebra. change ssh to default to initrc transition instead of inetd while typeattribute in conditionals doesnt work 2005-09-09 13:24:11 +00:00
Chris PeBenito
eb3cb6820a add portmap 2005-09-08 17:12:38 +00:00
Chris PeBenito
d17b4d2323 add ktalk 2005-09-08 13:42:13 +00:00
Chris PeBenito
9b06402eaf add missing rules of other domains using inn 2005-09-08 13:23:11 +00:00
Chris PeBenito
541b7d57ff new release 2005-09-07 16:15:51 +00:00
Chris PeBenito
763a5e30c6 misc fixes 2005-09-07 13:31:37 +00:00
Chris PeBenito
8d93523409 add inn 2005-09-06 18:37:27 +00:00
Chris PeBenito
603f90ab9d misc fixes 2005-09-05 18:17:17 +00:00
Chris PeBenito
b11a75a5e3 add ntp 2005-09-05 16:47:19 +00:00
Chris PeBenito
ce1b44aac4 typo 2005-09-02 20:55:17 +00:00
Chris PeBenito
ac0483aefe add dictd 2005-09-02 20:50:54 +00:00
Chris PeBenito
fdae8e755e add hal 2005-09-02 20:29:52 +00:00
Chris PeBenito
f344c0f38e move dhcpd to dhcp 2005-09-02 19:18:43 +00:00
Chris PeBenito
0f707d52ab add squid 2005-09-02 19:11:07 +00:00
Chris PeBenito
7c8fc35b14 add dhcpd 2005-09-02 14:52:08 +00:00
Chris PeBenito
9d3bdc25af fix bugs uncovered from sediff 2005-09-01 20:13:42 +00:00
Chris PeBenito
c0d1566a13 move rhgb_domain into TODO so modules can compile as binary modules 2005-09-01 13:52:59 +00:00
Chris PeBenito
631ee4d3cf finish remaining dbus bits 2005-09-01 13:34:45 +00:00
Chris PeBenito
0c3d170578 add dbus 2005-08-31 20:58:12 +00:00
Chris PeBenito
6af06cd8b6 fix typos 2005-08-31 16:54:19 +00:00
Chris PeBenito
768283ac46 cosmetics 2005-08-31 16:49:30 +00:00
Chris PeBenito
6e61566dba add comsat. clean up kerberos and nscd interfaces 2005-08-31 15:25:12 +00:00
Chris PeBenito
246839f3d2 fix up most of mta attribute insanity 2005-08-30 20:47:41 +00:00
Chris PeBenito
451c1e3d59 send user role to per userdomain templates. update templated interfaces
to have the prefix be the first argument
2005-08-30 15:48:57 +00:00
Chris PeBenito
e5d45268fd make corecommands required 2005-08-30 14:41:52 +00:00
Chris PeBenito
a19e346437 doctool display for no interfaces or templates 2005-08-29 19:55:00 +00:00
Chris PeBenito
37aa3ff267 update for release 2005-08-26 15:02:23 +00:00
Chris PeBenito
9439a25899 update config, switch most to module 2005-08-26 13:30:59 +00:00
Chris PeBenito
2a94561a89 start adding in templated interfaces 2005-08-25 20:27:20 +00:00
Chris PeBenito
d4df0aa62c remove bad changelog date 2005-08-25 14:49:31 +00:00
Chris PeBenito
c6299b2a1b add rpm spec skeleton 2005-08-24 20:42:15 +00:00
Chris PeBenito
6d12276bf5 fix quoting 2005-08-24 20:18:28 +00:00
Chris PeBenito
e28aa682c7 reformat for use in rpm 2005-08-24 20:18:06 +00:00
Chris PeBenito
3110dec4f3 fix tunables 2005-08-24 20:00:10 +00:00
Chris PeBenito
82024f9942 do bools until loadable modules support tunables 2005-08-24 18:30:47 +00:00
Chris PeBenito
d83fdad248 add bind 2005-08-23 17:26:19 +00:00
Chris PeBenito
902be0ae21 add privoxy 2005-08-22 21:49:27 +00:00
Chris PeBenito
35ecf83839 add rsync 2005-08-22 21:17:10 +00:00
Chris PeBenito
f9b11e9615 add howl 2005-08-22 20:43:20 +00:00
Chris PeBenito
4b8c5489ec move require to right position, for modular policy 2005-08-22 20:18:42 +00:00
Chris PeBenito
a6df70c11a more comments 2005-08-22 20:05:40 +00:00
Chris PeBenito
8b75b07055 remove comment about monolithic only supported 2005-08-22 18:28:45 +00:00
Chris PeBenito
c04f2abe88 complete infrastructure support for building modules 2005-08-22 17:07:17 +00:00
Chris PeBenito
db93d707c5 mark userpace object classes 2005-08-22 14:13:19 +00:00
Chris PeBenito
f6e28abbab moved to selinux module 2005-08-19 20:05:02 +00:00
Chris PeBenito
28f0329c78 for base module, only enable modules actually in it 2005-08-19 20:00:05 +00:00
Chris PeBenito
fb0a3a98c6 initial support for compiling loadable modules 2005-08-18 21:27:20 +00:00
Chris PeBenito
f862c35c37 add gpm 2005-08-17 21:28:31 +00:00
Chris PeBenito
2961e79b55 add ldap 2005-08-17 18:33:43 +00:00
Chris PeBenito
23ca91f8bb cleanup 2005-08-17 17:31:57 +00:00
Chris PeBenito
545b0c9176 add rshd 2005-08-17 15:23:24 +00:00
Chris PeBenito
886907ccef add firstboot 2005-08-17 15:08:12 +00:00
Chris PeBenito
57a96cbd0b add firstboot 2005-08-17 14:14:07 +00:00
Chris PeBenito
2d803edc73 more debian cleanup 2005-08-17 14:09:29 +00:00
Chris PeBenito
a573790b4d make default for optional modules to module instead of base 2005-08-15 20:31:37 +00:00
Chris PeBenito
4806a05cfb fix broken xml of previous commit 2005-08-15 19:35:20 +00:00
Chris PeBenito
5f38a65aab try to knock out more of the distro_debian bootloader stuff 2005-08-15 19:31:37 +00:00
Chris PeBenito
21468a6076 add loadkeys 2005-08-15 14:46:17 +00:00
Chris PeBenito
8843093607 more comments 2005-08-12 19:28:30 +00:00
Chris PeBenito
f0b1efa2a2 all dev nodes assoc to tmpfs, since most everyone is moving to udev 2005-08-12 19:28:15 +00:00
Chris PeBenito
c5a6dcbc3e quiet file context validation 2005-08-12 18:15:00 +00:00
Chris PeBenito
35b494789d fix some udev naming 2005-08-12 18:13:03 +00:00
Chris PeBenito
aae06c1306 fix system spool file problem 2005-08-12 17:54:55 +00:00
Chris PeBenito
d06f3c3752 remove secdesc since desc is sufficient 2005-08-11 17:55:47 +00:00
Chris PeBenito
f7ebea06e3 finalize desc -> summary xml change 2005-08-11 17:46:39 +00:00
Chris PeBenito
4aa0dc20b4 add tcpd 2005-08-11 15:17:13 +00:00
Chris PeBenito
e694b51e6b fix no interface module handling in segenxml 2005-08-11 14:55:41 +00:00
Chris PeBenito
052c953ae5 add quota 2005-08-11 14:49:58 +00:00
Chris PeBenito
5a3895a9f6 tabbing fix 2005-08-11 14:35:52 +00:00
Chris PeBenito
e784300a62 add sudo 2005-08-09 19:30:43 +00:00
Chris PeBenito
b9d7d70b33 add template xml 2005-08-09 19:21:25 +00:00
Chris PeBenito
9489149ec0 add su 2005-08-08 21:03:23 +00:00
Chris PeBenito
9465452eec fix gen_user comment for more clarity 2005-08-08 18:13:56 +00:00
Chris PeBenito
dce68dc48d add updfstab 2005-08-08 15:51:15 +00:00
Chris PeBenito
f5e321b0f0 fix xml tags 2005-08-08 15:43:20 +00:00
Chris PeBenito
7057c18db0 a few more ssh touchups 2005-08-05 18:49:23 +00:00
Chris PeBenito
ed78ea0034 add tmpreaper 2005-08-05 15:32:27 +00:00
Chris PeBenito
9a66d4e562 add acct 2005-08-05 14:32:12 +00:00
Chris PeBenito
3fd8336882 misc cleanup 2005-08-04 20:54:51 +00:00
Chris PeBenito
42be7c214d add mysql 2005-08-03 17:56:26 +00:00
Chris PeBenito
046a21da80 search sbin dirs to find the pgms 2005-08-03 17:43:41 +00:00
Chris PeBenito
81343a6f90 * Rename ipsec connect interface for consistency.
* Add missing parts of unix stream socket connect interface
  of ipsec.
* Rename inetd connect interface for consistency.
2005-08-03 15:16:33 +00:00
Chris PeBenito
52a902b803 new release 2005-08-02 14:54:30 +00:00
Chris PeBenito
6db8e52a8f new release 2005-08-02 14:51:50 +00:00
Chris PeBenito
60abb5fdab add missing 2005-08-01 15:58:14 +00:00
Chris PeBenito
cd8fa41253 fix comparison bug 2005-08-01 15:49:05 +00:00
Chris PeBenito
96a150deac move file context validation to install 2005-07-29 20:49:52 +00:00
Chris PeBenito
bbdbdb9edf fix stray line that got out of TODO 2005-07-29 15:07:15 +00:00
Chris PeBenito
e5590ea5ec work on user transition 2005-07-28 20:52:55 +00:00
Chris PeBenito
c13146d97a update 2005-07-27 21:01:19 +00:00
Chris PeBenito
78d30cb1f4 Fix handling of ordered and unordered HTML lists. 2005-07-22 19:15:49 +00:00
Chris PeBenito
022f61c0e3 add connect interface on ports to handle name_connect tcp perm 2005-07-22 15:38:01 +00:00
Chris PeBenito
50527cf581 make network_interface able to support multiple interfaces having the same type 2005-07-22 14:00:38 +00:00
Chris PeBenito
953541a918 update from privmail 2005-07-21 20:34:57 +00:00
Chris PeBenito
80526ccbdd add an example module config for a targeted policy 2005-07-20 20:11:49 +00:00
Chris PeBenito
ea7d571bd7 /var/lib is now a mountpoint 2005-07-20 17:36:48 +00:00
Chris PeBenito
53857c8c05 unconfined can pass all constraints 2005-07-20 17:24:23 +00:00
Chris PeBenito
ef424c14d4 name_connect only on tcp_sockets 2005-07-20 17:10:07 +00:00
Chris PeBenito
9496fd5119 unconfined can name_connect to all ports 2005-07-20 17:08:07 +00:00
Chris PeBenito
d250634311 reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface 2005-07-20 17:06:10 +00:00
Chris PeBenito
f82c6ac64c bah typo 2005-07-20 15:08:33 +00:00
Chris PeBenito
0b28a23114 user home dirs were missing file type in targ policy 2005-07-20 15:06:49 +00:00
Chris PeBenito
1e3f610b3b add missing dir and file perms for selinuxfs in unconfined 2005-07-20 14:57:13 +00:00
Chris PeBenito
689f6ddb35 fix typos and import some rules from NSA cvs to make targeted policy work 2005-07-20 14:25:24 +00:00
Chris PeBenito
474f43d13d should actually try compiling first :x 2005-07-20 13:39:10 +00:00
Chris PeBenito
bd7e7a6417 missed a line 2005-07-20 13:37:18 +00:00
Chris PeBenito
a28f6db576 add in some rules from NSA CVS to make targeted policy work 2005-07-20 13:30:06 +00:00
Chris PeBenito
8c3f438f75 corenet was missing from unconfined 2005-07-19 20:38:26 +00:00
Chris PeBenito
892266ca76 more targeted policy fixes 2005-07-19 20:26:02 +00:00
Chris PeBenito
21f47732b1 add new netlink socket class 2005-07-19 20:25:42 +00:00
Chris PeBenito
ec848d247f more fixes for targeted 2005-07-19 19:37:43 +00:00
Chris PeBenito
2ec4c9d38f more cleanup 2005-07-19 18:40:31 +00:00
Chris PeBenito
8b0bbdda34 fixes for targeted policy 2005-07-19 18:40:19 +00:00
Chris PeBenito
391edeb577 fix assertions for framework 2005-07-18 20:17:21 +00:00
Chris PeBenito
a5f339f134 more cleanup in system 2005-07-18 18:31:49 +00:00
Chris PeBenito
9f103ce14b fix to use context_template() 2005-07-18 14:25:05 +00:00
Chris PeBenito
3b6174a142 add missing context template 2005-07-15 20:54:24 +00:00
Chris PeBenito
50aca6d2f9 add raid (mdadm) 2005-07-15 20:45:26 +00:00
Chris PeBenito
d9fd8e7562 more pcmcia cleanup 2005-07-15 19:18:55 +00:00
Chris PeBenito
157c69416f add macro to expand object class sets for use in require blocks 2005-07-15 15:53:54 +00:00
Chris PeBenito
50f6503452 * break up files_getattr_all_files into correct interfaces
* move stuff out of pcmcia into the appropriate modules
2005-07-15 15:17:57 +00:00
Chris PeBenito
f136a944c5 reorder in alpha order of type, for sanity purposes 2005-07-15 14:30:19 +00:00
Chris PeBenito
316553a275 add pcmcia 2005-07-14 20:58:57 +00:00
Chris PeBenito
e0d57fbcb1 add pcmcia 2005-07-14 20:57:17 +00:00
Chris PeBenito
c429cb5e26 fix up the xml 2005-07-14 20:02:53 +00:00
Chris PeBenito
11633bbaa8 add ipsec 2005-07-14 18:15:47 +00:00
Chris PeBenito
493d6c4adc add nscd 2005-07-13 20:48:51 +00:00
Chris PeBenito
df00b2e235 * fix chroot exec interface
* more TODO cleanup
* move IPC out of generic domtrans interfaces
2005-07-13 18:29:08 +00:00
Chris PeBenito
25a0c61ffc add distro tunables. expand on a few comments 2005-07-13 18:08:12 +00:00
Chris PeBenito
b24f35d8a3 more cleanup of current TODOs 2005-07-12 20:34:24 +00:00
Chris PeBenito
20a22759a7 fix comments for templates to have same number of # as interfaces 2005-07-12 20:33:42 +00:00
Chris PeBenito
4051d15b62 fix xml 2005-07-11 19:15:54 +00:00
Chris PeBenito
ae9e2716c3 fix more TODOs. fix selinux.te to selinuxutil.te in optionals 2005-07-11 19:02:50 +00:00
Chris PeBenito
34bbe50d50 improve display of tunables and booleans 2005-07-11 14:41:21 +00:00
Chris PeBenito
4d7511ba57 add tun and bool descriptions 2005-07-11 13:49:15 +00:00
Chris PeBenito
249d461f23 initial global booleans and tunables support. also fix index
building, as it was being rebuilt for every module, rather then
once after all modules are loaded.
2005-07-08 21:02:59 +00:00
Chris PeBenito
a42ca7ebec another round of TODO cleanup 2005-07-08 20:44:57 +00:00
Chris PeBenito
4d0d4157f4 silly formatting fix 2005-07-08 19:44:12 +00:00
Chris PeBenito
c11958bd0f support for global booleans 2005-07-08 14:22:17 +00:00
Chris PeBenito
acb668edf1 * Added support for layer summaries.
* Added a "Index" link on the menu to link to index.html
* Added links from the master interface & template lists
  to their respective documentation in their module.
* Added links to "Interfaces" and "Templates" in modules
  that have both.
* Added "Return" links after the "Interfaces" and "Templates"
  section that go to the top of the module site.
2005-07-07 20:56:27 +00:00
Chris PeBenito
58c7777e14 tag for 20050707 release 2005-07-07 17:25:53 +00:00
Chris PeBenito
dfa83e924c add changelog 2005-07-07 17:13:17 +00:00
Chris PeBenito
e5f8060316 implement direct_sysadm_daemon 2005-07-07 15:25:28 +00:00
Chris PeBenito
1aa526281b missing rules uncovered by sediff 2005-07-07 15:20:24 +00:00
Chris PeBenito
c98340cfeb support for targeted policy 2005-07-06 20:28:29 +00:00
Chris PeBenito
83ce670b3d put back to strict. will have separate strict and targeted appconfig 2005-07-06 19:42:27 +00:00
Chris PeBenito
14b25bc455 validate file contexts 2005-07-06 18:34:27 +00:00
Chris PeBenito
ed1a92b88c ksu moves to su 2005-07-06 17:41:58 +00:00
Chris PeBenito
bb32544d61 add missing ssh file contexts 2005-07-06 15:59:54 +00:00
Chris PeBenito
a3fdcebc6a quiet the awk if modules.conf doesnt exist 2005-07-06 15:24:45 +00:00
Karl MacMillan
ebb884dec2 - Removed OUTPUT_VERSION as default.
- Added default name as refpolicy to avoid clobbering string installs
2005-07-06 15:23:28 +00:00
Chris PeBenito
e17cb83c3d update appconfig for unconfined login 2005-07-06 13:12:20 +00:00
Chris PeBenito
9726b31857 add unconfined 2005-07-05 20:59:51 +00:00
Chris PeBenito
e8f0055b6d fix quoting problem 2005-07-05 20:54:12 +00:00
Chris PeBenito
e8b3e30abe fix for new new modules.conf behavior 2005-07-05 19:42:11 +00:00
Chris PeBenito
f0cc1acd4a update for required tag 2005-07-05 19:35:07 +00:00
Chris PeBenito
2745476e4a add required tags 2005-07-05 17:47:15 +00:00
Chris PeBenito
d78fdee465 add tag for required modules 2005-07-05 16:03:47 +00:00
Chris PeBenito
a7a9799d79 convert can_kerberos() 2005-07-01 13:31:34 +00:00
Chris PeBenito
65c8613766 ul has to be in a p 2005-07-01 13:10:57 +00:00
Chris PeBenito
5e1ed4903e initial commit 2005-06-30 21:11:54 +00:00
Chris PeBenito
fd89e19f12 more work on current modules 2005-06-30 18:54:08 +00:00
Chris PeBenito
ebdc3b7902 clean up more todos 2005-06-29 20:53:53 +00:00
Chris PeBenito
e8d8faa820 dont show interface/template hotlinks if the module doesnt have one of them. 2005-06-29 16:55:13 +00:00
Chris PeBenito
d233bfce3f make layer summary required 2005-06-29 16:54:13 +00:00
Chris PeBenito
00172fb7c4 change messages for missing docs 2005-06-29 14:48:28 +00:00
Chris PeBenito
06c9680d78 make interfaces or templates section not shown if empty 2005-06-29 14:48:13 +00:00
Chris PeBenito
8fd3673225 another round of renaming, for consistency 2005-06-29 14:26:41 +00:00
Chris PeBenito
743b65115c link fix 2005-06-29 13:05:16 +00:00
Chris PeBenito
96ce00afcc add logrotate, more low-hanging fruit 2005-06-28 20:54:49 +00:00
Chris PeBenito
effd58c647 add templates 2005-06-28 20:41:50 +00:00
Chris PeBenito
ceebe3b4b0 change desc to summary 2005-06-28 19:51:46 +00:00
Chris PeBenito
896badc4d2 add comments and error handling 2005-06-28 19:50:38 +00:00
Chris PeBenito
2d56fdc240 preserve tunable values if tunables.conf exists 2005-06-28 18:01:47 +00:00
Chris PeBenito
cbca03f513 add lost_found_t manage, rename fs_type attribute to filesystem_type and rename fs_make_fs to fs_type 2005-06-28 17:48:59 +00:00
Chris PeBenito
783b38347e more low hanging fruit cleanup 2005-06-28 17:32:57 +00:00
Chris PeBenito
cedae2e49e better handling of whitespace 2005-06-28 17:31:50 +00:00
Chris PeBenito
19db6ba5a9 change modules.conf behavior to be in line with behavior which will be used in the future for base module 2005-06-28 17:31:18 +00:00
Chris PeBenito
a4c639ddd5 change modules.conf handling 2005-06-28 15:19:40 +00:00
Chris PeBenito
58c3da55f3 add fstools, and more cleanup 2005-06-27 20:59:28 +00:00
Chris PeBenito
80436b9b8f changes to make inetd work 2005-06-27 18:37:33 +00:00
Chris PeBenito
24bf11c62a initial commit 2005-06-27 18:36:56 +00:00
Chris PeBenito
ab940a4cc1 autofs_t and ypbind cleanup 2005-06-27 16:30:55 +00:00
Chris PeBenito
e88003ffe3 xml updates and nis stuff 2005-06-24 20:37:09 +00:00
Chris PeBenito
f8838e6ac1 better dummy xml entries 2005-06-24 20:36:49 +00:00
Chris PeBenito
73fbc771d1 initial commit 2005-06-24 19:49:46 +00:00
Chris PeBenito
62a7b02c5b add/update comments 2005-06-24 13:36:57 +00:00
Chris PeBenito
e81f0220b6 add template support, and add dummy parameters for interfaces that have no comments, so it is valid against the dtd 2005-06-24 13:36:22 +00:00
Chris PeBenito
414e415198 update for new documentation method 2005-06-23 21:30:57 +00:00
Chris PeBenito
aad5b98eba more updates 2005-06-23 20:35:48 +00:00
Chris PeBenito
c3a0754c23 a couple output fixes 2005-06-23 20:27:25 +00:00
Chris PeBenito
9916c694b4 update to new commenting style 2005-06-23 20:27:06 +00:00
Chris PeBenito
45239964e5 move ssh tunables into global_tunables 2005-06-23 19:57:15 +00:00