Chris PeBenito
|
378d5cda05
|
initial packet rules
|
2006-05-25 17:56:07 +00:00 |
|
Chris PeBenito
|
c5657a262b
|
add generic packet interfaces, and fix up unconfined handling
|
2006-05-25 17:01:36 +00:00 |
|
Chris PeBenito
|
e4b30fb010
|
remove debugging statemnet
|
2006-05-25 16:40:52 +00:00 |
|
Chris PeBenito
|
6962bb3283
|
add makefile support for netfilter contexts
|
2006-05-25 15:14:19 +00:00 |
|
Chris PeBenito
|
6b873c4da0
|
fix copyright years
|
2006-05-25 15:09:06 +00:00 |
|
Chris PeBenito
|
d24259b7a7
|
fix handling of comments at the end of the line, and add copyright
|
2006-05-25 15:04:39 +00:00 |
|
Chris PeBenito
|
df15d004ef
|
fix chain declaration
|
2006-05-25 14:10:55 +00:00 |
|
Chris PeBenito
|
d6d8b7037d
|
add command line arguments support, and mls/mcs support
|
2006-05-25 14:02:41 +00:00 |
|
Chris PeBenito
|
29a0519186
|
add compute_av for doing rootok check
|
2006-05-25 13:14:08 +00:00 |
|
Chris PeBenito
|
c890249a4c
|
use network_port()s to declare packets, since packets match up with these ports
|
2006-05-24 21:28:49 +00:00 |
|
Chris PeBenito
|
d6c62e7df7
|
initial commit of netfilter config generator tool, still needs work on mls/mcs side.
|
2006-05-24 21:27:52 +00:00 |
|
Chris PeBenito
|
6293baeacc
|
allow iptables to relabelto all packets
|
2006-05-23 19:07:22 +00:00 |
|
Chris PeBenito
|
e37158e6b9
|
initial support for packets
|
2006-05-23 18:31:02 +00:00 |
|
Chris PeBenito
|
a013b55e3e
|
initial addition of packet policy, allow unconfined to send unlabeled packets.
|
2006-05-22 20:47:05 +00:00 |
|
Chris PeBenito
|
e126047c73
|
no user contexts for strict policy
|
2006-05-22 18:24:19 +00:00 |
|
Chris PeBenito
|
263721b9a4
|
dontaudit just the kernel fd use, the others may indicate problems for other reasons.
|
2006-05-19 20:02:41 +00:00 |
|
Chris PeBenito
|
8fa4943032
|
add back stray file descriptors dontaudit for rhel4
|
2006-05-19 19:52:18 +00:00 |
|
Chris PeBenito
|
c55b6f28ee
|
add packet security class
|
2006-05-19 17:45:46 +00:00 |
|
Chris PeBenito
|
2288381d08
|
cleanup init_t a little
|
2006-05-19 17:44:27 +00:00 |
|
Chris PeBenito
|
41a0f8bf3b
|
move selinux unconfined to attribute setup, clean up unconfined interface a bit
|
2006-05-19 15:15:45 +00:00 |
|
Chris PeBenito
|
9d4538024a
|
patch from russell Fri, 19 May 2006 20:28:29 +1000
|
2006-05-19 14:06:18 +00:00 |
|
Chris PeBenito
|
87eb5c84e7
|
patch from dan Thu, 18 May 2006 11:56:22 -0400
|
2006-05-19 14:02:24 +00:00 |
|
Chris PeBenito
|
46fc46cfdd
|
fixes for gentoo
|
2006-05-19 13:14:37 +00:00 |
|
Chris PeBenito
|
5f4b5698c1
|
fix example.te
|
2006-05-18 17:55:03 +00:00 |
|
Chris PeBenito
|
b516e80f24
|
start cleaning up node binding and raw if/node access
|
2006-05-17 20:55:12 +00:00 |
|
Chris PeBenito
|
165b42d230
|
most of patch from dan Mon, 15 May 2006 11:58:01 -0400
|
2006-05-17 14:50:31 +00:00 |
|
Chris PeBenito
|
75c1c261c1
|
add info on build options
|
2006-05-16 15:05:40 +00:00 |
|
Chris PeBenito
|
b0bdcba0e8
|
update admin template docs
|
2006-05-16 13:36:57 +00:00 |
|
Chris PeBenito
|
28401d2a1d
|
gentoo has passwd in /bin
|
2006-05-15 20:43:10 +00:00 |
|
Chris PeBenito
|
fc47b34c82
|
Add a copy of genhomedircon for monolithic policy building, so that a policycoreutils package update is not required for RHEL4 systems.
|
2006-05-15 15:21:43 +00:00 |
|
Chris PeBenito
|
21d173a460
|
remove rules added to make sediff easier
|
2006-05-12 19:37:56 +00:00 |
|
Chris PeBenito
|
e9a4084de1
|
clean up some apache networking perms
|
2006-05-12 18:43:31 +00:00 |
|
Chris PeBenito
|
013d746abc
|
add apache_manage_all_content, bug 1602
|
2006-05-10 20:24:40 +00:00 |
|
Chris PeBenito
|
88bc7af316
|
fix sendmail_exec_t encapsulation breakage
|
2006-05-10 18:42:22 +00:00 |
|
Chris PeBenito
|
ac9db9b54e
|
document remaining interfaces w/o XML. turn on warnings for missing XML.
|
2006-05-10 18:09:08 +00:00 |
|
Chris PeBenito
|
727758a042
|
make executable
|
2006-05-10 18:08:40 +00:00 |
|
Chris PeBenito
|
e8ffdfc78f
|
document postfix templates, remove postfix_public_domain_template()
|
2006-05-10 18:08:06 +00:00 |
|
Chris PeBenito
|
e58da022e9
|
document postfix templates, remove postfix_public_domain_template()
|
2006-05-10 18:07:31 +00:00 |
|
Chris PeBenito
|
f827eb6320
|
fixes from testing
|
2006-05-09 20:13:25 +00:00 |
|
Chris PeBenito
|
88d68f60bc
|
remove unreproducible notatsecure problem, bug 1411
|
2006-05-09 18:39:35 +00:00 |
|
Chris PeBenito
|
54d01c821f
|
pyzor does not have a per userdomain template
|
2006-05-09 18:03:33 +00:00 |
|
Chris PeBenito
|
4c44b8d594
|
ssh_keysign_exec_t should be a bin
|
2006-05-09 15:24:11 +00:00 |
|
Chris PeBenito
|
6bd449484d
|
add nx, bug 1535
|
2006-05-09 15:12:17 +00:00 |
|
Chris PeBenito
|
46bec43425
|
add clockspeed from petre rodan
|
2006-05-08 14:16:10 +00:00 |
|
Chris PeBenito
|
bf2f29a845
|
fix broken macro calls
|
2006-05-08 13:22:11 +00:00 |
|
Chris PeBenito
|
858a1faefb
|
dontaudit chroot, glibc compile is ok without it
|
2006-05-08 13:21:36 +00:00 |
|
Chris PeBenito
|
20e929e0a1
|
add razor, bug 1542
|
2006-05-05 19:26:50 +00:00 |
|
Chris PeBenito
|
12cd9a06bf
|
add portslave, bug 1538
|
2006-05-05 18:51:42 +00:00 |
|
Chris PeBenito
|
48b1d0b0a0
|
add afs, bug 1514
|
2006-05-05 17:53:45 +00:00 |
|
Chris PeBenito
|
c8229a9321
|
add appletalk socket for cups
|
2006-05-04 20:42:06 +00:00 |
|
Chris PeBenito
|
f40b22bf42
|
add appletalk socket for cups
|
2006-05-04 20:40:49 +00:00 |
|
Chris PeBenito
|
6ba4d96490
|
add dcc, bug 1522
|
2006-05-04 17:44:26 +00:00 |
|
Chris PeBenito
|
988930d3a7
|
HOME_DIR only on strict
|
2006-05-03 20:32:35 +00:00 |
|
Chris PeBenito
|
8bf6f58e76
|
split type transition from auth_manage_shadow
|
2006-05-03 20:29:14 +00:00 |
|
Chris PeBenito
|
e993594365
|
patch from dan Tue, 02 May 2006 10:08:17 -0400, includes pyzor, bug 1541
|
2006-05-03 19:58:01 +00:00 |
|
Chris PeBenito
|
ea5333d1f9
|
add target for validating module linking, bug 1276
|
2006-05-02 20:14:41 +00:00 |
|
Chris PeBenito
|
2e9cd95e07
|
add oav, bug 1536
|
2006-05-02 19:42:04 +00:00 |
|
Chris PeBenito
|
6714c268a5
|
split out filetrans part of files_manage_etc_runtime_files(), bug 1663
|
2006-05-02 18:34:35 +00:00 |
|
Chris PeBenito
|
5bd9fd7bc2
|
add openca, bug 1660
|
2006-05-02 17:42:41 +00:00 |
|
Chris PeBenito
|
5706facdf2
|
make dupe interface and templates a fatal error.
|
2006-05-02 14:34:32 +00:00 |
|
Chris PeBenito
|
b6cc2f91f4
|
add sxid, bug 1661
|
2006-05-01 20:36:13 +00:00 |
|
Chris PeBenito
|
e8bf4dc9ec
|
fix optional
|
2006-05-01 20:35:26 +00:00 |
|
Chris PeBenito
|
3f1c086f9b
|
add monop, bug 1659.
|
2006-05-01 19:45:30 +00:00 |
|
Chris PeBenito
|
d40c0ecf7a
|
fix up entrypoints
|
2006-05-01 19:11:54 +00:00 |
|
Chris PeBenito
|
27881870eb
|
add missing entrypoint
|
2006-05-01 15:06:17 +00:00 |
|
Chris PeBenito
|
512e8cf9ff
|
remove broad ldap access
|
2006-04-28 20:44:15 +00:00 |
|
Chris PeBenito
|
d592b69e87
|
add watchdog, bug 1662
|
2006-04-28 20:20:40 +00:00 |
|
Chris PeBenito
|
050f364c01
|
add ircd, bug 1658
|
2006-04-28 19:23:17 +00:00 |
|
Chris PeBenito
|
f30e6ea8c6
|
add yam, bug 1554
|
2006-04-28 18:30:02 +00:00 |
|
Chris PeBenito
|
b6d37ebb7c
|
add munin, bug 1530
|
2006-04-28 15:50:06 +00:00 |
|
Chris PeBenito
|
6a21cefd8b
|
add nsd, bug 1534
|
2006-04-27 19:41:35 +00:00 |
|
Chris PeBenito
|
b6b5747bac
|
add authbind, bug 1516
|
2006-04-27 18:11:26 +00:00 |
|
Chris PeBenito
|
06e2775687
|
add nrpe to nagios, bug 1533
|
2006-04-27 16:37:40 +00:00 |
|
Chris PeBenito
|
03d797cc97
|
fixes for confined vmware sessions
|
2006-04-26 20:30:08 +00:00 |
|
Chris PeBenito
|
677de4d479
|
add template doc
|
2006-04-26 19:24:38 +00:00 |
|
Chris PeBenito
|
5b7b2b024a
|
fixes for testing with unconfined vms
|
2006-04-26 19:03:41 +00:00 |
|
Chris PeBenito
|
b35d3f78ab
|
add vmware, bug 1389
|
2006-04-26 18:18:29 +00:00 |
|
Chris PeBenito
|
a6a638dc18
|
add vmware, bug 1389
|
2006-04-26 18:18:15 +00:00 |
|
Chris PeBenito
|
0e1c461e05
|
more of patch from dan Thu, 20 Apr 2006 14:06:03 -0400
|
2006-04-26 15:22:33 +00:00 |
|
Chris PeBenito
|
5540e76ac7
|
add rssh, bug 1544
|
2006-04-25 19:17:43 +00:00 |
|
Chris PeBenito
|
70b8a7231e
|
add ddclient, bug 1523
|
2006-04-25 17:50:31 +00:00 |
|
Chris PeBenito
|
4d73bb4f97
|
add imaze, bug 1528
|
2006-04-25 15:33:44 +00:00 |
|
Chris PeBenito
|
9b244cb0d4
|
add soundserver, bug 1547
|
2006-04-25 15:13:59 +00:00 |
|
Chris PeBenito
|
9e725d8a1a
|
add dnsmasq, bug 1524
|
2006-04-25 14:45:14 +00:00 |
|
Chris PeBenito
|
53bf559b07
|
fix stray texrel_shlib_t references
|
2006-04-25 13:58:06 +00:00 |
|
Chris PeBenito
|
6cd6d7aa1f
|
add gift, bug 1527
|
2006-04-24 20:21:27 +00:00 |
|
Chris PeBenito
|
57f233b01f
|
add backup, bug 1517
|
2006-04-24 18:58:46 +00:00 |
|
Chris PeBenito
|
8536924eec
|
add tripwire, bug 1550
|
2006-04-24 18:00:32 +00:00 |
|
Chris PeBenito
|
0377627083
|
misc cleanup
|
2006-04-24 14:52:01 +00:00 |
|
Chris PeBenito
|
82f1dfb5e8
|
fixes
|
2006-04-21 18:00:51 +00:00 |
|
Chris PeBenito
|
02f9b21e8c
|
first cut of hierarchical policy
|
2006-04-21 15:08:21 +00:00 |
|
Chris PeBenito
|
fb63d0b537
|
add concept of executables, and update policies which really want this intead of entrypoints
|
2006-04-19 21:43:02 +00:00 |
|
Chris PeBenito
|
85a0f96798
|
patch from dan Tue, 18 Apr 2006 23:16:15 -0400
|
2006-04-19 15:25:22 +00:00 |
|
Chris PeBenito
|
5d03fc244b
|
add gatekeeper, bug 1526
|
2006-04-18 20:35:09 +00:00 |
|
Chris PeBenito
|
478f0caee2
|
fix up openvpn port
|
2006-04-18 15:32:04 +00:00 |
|
Chris PeBenito
|
e3e37e853a
|
add asterisk and ntop.
|
2006-04-18 13:44:07 +00:00 |
|
Chris PeBenito
|
eeb8ea4b81
|
fix bad rules in samba, bug 1623
|
2006-04-17 19:51:46 +00:00 |
|
Chris PeBenito
|
86e869ed1c
|
stabilize make conf output from erich, bug 1242
|
2006-04-17 18:06:36 +00:00 |
|
Chris PeBenito
|
abc73a7764
|
second part of dans patch Fri, 14 Apr 2006 08:08:43 -0400
|
2006-04-17 17:54:57 +00:00 |
|
Chris PeBenito
|
cdc86ee57f
|
first part of dans patch Fri, 14 Apr 2006 08:08:43 -0400
|
2006-04-17 17:32:54 +00:00 |
|