Chris PeBenito
9496fd5119
unconfined can name_connect to all ports
2005-07-20 17:08:07 +00:00
Chris PeBenito
d250634311
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
Chris PeBenito
f82c6ac64c
bah typo
2005-07-20 15:08:33 +00:00
Chris PeBenito
0b28a23114
user home dirs were missing file type in targ policy
2005-07-20 15:06:49 +00:00
Chris PeBenito
1e3f610b3b
add missing dir and file perms for selinuxfs in unconfined
2005-07-20 14:57:13 +00:00
Chris PeBenito
689f6ddb35
fix typos and import some rules from NSA cvs to make targeted policy work
2005-07-20 14:25:24 +00:00
Chris PeBenito
474f43d13d
should actually try compiling first :x
2005-07-20 13:39:10 +00:00
Chris PeBenito
bd7e7a6417
missed a line
2005-07-20 13:37:18 +00:00
Chris PeBenito
a28f6db576
add in some rules from NSA CVS to make targeted policy work
2005-07-20 13:30:06 +00:00
Chris PeBenito
8c3f438f75
corenet was missing from unconfined
2005-07-19 20:38:26 +00:00
Chris PeBenito
892266ca76
more targeted policy fixes
2005-07-19 20:26:02 +00:00
Chris PeBenito
21f47732b1
add new netlink socket class
2005-07-19 20:25:42 +00:00
Chris PeBenito
ec848d247f
more fixes for targeted
2005-07-19 19:37:43 +00:00
Chris PeBenito
2ec4c9d38f
more cleanup
2005-07-19 18:40:31 +00:00
Chris PeBenito
8b0bbdda34
fixes for targeted policy
2005-07-19 18:40:19 +00:00
Chris PeBenito
391edeb577
fix assertions for framework
2005-07-18 20:17:21 +00:00
Chris PeBenito
a5f339f134
more cleanup in system
2005-07-18 18:31:49 +00:00
Chris PeBenito
9f103ce14b
fix to use context_template()
2005-07-18 14:25:05 +00:00
Chris PeBenito
3b6174a142
add missing context template
2005-07-15 20:54:24 +00:00
Chris PeBenito
50aca6d2f9
add raid (mdadm)
2005-07-15 20:45:26 +00:00
Chris PeBenito
d9fd8e7562
more pcmcia cleanup
2005-07-15 19:18:55 +00:00
Chris PeBenito
157c69416f
add macro to expand object class sets for use in require blocks
2005-07-15 15:53:54 +00:00
Chris PeBenito
50f6503452
* break up files_getattr_all_files into correct interfaces
...
* move stuff out of pcmcia into the appropriate modules
2005-07-15 15:17:57 +00:00
Chris PeBenito
f136a944c5
reorder in alpha order of type, for sanity purposes
2005-07-15 14:30:19 +00:00
Chris PeBenito
316553a275
add pcmcia
2005-07-14 20:58:57 +00:00
Chris PeBenito
e0d57fbcb1
add pcmcia
2005-07-14 20:57:17 +00:00
Chris PeBenito
c429cb5e26
fix up the xml
2005-07-14 20:02:53 +00:00
Chris PeBenito
11633bbaa8
add ipsec
2005-07-14 18:15:47 +00:00
Chris PeBenito
493d6c4adc
add nscd
2005-07-13 20:48:51 +00:00
Chris PeBenito
df00b2e235
* fix chroot exec interface
...
* more TODO cleanup
* move IPC out of generic domtrans interfaces
2005-07-13 18:29:08 +00:00
Chris PeBenito
25a0c61ffc
add distro tunables. expand on a few comments
2005-07-13 18:08:12 +00:00
Chris PeBenito
b24f35d8a3
more cleanup of current TODOs
2005-07-12 20:34:24 +00:00
Chris PeBenito
20a22759a7
fix comments for templates to have same number of # as interfaces
2005-07-12 20:33:42 +00:00
Chris PeBenito
4051d15b62
fix xml
2005-07-11 19:15:54 +00:00
Chris PeBenito
ae9e2716c3
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
Chris PeBenito
34bbe50d50
improve display of tunables and booleans
2005-07-11 14:41:21 +00:00
Chris PeBenito
4d7511ba57
add tun and bool descriptions
2005-07-11 13:49:15 +00:00
Chris PeBenito
249d461f23
initial global booleans and tunables support. also fix index
...
building, as it was being rebuilt for every module, rather then
once after all modules are loaded.
2005-07-08 21:02:59 +00:00
Chris PeBenito
a42ca7ebec
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
Chris PeBenito
4d0d4157f4
silly formatting fix
2005-07-08 19:44:12 +00:00
Chris PeBenito
c11958bd0f
support for global booleans
2005-07-08 14:22:17 +00:00
Chris PeBenito
acb668edf1
* Added support for layer summaries.
...
* Added a "Index" link on the menu to link to index.html
* Added links from the master interface & template lists
to their respective documentation in their module.
* Added links to "Interfaces" and "Templates" in modules
that have both.
* Added "Return" links after the "Interfaces" and "Templates"
section that go to the top of the module site.
2005-07-07 20:56:27 +00:00
Chris PeBenito
58c7777e14
tag for 20050707 release
2005-07-07 17:25:53 +00:00
Chris PeBenito
dfa83e924c
add changelog
2005-07-07 17:13:17 +00:00
Chris PeBenito
e5f8060316
implement direct_sysadm_daemon
2005-07-07 15:25:28 +00:00
Chris PeBenito
1aa526281b
missing rules uncovered by sediff
2005-07-07 15:20:24 +00:00
Chris PeBenito
c98340cfeb
support for targeted policy
2005-07-06 20:28:29 +00:00
Chris PeBenito
83ce670b3d
put back to strict. will have separate strict and targeted appconfig
2005-07-06 19:42:27 +00:00
Chris PeBenito
14b25bc455
validate file contexts
2005-07-06 18:34:27 +00:00
Chris PeBenito
ed1a92b88c
ksu moves to su
2005-07-06 17:41:58 +00:00
Chris PeBenito
bb32544d61
add missing ssh file contexts
2005-07-06 15:59:54 +00:00
Chris PeBenito
a3fdcebc6a
quiet the awk if modules.conf doesnt exist
2005-07-06 15:24:45 +00:00
Karl MacMillan
ebb884dec2
- Removed OUTPUT_VERSION as default.
...
- Added default name as refpolicy to avoid clobbering string installs
2005-07-06 15:23:28 +00:00
Chris PeBenito
e17cb83c3d
update appconfig for unconfined login
2005-07-06 13:12:20 +00:00
Chris PeBenito
9726b31857
add unconfined
2005-07-05 20:59:51 +00:00
Chris PeBenito
e8f0055b6d
fix quoting problem
2005-07-05 20:54:12 +00:00
Chris PeBenito
e8b3e30abe
fix for new new modules.conf behavior
2005-07-05 19:42:11 +00:00
Chris PeBenito
f0cc1acd4a
update for required tag
2005-07-05 19:35:07 +00:00
Chris PeBenito
2745476e4a
add required tags
2005-07-05 17:47:15 +00:00
Chris PeBenito
d78fdee465
add tag for required modules
2005-07-05 16:03:47 +00:00
Chris PeBenito
a7a9799d79
convert can_kerberos()
2005-07-01 13:31:34 +00:00
Chris PeBenito
65c8613766
ul has to be in a p
2005-07-01 13:10:57 +00:00
Chris PeBenito
5e1ed4903e
initial commit
2005-06-30 21:11:54 +00:00
Chris PeBenito
fd89e19f12
more work on current modules
2005-06-30 18:54:08 +00:00
Chris PeBenito
ebdc3b7902
clean up more todos
2005-06-29 20:53:53 +00:00
Chris PeBenito
e8d8faa820
dont show interface/template hotlinks if the module doesnt have one of them.
2005-06-29 16:55:13 +00:00
Chris PeBenito
d233bfce3f
make layer summary required
2005-06-29 16:54:13 +00:00
Chris PeBenito
00172fb7c4
change messages for missing docs
2005-06-29 14:48:28 +00:00
Chris PeBenito
06c9680d78
make interfaces or templates section not shown if empty
2005-06-29 14:48:13 +00:00
Chris PeBenito
8fd3673225
another round of renaming, for consistency
2005-06-29 14:26:41 +00:00
Chris PeBenito
743b65115c
link fix
2005-06-29 13:05:16 +00:00
Chris PeBenito
96ce00afcc
add logrotate, more low-hanging fruit
2005-06-28 20:54:49 +00:00
Chris PeBenito
effd58c647
add templates
2005-06-28 20:41:50 +00:00
Chris PeBenito
ceebe3b4b0
change desc to summary
2005-06-28 19:51:46 +00:00
Chris PeBenito
896badc4d2
add comments and error handling
2005-06-28 19:50:38 +00:00
Chris PeBenito
2d56fdc240
preserve tunable values if tunables.conf exists
2005-06-28 18:01:47 +00:00
Chris PeBenito
cbca03f513
add lost_found_t manage, rename fs_type attribute to filesystem_type and rename fs_make_fs to fs_type
2005-06-28 17:48:59 +00:00
Chris PeBenito
783b38347e
more low hanging fruit cleanup
2005-06-28 17:32:57 +00:00
Chris PeBenito
cedae2e49e
better handling of whitespace
2005-06-28 17:31:50 +00:00
Chris PeBenito
19db6ba5a9
change modules.conf behavior to be in line with behavior which will be used in the future for base module
2005-06-28 17:31:18 +00:00
Chris PeBenito
a4c639ddd5
change modules.conf handling
2005-06-28 15:19:40 +00:00
Chris PeBenito
58c3da55f3
add fstools, and more cleanup
2005-06-27 20:59:28 +00:00
Chris PeBenito
80436b9b8f
changes to make inetd work
2005-06-27 18:37:33 +00:00
Chris PeBenito
24bf11c62a
initial commit
2005-06-27 18:36:56 +00:00
Chris PeBenito
ab940a4cc1
autofs_t and ypbind cleanup
2005-06-27 16:30:55 +00:00
Chris PeBenito
e88003ffe3
xml updates and nis stuff
2005-06-24 20:37:09 +00:00
Chris PeBenito
f8838e6ac1
better dummy xml entries
2005-06-24 20:36:49 +00:00
Chris PeBenito
73fbc771d1
initial commit
2005-06-24 19:49:46 +00:00
Chris PeBenito
62a7b02c5b
add/update comments
2005-06-24 13:36:57 +00:00
Chris PeBenito
e81f0220b6
add template support, and add dummy parameters for interfaces that have no comments, so it is valid against the dtd
2005-06-24 13:36:22 +00:00
Chris PeBenito
414e415198
update for new documentation method
2005-06-23 21:30:57 +00:00
Chris PeBenito
aad5b98eba
more updates
2005-06-23 20:35:48 +00:00
Chris PeBenito
c3a0754c23
a couple output fixes
2005-06-23 20:27:25 +00:00
Chris PeBenito
9916c694b4
update to new commenting style
2005-06-23 20:27:06 +00:00
Chris PeBenito
45239964e5
move ssh tunables into global_tunables
2005-06-23 19:57:15 +00:00
Chris PeBenito
95db422832
initial commit of segenxml. add support in Makefile
2005-06-23 19:55:23 +00:00
Chris PeBenito
19ea99d495
fix
2005-06-23 16:06:39 +00:00
Chris PeBenito
7c2b84e7a1
fix for shortened tags
2005-06-23 16:06:25 +00:00
Chris PeBenito
261e0e66ee
shorten some xml tags
2005-06-23 16:00:05 +00:00
Chris PeBenito
d3b892e4fd
convert a couple network macros
2005-06-23 15:44:18 +00:00
Chris PeBenito
007ca5600c
more setcurrent stuff
2005-06-23 15:37:39 +00:00
Chris PeBenito
2a3478cf15
fixes pointed out by steve, plus fixes revealed by the added assertions
2005-06-23 14:19:56 +00:00
Chris PeBenito
9ccd96dfc6
more work on ssh, plus import ssh-agent
2005-06-22 21:14:48 +00:00
Chris PeBenito
199895e201
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
Chris PeBenito
cbc9d6951a
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
Chris PeBenito
0404a3903a
initial commit of ssh.
2005-06-21 21:07:46 +00:00
Chris PeBenito
21871a5cf6
work on newrole policy
2005-06-21 17:01:45 +00:00
Chris PeBenito
7fb9c1c72b
change doctool to bring in line with the xml tag change (layers encapsulate
...
modules)
2005-06-20 20:31:58 +00:00
Chris PeBenito
e04b8e7832
initial commit
2005-06-20 18:43:14 +00:00
Chris PeBenito
57869a681e
XML: encapsulate modules in layers, rather then layer being an attribute of
...
module tag
2005-06-20 18:40:44 +00:00
Chris PeBenito
7a2f20a315
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
Chris PeBenito
2ba9a794db
interface review, and remove net_raw from raw node sends. only give
...
capability for raw send on an interface
2005-06-17 19:17:57 +00:00
Chris PeBenito
bc1fbab472
interface review, and remove net_raw from raw node sends. only give
...
capability for raw send on an interface
2005-06-17 18:59:34 +00:00
Chris PeBenito
c9b7f1a28e
add rw_term_perms
2005-06-17 18:56:23 +00:00
Chris PeBenito
5e6f9e5aac
services interfaces review
2005-06-17 18:41:07 +00:00
Chris PeBenito
7f2e39b8e6
review of admin interfaces
2005-06-17 18:27:08 +00:00
Chris PeBenito
139520a233
review of system interfaces
2005-06-17 17:59:26 +00:00
Chris PeBenito
a7c3a1b920
eliminate _depend macros
2005-06-16 21:06:29 +00:00
Chris PeBenito
0e721690dc
misc cleanup
2005-06-16 20:54:18 +00:00
Chris PeBenito
562cc2bd6c
reorder gpg tunable for alpha sorting
2005-06-16 20:34:57 +00:00
Chris PeBenito
d35c621eb0
add a couple more nfs and cifs interfaces, to cover most of the
...
use_(nfs|cifs)_home_dirs tunable
2005-06-16 20:33:51 +00:00
Chris PeBenito
77c124c8cd
eliminate _depend macros
2005-06-16 20:30:59 +00:00
Chris PeBenito
8c2f3ac695
have can_exec add a require block
2005-06-16 20:30:07 +00:00
Chris PeBenito
4ce9bdf0aa
fix
2005-06-15 21:08:58 +00:00
Chris PeBenito
815ff39128
initialize description to None so missing descriptions dont show wrong data
2005-06-15 20:53:19 +00:00
Chris PeBenito
102a59ba77
add comments for clean and bare
2005-06-15 15:45:54 +00:00
Chris PeBenito
337e4afa22
for use until we have a full README
2005-06-15 15:34:44 +00:00
Chris PeBenito
c592e52e38
add install-src target
2005-06-15 14:14:20 +00:00
Chris PeBenito
f08f5a030e
initial commit
2005-06-15 14:10:38 +00:00
Chris PeBenito
c7b41e9536
add CFLAGS, and drop -C from install since it doesn't exist in all distros,
...
and its function is useless
2005-06-15 14:08:18 +00:00
Chris PeBenito
8eaa723d28
put user line in col 1, since genhomedircon breaks otherwise
2005-06-15 14:07:20 +00:00
Chris PeBenito
828e03f635
initial commit
2005-06-15 13:53:48 +00:00
Chris PeBenito
5e0da6a03e
finish renaming system/selinux to system/selinuxutil
2005-06-14 20:48:34 +00:00
Chris PeBenito
ff7bc148e4
move security_t to selinux module
2005-06-14 20:40:09 +00:00
Chris PeBenito
be4a8011d4
move selinux to selinuxutil
2005-06-14 20:12:46 +00:00
Chris PeBenito
8bd6789954
move constraints interfaces to domain module. move sysfs and usbfs to
...
devices module
2005-06-14 19:56:46 +00:00
Chris PeBenito
8ae194f629
when a generated file is already generated, it shows up in the generated_*
...
variable, and also the make wildcard, so use sort, since it removes
duplicates.
2005-06-14 18:39:55 +00:00
Chris PeBenito
810f2b7155
fix typo
2005-06-14 18:15:01 +00:00
Chris PeBenito
1beba1c654
fix up appconfig, and generate $(installdir)/booleans
2005-06-14 18:13:55 +00:00
Chris PeBenito
b57dd19400
stray renames in distro_redhat
2005-06-14 17:36:21 +00:00
Chris PeBenito
d2d6c8ce17
fix makefile to only rebuild modules.conf and tunables.conf explicitly
2005-06-14 15:54:55 +00:00
Chris PeBenito
e75f78666c
initial commit
2005-06-14 14:43:15 +00:00
Chris PeBenito
3eed10909e
convert relevant conditionals into tunable_policy
2005-06-14 14:43:04 +00:00
Chris PeBenito
92e928e1bd
start making genhomedircon work
2005-06-13 21:16:05 +00:00
Chris PeBenito
c24ac9c51c
rename requires_block_template to gen_require
2005-06-13 20:51:09 +00:00
Chris PeBenito
fa7bea8feb
rename requires_block_tempalte to gen_require
2005-06-13 20:47:04 +00:00
Chris PeBenito
34c8fabeeb
tunables work
2005-06-13 20:44:23 +00:00
Chris PeBenito
31908be07f
a few missed renames, and start fixing up tunables
2005-06-13 20:27:32 +00:00
Chris PeBenito
94670f292b
fix
2005-06-13 20:10:01 +00:00
Chris PeBenito
eec67390d7
make summary and description optional in interfaces until we can clean it up
2005-06-13 20:03:08 +00:00