Chris PeBenito
c7ae9ae1c8
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-07-28 08:00:03 -04:00
Chris PeBenito
5f6c30f8bd
wm policy from dan
2009-07-27 15:11:22 -04:00
Chris PeBenito
f4962ab15b
add cpufreqselector from dan
2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
9b1907b217
add pulseaudio from dan.
2009-07-21 10:05:38 -04:00
Chris PeBenito
dc0ab0f0c3
changelog for previous commit
2009-07-20 11:16:22 -04:00
Chris PeBenito
50824a99ca
trunk: pads from dan.
2009-06-30 15:03:20 +00:00
Chris PeBenito
267d9c60c5
trunk: varnishd from dan.
2009-06-30 13:49:53 +00:00
Chris PeBenito
c017ee17ab
trunk: add sssd from dan.
2009-06-22 15:33:21 +00:00
Chris PeBenito
c9c0d846de
trunk: Greylist milter from Paul Howarth.
2009-06-18 14:36:35 +00:00
Chris PeBenito
c7dc1c7222
trunk: Allow unix_update to change the security attributes associate with files so
...
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
Chris PeBenito
df28a0c444
trunk: Misc fixes for unix_update from Brandon Whalen.
2009-06-18 13:36:40 +00:00
Chris PeBenito
95ea7d6986
trunk: Add x_device permissions for XI2 functions, from Eamon Walsh.
2009-06-18 13:07:23 +00:00
Chris PeBenito
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe
trunk: add gpsd from miroslav grepl
2009-06-02 14:28:40 +00:00
Chris PeBenito
350ed89156
se-postgresql update from kaigai
...
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
db_database:{getattr}
db_table:{getattr lock}
db_column:{getattr}
db_procedure:{drop getattr setattr}
db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
impossible to refer read-only table with foreign-key constraint.
(FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
It should allow them on sepgsql_trusted_proc_exec_t.
I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
Chris PeBenito
da3ed0667f
trunk: lircd from miroslav grepl
2009-05-06 15:09:46 +00:00
Chris PeBenito
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
Chris PeBenito
0cf1d56018
trunk: Milter state directory patch from Paul Howarth.
2009-04-21 20:40:45 +00:00
Chris PeBenito
a5ef553c2d
trunk: 5 modules from dan.
2009-04-20 19:03:15 +00:00
Chris PeBenito
153fe24bdc
trunk: 5 patches from dan.
2009-04-07 14:09:43 +00:00
Chris PeBenito
42d567c3f4
trunk: 6 patches from dan.
2009-03-31 13:40:59 +00:00
Chris PeBenito
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
Chris PeBenito
81fa19ed73
trunk: remove unused udev_runtime_t type.
2009-02-24 19:31:08 +00:00
Chris PeBenito
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
Chris PeBenito
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09
trunk: btrfs from Paul Moore.
2009-01-30 13:44:14 +00:00
Chris PeBenito
466e22a8ba
trunk: Add db_procedure install permission from KaiGai Kohei.
2009-01-23 19:49:36 +00:00
Chris PeBenito
019dfaf9dc
trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project.
2009-01-15 20:31:06 +00:00
Chris PeBenito
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
Chris PeBenito
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
347a701119
trunk: Add kernel_service access vectors, from Stephen Smalley.
2009-01-05 21:44:33 +00:00
Chris PeBenito
e66a0cad18
trunk: check in version and changelog for release.
2008-12-10 19:49:42 +00:00
Chris PeBenito
3196971ae8
trunk: Fix consistency of audioentropy and iscsi module naming.
2008-12-09 16:47:33 +00:00
Chris PeBenito
b3eb124654
trunk: Debian file context fix for xen from Russell Coker.
2008-11-24 15:34:54 +00:00
Chris PeBenito
b9e5238a24
trunk: add milter module from Paul Howarth.
2008-11-24 15:06:58 +00:00
Chris PeBenito
7f49194215
trunk: Xserver MLS fix from Eamon Walsh.
2008-11-17 13:49:19 +00:00
Chris PeBenito
99282e6be0
trunk: add omapi port for dhcpcd.
2008-11-12 13:11:00 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
6e68e6bb5e
trunk: Move shared library calls from individual modules to the domain module.
2008-10-17 17:36:56 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40
trunk: Remove hierarchy from portage module as it is not a good example of hieararchy.
2008-10-15 19:56:33 +00:00
Chris PeBenito
b19f862271
trunk: Remove enableaudit target from modular build as semodule -DB supplants it.
2008-10-15 14:30:14 +00:00
Chris PeBenito
40db860272
trunk: version bits for the release.
2008-10-14 17:38:03 +00:00
Chris PeBenito
967fd1ba3f
trunk: 8 patches from dan.
2008-10-08 20:03:24 +00:00
Chris PeBenito
73edbc9101
trunk: add oident from dominick grift.
2008-10-06 14:01:59 +00:00
Chris PeBenito
52ceaaac6e
trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr.
2008-09-11 14:02:53 +00:00