Commit Graph

16 Commits

Author SHA1 Message Date
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
06099da657 trunk: 3 patches from dan. 2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035 trunk: missing bits from dan's previous round of patches. 2008-10-09 14:01:53 +00:00
Chris PeBenito
0bfccda4e8 trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
ebc1e8be97 from dan:
kadmind trys to setattr on krb5kdc file.  Just a library checking access.
2007-04-10 17:20:07 +00:00
Chris PeBenito
5b06477c8e On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote:
> Eliminate excess avc messages created when using kerberos libraries
> 
> krb5kdc wans to setsched
> 
> Also uses a fifo_file to communicate.
> 
> Needs to search_network_sysctl
2007-02-26 17:04:56 +00:00
Chris PeBenito
6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito
8708d9bef2 patch from dan Wed, 20 Sep 2006 12:12:49 -0400 2006-09-22 17:14:35 +00:00
Chris PeBenito
bbcd3c97dd add main part of role-o-matic 2006-09-06 22:07:25 +00:00
Chris PeBenito
17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00