Commit Graph

509 Commits

Author SHA1 Message Date
Chris PeBenito
91d6c92160 trunk: a pair of tweaks from gentoo systems. 2008-03-14 14:55:34 +00:00
Chris PeBenito
47333d8246 trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too. 2008-03-10 19:29:47 +00:00
Chris PeBenito
e065ac8ab5 trunk: Apt updates for ptys and logs, from Martin Orr. 2008-03-04 19:48:58 +00:00
Chris PeBenito
01e8ff4ab3 trunk: rpc update from Vaclav Ovsik. 2008-03-04 19:14:08 +00:00
Chris PeBenito
737fcf232c trunk: dontaudit init fds in loadkeys. 2008-03-04 18:48:30 +00:00
Chris PeBenito
d57a094347 trunk: Exim updates on Debian from Devin Carrawy. 2008-03-04 18:25:13 +00:00
Chris PeBenito
834401ff97 trunk: dovecot fix from Stefan Schulze Frielinghaus. 2008-02-25 19:31:03 +00:00
Chris PeBenito
90c3c561ef trunk: fc fix and if addtion from Stefan Schulze Frielinghaus. 2008-02-25 14:20:56 +00:00
Chris PeBenito
9fa023ff58 trunk: Pam and samba updates from Stefan Schulze Frielinghaus. 2008-02-19 19:33:48 +00:00
Chris PeBenito
45b56b01e8 trunk: Backup update on Debian from Vaclav Ovsik. 2008-02-19 14:26:59 +00:00
Chris PeBenito
51223bfc56 trunk: Cracklib update on Deban from Vaclav Ovsik. 2008-02-19 14:06:11 +00:00
Chris PeBenito
ee6608baeb trunk: 8 patches from dan. 2008-02-18 18:44:40 +00:00
Chris PeBenito
f508567646 trunk: 4 patches from dan. 2008-02-18 14:55:25 +00:00
Chris PeBenito
037fc0f4e6 trunk: label /proc/kallsyms with system_map_t. 2008-02-15 19:59:10 +00:00
Chris PeBenito
4f017813ab trunk: fix pppd admin interface. 2008-02-14 16:03:24 +00:00
Chris PeBenito
6e7a1fc871 trunk: fix userdom_role_change_template() xml. 2008-02-13 20:26:18 +00:00
Chris PeBenito
7a5e2d8a37 trunk: 12 patches from dan. 2008-02-07 16:37:47 +00:00
Chris PeBenito
12cf805e1c trunk: add basic ubuntu support 2008-02-05 18:24:43 +00:00
Chris PeBenito
ce8a5299a8 trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00
Chris PeBenito
320ea98330 trunk: add 3rd party corenet interfaces for (secmark) packets. 2008-01-17 15:28:24 +00:00
Chris PeBenito
c8d4c38258 trunk: fix missing lo netif alias for standard and mcs configs. 2008-01-10 16:39:36 +00:00
Chris PeBenito
936f286c16 trunk: add mls constraints to dbus. 2008-01-03 20:37:25 +00:00
Chris PeBenito
9323a50bcc trunk: add run_init domtrans to chk passwd. 2008-01-03 19:46:40 +00:00
Chris PeBenito
7cbfeb97cf trunk: uncomment set loginuid for functional login programs under strict. 2008-01-03 18:30:45 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
1abafe3707 trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. 2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581 trunk: several fc updates from dan. 2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae trunk: add openoffice locations in gentoo. 2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e trunk: Improve several tunables descriptions from Dan Walsh. 2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito
74d920c3b5 trunk: add setrlimit to debian cron. 2007-12-06 14:35:44 +00:00
Chris PeBenito
5f63dd12a3 trunk: fix xconsole rw interface. 2007-12-04 15:11:53 +00:00
Chris PeBenito
c0cf6e0a6e trunk: clean up nsswitch usage, from dan. 2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215 trunk: add /dev symlink relabel since its not short circuited. 2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29 trunk: version bump for newrole fixes. 2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5 trunk: test fix 2 for newrole. 2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e trunk: test fix for newrole. 2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5 trunk: handle early boot on debian, for /dev labeling. 2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik. 2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5 trunk: version bumps for previous commit. 2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb trunk: More complete labeled networking infrastructure from KaiGai Kohei. 2007-11-26 16:44:57 +00:00
Chris PeBenito
8d1f9d9e14 trunk: add missing tcp_socket rules for xfs. 2007-11-19 20:36:33 +00:00
Chris PeBenito
6ab634a512 trunk: fix dup specification for /var/spool/cups/* 2007-11-16 20:03:18 +00:00
Chris PeBenito
ccf6611bdd trunk: add unconfined_run_to(). 2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1 trunk: switch newrole and run_init over to use nsswitch. 2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config(). 2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d trunk: reorganize selinuxutil. 2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c trunk: 9 patches from dan. 2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762 trunk: 8 patches from dan. 2007-11-15 16:54:18 +00:00
Chris PeBenito
2999cea1f2 trunk: remove duplicate specifiction for /usr/lib/devices on debian. 2007-11-14 20:12:44 +00:00
Chris PeBenito
9820351703 trunk: add in polmatch for default spd. 2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6 trunk: add labeled networking support to unconfined. 2007-11-14 14:38:45 +00:00
Chris PeBenito
a56055e362 trunk: rearrange the bottom of domain.if and fix domain_ipsec_labels(). 2007-11-14 13:40:25 +00:00
Chris PeBenito
847937da7d trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh. 2007-11-13 19:31:43 +00:00
Chris PeBenito
3b498a9105 trunk: add gentoo hal fc entry. 2007-11-12 14:17:39 +00:00
Chris PeBenito
4605adcba7 trunk: add postfixpolicyd from Jan-Frode Myklebust. 2007-11-07 20:17:44 +00:00
Chris PeBenito
eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e trunk: fix init_ranged_system_domain range_transition object class, from james carter. 2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito
495df41602 trunk: 11 patches from dan. 2007-10-29 18:35:32 +00:00
Chris PeBenito
bd973e3e68 trunk: remove unused types from dbus. 2007-10-26 18:04:38 +00:00
Chris PeBenito
8e2fb69f88 trunk: filesystem patch from dan. 2007-10-24 18:37:26 +00:00
Chris PeBenito
6bf8bf4f5c trunk: add exim from dan. 2007-10-24 15:07:40 +00:00
Chris PeBenito
3c99e5989a trunk: add /var/lib search for system bus template. 2007-10-22 15:53:31 +00:00
Chris PeBenito
2f27163c1b trunk: 3 patches from dan. 2007-10-18 19:31:14 +00:00
Chris PeBenito
a334d2918f trunk: add infrastructure for managing user web content. 2007-10-18 19:23:33 +00:00
Chris PeBenito
36627094e8 trunk: fix unconditional call to nscd from usermanage run interfaces. 2007-10-15 18:16:00 +00:00
Chris PeBenito
a27d1c6e84 trunk: gdm is in /usr/sbin on rawhide machines, from Eamon Walsh. 2007-10-15 17:50:07 +00:00
Chris PeBenito
f48782758e trunk: reorganize amanda and bind 2007-10-12 17:50:11 +00:00
Chris PeBenito
bc01b352f6 trunk: 2 patches from dan. 2007-10-12 17:35:56 +00:00
Chris PeBenito
cdf98fedc0 trunk: 10 patches from dan. 2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
81d4c88f8c trunk: remove stale user_net_control reference in usernetctl.if. 2007-10-08 13:38:25 +00:00
Chris PeBenito
6c53a10e28 trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. 2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito
aef93a760f trunk: one-liner from Shintaro Fujiwara 2007-09-26 14:28:20 +00:00
Chris PeBenito
4ddc7ba539 trunk: xml doc one-liner from Stefan Schulze Frielinghaus. 2007-09-24 13:01:17 +00:00
Chris PeBenito
ff4085dacc trunk: one-liner from Shintaro Fujiwara. 2007-09-18 19:49:35 +00:00
Chris PeBenito
6f49b490b8 trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara. 2007-09-17 18:04:35 +00:00
Chris PeBenito
0cf6df55e5 trunk: add awstats from Stefan Schulze Frielinghaus. 2007-09-17 17:25:40 +00:00
Chris PeBenito
8242f5a68d trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain(). 2007-09-17 14:33:40 +00:00
Chris PeBenito
14add30d03 trunk: 3 patches from dan. 2007-09-12 14:53:39 +00:00
Chris PeBenito
134a799c75 trunk: 3 patches from dan. 2007-09-11 19:24:32 +00:00
Chris PeBenito
8a9d6f6449 trunk: 6 patches from dan. 2007-09-07 13:41:20 +00:00
Chris PeBenito
abc89340c4 trunk: two tiny patches from Stefan Schulze Frielinghaus 2007-09-06 19:29:54 +00:00
Chris PeBenito
72f82c47c2 trunk: six patches from dan. 2007-09-06 18:34:40 +00:00
Chris PeBenito
8241b538af trunk: udev update and brctl module from dan. 2007-09-05 17:55:57 +00:00
Chris PeBenito
016e5c5cdc trunk: 4 patches from dan. 2007-09-05 14:48:21 +00:00
Chris PeBenito
0a0b8078ca trunk: 5 patches from dan. 2007-09-04 18:57:58 +00:00
Chris PeBenito
ce2c80f3c6 trunk: make coda nfs_t, ticket #39. 2007-09-04 13:38:39 +00:00
Chris PeBenito
4922765ec6 trunk: fix certwatch_run() interface, which had a typo in the name. 2007-08-30 15:01:48 +00:00
Chris PeBenito
6dd721a686 trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate. 2007-08-27 17:57:36 +00:00
Chris PeBenito
a2f444884b trunk: patch to allow sendmail to read ssl/tls certificates from Stefan Schulze Frielinghaus. 2007-08-27 17:00:18 +00:00
Chris PeBenito
752ddf588f trunk: add missing commas in can_exec in daemontools that worked by luck. 2007-08-24 15:55:06 +00:00
Chris PeBenito
d62c0881e2 Update MLS constraints from LSPP evaluated policy. 2007-08-24 14:14:29 +00:00
Chris PeBenito
2af7b42a06 trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels. 2007-08-22 20:21:52 +00:00
Chris PeBenito
8d2c34195e trunk: updates from dan on 9 modules 2007-08-22 20:02:41 +00:00
Chris PeBenito
80d5e02c81 trunk: Files and radvd updates from Stefan Schulze Frielinghaus. 2007-08-21 19:03:34 +00:00
Chris PeBenito
1779bef032 trunk: fix gdm xsession scripts on redhat machines. 2007-08-20 18:54:29 +00:00
Chris PeBenito
f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf trunk: several MLS enhancements. 2007-08-20 15:15:03 +00:00
Chris PeBenito
9760cbec2d trunk: Database userspace object manager classes from KaiGai Kohei. 2007-08-09 13:15:07 +00:00
Chris PeBenito
3d6e962dfa trunk: filesystem patch from dan 2007-08-08 20:04:28 +00:00
Chris PeBenito
939a4287b3 trunk: 3 patches from dan 2007-08-07 17:06:32 +00:00
Chris PeBenito
371d11ec04 trunk: add 3rd party interface for apache cgi. 2007-07-26 19:48:40 +00:00
Chris PeBenito
708aab1393 trunk: fix targeted sshd. When the domain was unaliased from unconfined_t, a transition to unconfined_t was not added. 2007-07-20 18:25:26 +00:00
Chris PeBenito
d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito
6929521e0a trunk: fix missed netlabel deprecation 2007-07-19 15:11:19 +00:00
Chris PeBenito
f80a0e4f25 trunk: Add debian apcupsd binary location, from Stefan Schulze Frielinghaus. 2007-07-02 15:25:46 +00:00
Chris PeBenito
116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito
113b4fc4a2 Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module. 2007-06-28 17:25:46 +00:00
Chris PeBenito
e5e55ace89 trunk, strict-targeted-merge: add mmap_zero to xserver domains. 2007-06-28 12:34:08 +00:00
Chris PeBenito
f5842c1fa5 trunk: minor amanda update from dan 2007-06-27 19:19:20 +00:00
Chris PeBenito
7b61fe506d trunk: add rpcbind from dan 2007-06-27 16:31:55 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
2c3ac47d45 trunk: pyzor and clamav updates from dan 2007-06-26 18:43:11 +00:00
Chris PeBenito
22bff65f4d trunk: fix typo in vmware.fc 2007-06-26 14:31:31 +00:00
Chris PeBenito
02f2c3e979 trunk: nagios update from dan 2007-06-21 17:23:19 +00:00
Chris PeBenito
a90a256f64 trunk: procmail tweak from dan. 2007-06-21 14:54:34 +00:00
Chris PeBenito
7f089782ae trunk: xen updates from dan 2007-06-21 13:36:05 +00:00
Chris PeBenito
92d1ade254 trunk: trivial gentoo tweaks 2007-06-20 20:08:26 +00:00
Chris PeBenito
5bf9deb5bb trunk: 3 patches from dan 2007-06-20 19:47:10 +00:00
Chris PeBenito
99b5a56cb6 trunk: radius one-liner from dan 2007-06-20 15:03:55 +00:00
Chris PeBenito
40df56772f trunk: big samba update from dan 2007-06-19 19:11:35 +00:00
Chris PeBenito
788d88c923 trunk: drop snmpd_etc_t. 2007-06-19 17:39:35 +00:00
Chris PeBenito
6c8aba7b31 trunk: confine sendmail and logrotate on targeted 2007-06-19 17:01:39 +00:00
Chris PeBenito
cb10a2d5bf trunk: Tunable connection to postgresql for users from KaiGai Kohei. 2007-06-19 14:30:06 +00:00
Chris PeBenito
41337aa8b9 Memprotect support patch from Stephen Smalley. 2007-06-19 13:02:26 +00:00
Chris PeBenito
d139413c64 trunk: 2 patches from dan 2007-06-13 13:54:56 +00:00
Chris PeBenito
a74d1ad7cd trunk: add amtu from dan 2007-06-12 18:58:36 +00:00
Chris PeBenito
d5b81a81ff trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). 2007-06-12 18:46:14 +00:00
Chris PeBenito
262def165a trunk: version bumps for previous commit. 2007-06-12 13:08:19 +00:00
Chris PeBenito
f7101c5430 trunk: 7 simple patches from dan. 2007-06-12 13:06:13 +00:00
Chris PeBenito
6649aec9d0 trunk: 3 patches from dan 2007-06-11 15:43:37 +00:00
Chris PeBenito
d534d35a7e trunk: 5 patches from dan 2007-06-11 15:01:10 +00:00
Chris PeBenito
f6a590d7b4 six simple patches from dan 2007-06-11 14:09:09 +00:00
Chris PeBenito
7782966db1 add fc entry for make_reiser4 2007-06-08 20:01:34 +00:00
Chris PeBenito
17b9cb7dda trunk: fix line in evolution to be strict-only; was being covered up by genhomedircon. 2007-05-22 17:01:38 +00:00
Chris PeBenito
a39a931362 trunk: snmp tweak from dan 2007-05-15 18:06:31 +00:00
Chris PeBenito
c412be6bef trunk: remaining pieces for apcupsd module 2007-05-15 15:43:00 +00:00
Chris PeBenito
38d0cf1b8a trunk: long overdue cleanup from when range_transitions were only in the base module 2007-05-14 15:35:47 +00:00
Chris PeBenito
762d2cb989 merge restorecon into setfiles 2007-05-11 17:10:43 +00:00
Chris PeBenito
12217cc286 Patch to begin separating out hald helper programs from Dan Walsh. 2007-05-07 17:57:48 +00:00
Chris PeBenito
78f17e6d6c add apcupsd from dan 2007-05-07 14:55:54 +00:00
Chris PeBenito
b129e2001c Fixes for squid, dovecot, and snmp from Dan Walsh. 2007-05-07 13:45:17 +00:00
Chris PeBenito
4967aaa320 Miscellaneous consolekit fixes from Dan Walsh. 2007-05-03 14:15:38 +00:00
Chris PeBenito
0ef5d66468 textrel lib update from dan 2007-05-03 13:43:44 +00:00
Chris PeBenito
ed4b7301fb Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh. 2007-05-03 12:45:28 +00:00
Chris PeBenito
517618f0b4 Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh. 2007-05-02 17:55:03 +00:00
Chris PeBenito
882186c933 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
Chris PeBenito
6a2975706a add rwho from Nalin Dahyabhai 2007-04-30 17:39:01 +00:00
Chris PeBenito
747ab18400 Patch to allow amavis to read spamassassin libraries from Dan Walsh. 2007-04-30 15:19:47 +00:00
Chris PeBenito
ae32fb7e7b trivial aide fix from dan 2007-04-30 15:09:15 +00:00
Chris PeBenito
f9029fc5b6 Patch to allow slocate to getattr other filesystems and directories on those filesystems from Dan Walsh. 2007-04-30 15:01:19 +00:00
Chris PeBenito
27c570f755 trivial fix for netutils from dan 2007-04-30 14:44:04 +00:00
Chris PeBenito
7487a66705 trivial fix from dan for bluetooth 2007-04-30 14:33:12 +00:00
Chris PeBenito
b4beb0a0fb missed piece of clip patch 2007-04-30 14:32:31 +00:00
Chris PeBenito
d28e528b0d Fixes for RHEL4 from the CLIP project. 2007-04-27 15:08:15 +00:00
Chris PeBenito
cd16fe6e2c Replace the old lrrd fc entries with correct munin ones. 2007-04-23 17:36:35 +00:00
Chris PeBenito
b4dfdc7d30 Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties. 2007-04-19 14:30:57 +00:00
Chris PeBenito
7a4bd42ea3 Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface. 2007-04-19 14:24:02 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
4029f11670 last piece of previous consolekit patch 2007-04-11 20:02:59 +00:00
Chris PeBenito
97e8156ecb add zabbix from dan 2007-04-11 18:55:44 +00:00
Chris PeBenito
697489040e 5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes 2007-04-11 17:56:03 +00:00
Chris PeBenito
99064c9fbd more consolekit updates from dan 2007-04-11 14:04:35 +00:00
Chris PeBenito
82e284bb89 last piece of dan's previous patch 2007-04-11 13:31:10 +00:00
Chris PeBenito
19b2dee3cc confine ldconfig in targeted, from dan 2007-04-10 19:39:22 +00:00
Chris PeBenito
ebc1e8be97 from dan:
kadmind trys to setattr on krb5kdc file.  Just a library checking access.
2007-04-10 17:20:07 +00:00
Chris PeBenito
9af48eef6e six patches from dan 2007-04-10 13:10:58 +00:00
Chris PeBenito
98faba122c gentoo /lib can be a symlink on x86-64 systems 2007-04-02 13:33:18 +00:00
Chris PeBenito
39d8dcdb4f fix http_script_domains, it was incorrectly applied to the content type rather than the script domain. bug #24. 2007-04-02 13:20:55 +00:00
Chris PeBenito
a26923c32e Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file. 2007-03-28 18:47:45 +00:00
Chris PeBenito
9e8f65c83e six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed 2007-03-26 20:47:29 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89 remove disable_trans booleans 2007-03-23 21:01:49 +00:00
Chris PeBenito
5f5b7a1ec6 network fix from dan 2007-03-22 14:33:00 +00:00
Chris PeBenito
cc9130b90a one-liner from dan 2007-03-22 14:01:55 +00:00
Chris PeBenito
19fd9301e6 patch from dan to have ricci modstorage transition to lvm 2007-03-21 20:02:50 +00:00
Chris PeBenito
cd3ee91a4b add fail2ban from dan 2007-03-21 15:51:52 +00:00
Chris PeBenito
efcf9df253 kudzu will telinit to make init re-read the inittab after configuring serial consoles 2007-03-20 19:00:35 +00:00
Chris PeBenito
a5f5eba459 Add dontaudits for init fds and console to init_daemon_domain(). 2007-03-20 18:47:18 +00:00
Chris PeBenito
4832f0e066 create user gpg keys dir patch from dan 2007-03-19 19:10:43 +00:00
Chris PeBenito
93784927ca add kvmfs support, from dan 2007-03-19 18:48:14 +00:00
Chris PeBenito
7200146ea8 trivial patch for radius from dan 2007-03-19 18:42:57 +00:00
Chris PeBenito
86b28c9594 trivial patch from dan for sysstat access to sysfs 2007-03-19 18:38:54 +00:00
Chris PeBenito
e66689f7be other part of consolekit addition 2007-03-19 18:36:36 +00:00
Chris PeBenito
c224d91c7b from Dan:
This is a new policy for the User Switching capability coming in gnome.

consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
6c20f77e80 patch from Dan for sudo:
sudo should be able to getattr on all executables not just 
bin_t/sbin_t.  Confined executeables run from sudo need this.

sudo_exec_t needs to be marked as exec_type so prelink will work correctly.

sudo semanage should work
2007-03-19 16:32:44 +00:00
Chris PeBenito
0cca516db7 fix for rh bug 203290 2007-03-08 19:01:21 +00:00
Chris PeBenito
b5a6c86f46 last bit of dans patch 2007-03-08 17:53:52 +00:00
Chris PeBenito
cdc91b9aeb Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh. 2007-03-08 15:14:45 +00:00
Chris PeBenito
59bedc1886 procmail uses /tmp files
Wants to send signull to itself
Can exec ls
Read spamassinn_lib_dirs
New directory for spamassin /var/lib/
pyzor uses tmp files
2007-03-07 21:33:22 +00:00
Chris PeBenito
7aefc69117 trivial change from dan 2007-03-06 17:44:26 +00:00
Chris PeBenito
7aca2aa827 setroubleshoot has a plugin that checks the file context on disk versus a matchpathcon. So needs additional privs 2007-03-06 17:16:08 +00:00
Chris PeBenito
c23eb5b1c4 Patch for gssd fixes from Dan Walsh 2007-03-06 16:18:59 +00:00
Chris PeBenito
c5561c777d patches for lvm and ricci fixes from Dan Walsh. 2007-03-06 15:35:02 +00:00
Chris PeBenito
f2c69c47b3 lmtp and smtp are the same file require same context of setfiles complains
postfix_pickup_t wants to read postfix_spool_maildrop_t dir
2007-03-01 20:41:19 +00:00
Chris PeBenito
ecc98e19e3 patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh. 2007-03-01 15:43:39 +00:00
Chris PeBenito
4900fdf7d1 Patch for kerberized telnet fixes from Dan Walsh. 2007-02-28 17:17:52 +00:00
Chris PeBenito
09c56f5496 Patch for kerberized ftp and other ftp fixes from Dan Walsh. 2007-02-28 17:01:47 +00:00
Chris PeBenito
2aea366ffc Patch for an additional wine executable from Dan Walsh. 2007-02-28 16:23:06 +00:00
Chris PeBenito
bf39cdb807 Patch for additional games file contexts from Dan Walsh. 2007-02-28 15:30:38 +00:00
Chris PeBenito
86d754eed6 Add support for libselinux 2.0.5 init_selinuxmnt() changes. 2007-02-27 17:02:35 +00:00
Chris PeBenito
ca448bd66c add init_exec() to init_telinit(). 2007-02-26 20:19:53 +00:00
Chris PeBenito
f0eaed31be Patch for misc fixes to bluetooth from Dan Walsh. 2007-02-26 17:23:52 +00:00
Chris PeBenito
5b06477c8e On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote:
> Eliminate excess avc messages created when using kerberos libraries
> 
> krb5kdc wans to setsched
> 
> Also uses a fifo_file to communicate.
> 
> Needs to search_network_sysctl
2007-02-26 17:04:56 +00:00
Chris PeBenito
bbb7cc8927 Patch to start deprecating usercanread attribute from Ryan Bradetich. 2007-02-26 16:13:23 +00:00
Chris PeBenito
3a39015792 On Tue, 2007-02-20 at 12:30 -0500, Daniel J Walsh wrote:
> prelink creates temporarly files that it then needs to relabel.
2007-02-23 21:20:46 +00:00
Chris PeBenito
5c45eaede1 On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
> audit needs fsetid
> 
> syslog needs to be able to create a tcp_socket for off machine logging.
2007-02-23 20:19:29 +00:00
Chris PeBenito
66cf194680 Patch to remove redundant mls_trusted_object() call from Dan Walsh. 2007-02-23 20:05:12 +00:00
Chris PeBenito
4685213857 Patch for misc fixes to nis ypxfr policy from Dan Walsh. 2007-02-23 19:52:52 +00:00
Chris PeBenito
aeb54c6dd0 Patch to allow apmd to telinit from Dan Walsh. 2007-02-23 19:41:41 +00:00
Chris PeBenito
d114071e7a While using samba and SELinux with Debian GNU/Linux (etch) the
following files need to be labeled correctly:
/var/run/samba/gencache.tdb
/var/run/samba/share_info.tdb

Should also concern other distributions than Debian.

-Stefan
2007-02-23 19:30:17 +00:00
Chris PeBenito
bcac3a5e3d Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich. 2007-02-23 19:08:45 +00:00
Chris PeBenito
f1be09c2b1 make ttys and ptys device nodes 2007-02-20 20:17:07 +00:00
Chris PeBenito
6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito
10e12095d6 Fix explicit use of httpd_t in openca_domtrans(), bug #22. 2007-02-07 22:10:45 +00:00
Chris PeBenito
ff943a1b9b Clean up file context regexes in apache and java, from Eamon Walsh:
Some file_contexts regular expressions in refpolicy-strict are causing 
genhomedircon to die; refpolicy is failing to build for me entirely.

The regular expressions seem redundant to me, perhaps I am missing 
something, but the following patch fixes the problems for me.  Please 
review and apply
2007-01-24 17:10:31 +00:00
Chris PeBenito
42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863 patch from dan for some missing gen_require()s 2006-11-29 13:44:40 +00:00
Chris PeBenito
bff907113d fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out. 2006-11-28 15:57:22 +00:00
Chris PeBenito
c31f6724c0 fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out. 2006-11-28 15:47:47 +00:00
Chris PeBenito
fa45da0efd add aide, ccs, and ricci 2006-11-16 20:56:24 +00:00
Chris PeBenito
c6a60bb28d On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
2006-11-14 13:38:52 +00:00
Chris PeBenito
ed38ca9f3d fixes from gentoo strict testing:
- Allow semanage to read from /root on strict non-MLS for
  local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
  on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito
0f9a2be65d add missing gentoo file contexts for initrc and lvm 2006-11-07 19:38:10 +00:00
Chris PeBenito
f497b8df50 Christopher J. PeBenito wrote:
> We could add another 'or' on the above constraint:
> 
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
> 
> I believe that would be the constraint you were looking for.  I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
> 

Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint.  The name is still a bit
forced, but it works.

-matt <mra at hp dot com>
2006-11-01 15:42:22 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Chris PeBenito
582438054d fix up corecommands perm sets, add seutil_manage_config_dirs() 2006-10-27 13:55:35 +00:00
Chris PeBenito
d5ae683e2b add seutil_rw_config() 2006-10-25 20:48:04 +00:00
Chris PeBenito
a8671ae5b2 enhanced setransd support from darrel goeddel 2006-10-20 14:44:23 +00:00
Chris PeBenito
a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito
b04eccd87b fix duplicate /usr/bin/mplayer fc match for targeted 2006-10-18 17:31:14 +00:00
Chris PeBenito
d4a48c41c2 make inetd optional 2006-10-18 15:49:45 +00:00
Chris PeBenito
130f8a4aa5 merge netlabel stuff from labeled-networking branch 2006-10-17 16:58:17 +00:00
Chris PeBenito
aeaae5185e fix ticket #16 2006-10-16 16:51:57 +00:00
Chris PeBenito
e45324d1ee gentoo integrated run_init rules in wrong build option. 2006-10-15 00:23:06 +00:00
Chris PeBenito
0e5c5442c6 fix term_tty() associations 2006-10-14 23:32:30 +00:00
Chris PeBenito
009b377174 more realplayer entries 2006-10-14 23:31:33 +00:00
Chris PeBenito
14b1684aae gentoo testing fixes. 2006-10-13 21:44:02 +00:00
Chris PeBenito
85f0c35922 make optional the inetd dependency in samba 2006-10-10 13:11:58 +00:00
Chris PeBenito
93ddc66983 change transition from run_init to initrc to spec. 2006-10-09 18:52:19 +00:00
Chris PeBenito
f76d07072a fix some stuff that does not affect policy 2006-10-06 17:31:52 +00:00