Dominick Grift
4cb24aed7b
Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
Chris PeBenito
c46376e665
Improve documentation for userdomain interfaces:
...
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00
Chris PeBenito
88daf126f2
Improve the documentation of domain interfaces:
...
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652
Improve the documentation of ubac_constrained().
2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e
Improve the documentation of devices interfaces:
...
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69
Improve filesystem interfaces:
...
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
42f1b11482
Module version bump for 03dd57f
.
2010-03-01 13:34:10 -05:00
Dominick Grift
03dd57fe7b
Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
Chris PeBenito
7cf2858e4a
Improve the documentation of files interfaces:
...
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
5fb5bf2686
Additional docs for logging_log_filetrans().
2010-03-01 10:38:24 -05:00
Chris PeBenito
42eb0f10a9
Improve the documentation of corenetwork interfaces
...
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
14e543cb1c
Improve the documentation of unconfined_domain().
2010-02-26 13:47:17 -05:00
Chris PeBenito
45185c0783
Improve the documentation of logging_log_file() and logging_log_filetrans().
2010-02-26 09:34:41 -05:00
Chris PeBenito
3a744d1275
Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
2010-02-26 08:58:32 -05:00
Chris PeBenito
13f000d2ef
Improve the documentation of:
...
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()
2010-02-25 16:00:58 -05:00
Chris PeBenito
d6887176c1
Improve sysnet_read_config() documentation.
2010-02-25 13:54:34 -05:00
Chris PeBenito
81a0fb4024
Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage.
2010-02-25 13:53:52 -05:00
Chris PeBenito
7a0c0b4088
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4
Add additional documentation to files_type().
2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e
Rearrange files interfaces.
2010-02-25 08:32:22 -05:00
Chris PeBenito
6e48775f75
Improve documentation on logging_send_syslog_msg().
2010-02-24 15:56:05 -05:00
Chris PeBenito
fca4a96bae
Improve documentation on files_read_etc_files().
2010-02-24 15:20:03 -05:00
Chris PeBenito
611bc9311d
Improve documentation on miscfiles_read_localization().
2010-02-24 14:56:07 -05:00
Chris PeBenito
d124921979
Module version bump for cd17345
.
2010-02-24 10:13:12 -05:00
Dominick Grift
cd17345324
Various abrt fixes.
...
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:11:51 -05:00
Chris PeBenito
2040268b01
Module version bump for 534e57b
.
2010-02-24 10:08:41 -05:00
Dominick Grift
534e57b770
Various afs fixes.
...
Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:07:28 -05:00
Dominick Grift
6306637c89
mysqlmanagerd_var_run_t is not a domain type.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:00:05 -05:00
Chris PeBenito
1021460884
Minor tweaks and module version bump for 68cda59
.
2010-02-23 13:58:18 -05:00
Chris Richards
68cda59844
Add MySQL Manager to MySQL policy module
...
Second submission to fix mistakes from first.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
1049180cd8
Automount patch from Dan Walsh.
2010-02-19 13:50:01 -05:00
Chris PeBenito
fa03ecc046
Shorewall patch from Dan Walsh.
2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378
Vbetool patch from Dan Walsh.
2010-02-19 11:34:28 -05:00
Chris PeBenito
4fd0889171
Java patch from Dan Walsh.
2010-02-19 11:21:38 -05:00
Chris PeBenito
1e0f483a18
Mono patch from Dan Walsh.
2010-02-19 10:42:43 -05:00
Chris PeBenito
a777957b49
Rename qemu_unconfined_t to unconfined_qemu_t.
2010-02-19 10:27:09 -05:00
Chris PeBenito
8a1c9c505f
Rearrage qemu.if.
2010-02-19 10:16:28 -05:00
Chris PeBenito
72295e93e1
Qemu patch from Dan Walsh.
2010-02-19 10:15:19 -05:00
Chris PeBenito
29b580ce8f
Add sectoolm by Miroslav Grepl.
2010-02-19 09:39:06 -05:00
Chris PeBenito
4796d07ee0
Wine patch from Dan Walsh.
2010-02-19 09:17:51 -05:00
Chris PeBenito
6a9da24987
Useradd home dir creation fix from Gentoo.
2010-02-17 20:34:23 -05:00
Chris PeBenito
2f84a77d22
Syslog fixes from Gentoo.
2010-02-17 20:33:53 -05:00
Chris PeBenito
8b8501991e
Clean up leaked portage file descriptors.
2010-02-17 20:33:31 -05:00
Chris PeBenito
d08a3df046
Ssh key creation fix from Gentoo.
2010-02-17 20:32:08 -05:00
Chris PeBenito
2c05132062
Utmp fix from Gentoo.
2010-02-17 20:31:46 -05:00
Chris PeBenito
72c8a37c2b
Setfiles fix from Gentoo.
2010-02-17 20:30:42 -05:00
Chris PeBenito
679a63d09f
Mount usbfs fix from Gentoo.
2010-02-17 20:30:13 -05:00
Chris PeBenito
aadcb968f9
Move netlink route sockets from nsswitch to DNS name resolve.
2010-02-17 20:28:59 -05:00
Chris PeBenito
15d80e3646
Misc portage fixes.
2010-02-17 20:25:39 -05:00
Chris PeBenito
05bd2f9837
Portage fixes for installing SELinux-aware programs.
2010-02-17 20:23:41 -05:00
Chris PeBenito
c06a4452e2
Xguest patch from Dan Walsh.
2010-02-17 09:23:17 -05:00
Chris PeBenito
6f30d7e770
Pulseaudio patch from Dan Walsh.
2010-02-16 15:13:08 -05:00
Chris PeBenito
a513794b4c
Chronyd from Miroslav Grepl.
2010-02-16 14:53:59 -05:00
Chris PeBenito
3fb2b72c65
Ccs patch from Dan Walsh.
2010-02-16 11:28:08 -05:00
Chris PeBenito
0ab2c1eae9
Clear xserver TODO.
2010-02-12 10:29:41 -05:00
Chris PeBenito
6246e7d30a
Non-drawing X client support for consolekit.
2010-02-12 10:29:00 -05:00
Chris PeBenito
1322a1af4d
Remove redundant conditional user_ping terminal rules.
2010-02-11 14:35:38 -05:00
Chris PeBenito
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
Chris PeBenito
ed03a5b916
Sudo patch from Dan Walsh.
2010-02-11 09:15:45 -05:00
Chris PeBenito
ca5dc2f1cb
Consoletype patch from Dan Walsh.
2010-02-11 08:56:53 -05:00
Chris PeBenito
21673b238a
Hal patch from Dan Walsh.
2010-02-11 08:42:00 -05:00
Chris PeBenito
3079cbceb1
Virt/svirt patch from Dan Walsh.
2010-02-09 10:28:17 -05:00
Chris PeBenito
aa9e3b4b65
Ktalk patch from Dan Walsh.
2010-02-09 10:28:00 -05:00
Chris PeBenito
16412e2ff9
Merge branch 'master' of git+ssh://cpebenito@oss.tresys.com/home/git/refpolicy
2010-02-08 14:47:06 -05:00
Chris PeBenito
27eab81f2f
Misc fixes for 1031ee6
.
2010-02-08 13:38:48 -05:00
Chris PeBenito
7d2f96783c
Module version number bump for 1031ee6
.
2010-02-08 13:37:42 -05:00
Dominick Grift
1031ee6f6a
Implement cobblerd policy.
...
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.
Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.
As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.
Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
Chris PeBenito
2d743657f4
Userdomain patch from Stefan Schulze Frielinghaus.
2010-02-08 11:43:44 -05:00
Chris PeBenito
e526fca176
Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl.
2010-02-08 11:29:12 -05:00
Chris PeBenito
4ebfec7303
Add pyicqt from Stefan Schulze Frielinghaus.
2010-02-08 10:58:16 -05:00
Chris PeBenito
22a2874dbf
Add dbadm, from KaiGai Kohei.
2010-02-08 10:34:08 -05:00
Chris PeBenito
edc2f7dea4
Fix home_ssh_t usage.
2010-01-25 08:34:28 -05:00
Chris PeBenito
82b5d290cc
PPP patch from Dan Walsh.
2010-01-15 15:46:07 -05:00
Chris PeBenito
cde15072d0
SSH patch from Dan Walsh.
2010-01-15 15:28:27 -05:00
Chris PeBenito
fee5bb73bc
Uucp patch from Dan Walsh.
2010-01-08 10:37:47 -05:00
Chris PeBenito
c155e042d8
Sendmail patch from Dan Walsh.
2010-01-08 10:37:37 -05:00
Chris PeBenito
3624ef76d2
Mailman patch from Dan Walsh.
2010-01-08 10:37:23 -05:00
Chris PeBenito
8a8b24a4ba
Lircd patch from Dan Walsh.
2010-01-08 10:37:13 -05:00
Chris PeBenito
07ba15168b
Courier patch from Dan Walsh.
2010-01-08 10:37:01 -05:00
Chris PeBenito
d2acef78f4
Inetd patch from Dan Walsh.
2010-01-08 10:36:49 -05:00
Chris PeBenito
c292cb96ad
Avahi patch from Dan Walsh.
2010-01-08 10:35:47 -05:00
Chris PeBenito
00808a9b13
Fprintd patch from Dan Walsh.
2010-01-07 11:51:17 -05:00
Chris PeBenito
ef6ea56c4b
Fetchmail patch from Dan Walsh.
2010-01-07 11:51:05 -05:00
Chris PeBenito
84a45c9617
Exim patch from Dan Walsh.
2010-01-07 11:50:55 -05:00
Chris PeBenito
4dd84bbf0e
Dovecot patch from Dan Walsh.
2010-01-07 11:50:47 -05:00
Chris PeBenito
14c7865f1f
Ddclient patch from Dan Walsh.
2010-01-07 11:50:35 -05:00
Chris PeBenito
dcabb11eb5
DCC patch from Dan Walsh.
2010-01-07 11:50:20 -05:00
Chris PeBenito
30958fb7e7
Cyrus patch from Dan Walsh.
2010-01-07 11:49:55 -05:00
Chris PeBenito
192fb874f5
Clamav patch from Dan Walsh.
2010-01-07 11:49:44 -05:00
Chris PeBenito
c5155ac008
Bluetooth patch from Dan Walsh.
2010-01-07 11:49:32 -05:00
Chris PeBenito
96831fe421
Move rules from mta mailserver delivery from interface to .te to use the attribute.
2010-01-07 09:56:21 -05:00
Chris PeBenito
9c40673ff5
MTA patch from Dan Walsh.
2010-01-07 09:48:35 -05:00
Chris PeBenito
2650ca57ec
Tftp patch from Dan Walsh.
2010-01-07 09:01:10 -05:00
Chris PeBenito
f3890b25db
Sssd patch from Dan Walsh.
2010-01-07 09:00:59 -05:00
Chris PeBenito
207c4d1e6e
Snmp patch from Dan Walsh.
2010-01-07 09:00:48 -05:00
Chris PeBenito
82cdffce58
ntp patch from Dan Walsh.
2010-01-07 09:00:39 -05:00
Chris PeBenito
f37b7bd0cb
gpsd patch from Dan Walsh.
2010-01-07 08:59:38 -05:00
Chris PeBenito
b11dcd43b6
Tuned patch from Dan Walsh.
2009-12-18 10:45:56 -05:00
Chris PeBenito
ff785b93df
Rpcbind patch from Dan Walsh.
2009-12-18 10:45:39 -05:00
Chris PeBenito
733f494802
Radvd patch from Dan Walsh.
2009-12-18 10:45:29 -05:00
Chris PeBenito
b36ae9786f
Privoxy patch from Dan Walsh.
2009-12-18 10:45:22 -05:00
Chris PeBenito
1232a50c5f
Prelude patch from Dan Walsh.
2009-12-18 10:45:09 -05:00
Chris PeBenito
6df09cfef7
PCSCD patch from Dan Walsh.
2009-12-18 10:44:59 -05:00
Chris PeBenito
2d59a828b6
Nslcd patch from Dan Walsh.
2009-12-18 10:44:49 -05:00
Chris PeBenito
80f0587459
Mysql patch from Dan Walsh.
2009-12-18 10:44:35 -05:00
Chris PeBenito
d3c612ffd8
Modemmanager patch from Dan Walsh.
2009-12-18 10:44:26 -05:00
Chris PeBenito
0000b795ea
Milter patch from Dan Walsh.
2009-12-18 10:42:08 -05:00
Chris PeBenito
a32226612a
Memcached patch from Dan Walsh.
2009-12-18 10:41:56 -05:00
Chris PeBenito
6aa333b47e
Kerneloops patch from Dan Walsh.
2009-12-18 10:41:41 -05:00
Chris PeBenito
e1b8b54739
Kerberos patch from Dan Walsh.
2009-12-18 10:40:53 -05:00
Chris PeBenito
7d05af77c3
Irqbalance patch from Dan Walsh.
2009-12-18 10:39:36 -05:00
Chris PeBenito
d7b98c8902
GPM patch from Dan Walsh.
2009-12-18 10:39:23 -05:00
Chris PeBenito
ce8a71a960
Fail2ban patch from Dan Walsh.
2009-12-18 10:39:10 -05:00
Chris PeBenito
bd21cb1e09
Certmaster patch from Dan Walsh.
2009-12-18 10:38:57 -05:00
Chris PeBenito
a7d606860b
Bitlbee patch from Dan Walsh.
2009-12-18 10:38:30 -05:00
Chris PeBenito
5894c3e4fb
Amavis patch from Dan Walsh.
2009-12-18 10:38:17 -05:00
Chris PeBenito
32f27a7489
asterisk patch from Dan Walsh.
2009-12-18 10:37:52 -05:00
Chris PeBenito
7e81399d84
apm patch from Dan Walsh.
2009-12-18 10:35:31 -05:00
Chris PeBenito
41c139dc77
afs patch from Dan Walsh.
2009-12-18 10:35:03 -05:00
Chris PeBenito
b84d6ec491
smartmon patch from Dan Walsh.
2009-12-18 10:33:50 -05:00
Chris PeBenito
7fc72a02d9
Changelog and version bump for X object manager changes.
2009-12-03 10:40:42 -05:00
Chris PeBenito
e331a05c77
Merge branch 'master' into xselinux
2009-12-03 10:13:41 -05:00
Chris PeBenito
46b03739ac
Seunshare patch from Dan Walsh.
2009-12-01 10:31:28 -05:00
Chris PeBenito
d7776f58c2
Screen patch from Dan Walsh.
2009-12-01 10:31:17 -05:00
Chris PeBenito
6394ea6143
Podsleuth patch from Dan Walsh.
2009-12-01 10:30:50 -05:00
Chris PeBenito
b77daab0ed
Mozilla patch from Dan Walsh.
2009-12-01 10:30:30 -05:00
Chris PeBenito
36ded4bd36
GPG patch from Dan Walsh.
2009-12-01 10:30:07 -05:00
Chris PeBenito
962d6fb9b0
Calamaris patch from Dan Walsh.
2009-12-01 10:29:51 -05:00
Chris PeBenito
7491a9ed62
Iptables and modutils patches from Dan Walsh.
2009-12-01 09:23:11 -05:00
Chris PeBenito
d913e793ae
Kismet and tzdata patches from Dan Walsh.
2009-11-25 15:12:52 -05:00
Chris PeBenito
0cad9a734e
RAID patch from Dan Walsh.
2009-11-25 11:17:19 -05:00
Chris PeBenito
77c71b54e5
Fstools and Xen patches from Dan Walsh.
2009-11-25 10:27:31 -05:00
Chris PeBenito
e21162e471
Kdump reads the kernel core.
2009-11-25 10:04:40 -05:00
Chris PeBenito
837163cfe7
UDEV patch from Dan Walsh.
2009-11-25 09:44:14 -05:00
Chris PeBenito
832c1be4ca
IPSEC patch from Dan Walsh.
2009-11-24 14:09:10 -05:00
Chris PeBenito
5ed061769e
Application patch from Dan Walsh.
2009-11-24 11:48:39 -05:00
Chris PeBenito
dccbb80cb0
Whitespace cleanup.
2009-11-24 11:11:38 -05:00
Chris PeBenito
0f982dada2
ISCSI patch from Dan Walsh.
2009-11-24 11:08:22 -05:00
Chris PeBenito
0a119a0142
Setrans patch from Dan Walsh.
2009-11-24 09:41:03 -05:00
Chris PeBenito
bd34ef71df
LVM patch from Dan Walsh.
2009-11-24 09:19:45 -05:00
Chris PeBenito
9dfdd48fec
Miscfiles patch from Dan Walsh.
2009-11-24 09:04:48 -05:00
Chris PeBenito
910b1d8ecb
Files patch from Dan Walsh.
2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020
Corecommands patch from Dan Walsh.
2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00
Filesystem patch from Dan Walsh.
2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557
Add terminal patch from Dan Walsh.
2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42
Add devices patch from Dan Walsh.
2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0
Add kernel patch from Dan Walsh
2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785
Add storage patch, from Dan Walsh.
2009-11-19 09:03:36 -05:00
Chris PeBenito
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50
additional cleanup for e877913
.
2009-11-11 11:28:50 -05:00