Chris PeBenito
4605adcba7
trunk: add postfixpolicyd from Jan-Frode Myklebust.
2007-11-07 20:17:44 +00:00
Chris PeBenito
bd973e3e68
trunk: remove unused types from dbus.
2007-10-26 18:04:38 +00:00
Chris PeBenito
6bf8bf4f5c
trunk: add exim from dan.
2007-10-24 15:07:40 +00:00
Chris PeBenito
3c99e5989a
trunk: add /var/lib search for system bus template.
2007-10-22 15:53:31 +00:00
Chris PeBenito
a334d2918f
trunk: add infrastructure for managing user web content.
2007-10-18 19:23:33 +00:00
Chris PeBenito
a27d1c6e84
trunk: gdm is in /usr/sbin on rawhide machines, from Eamon Walsh.
2007-10-15 17:50:07 +00:00
Chris PeBenito
f48782758e
trunk: reorganize amanda and bind
2007-10-12 17:50:11 +00:00
Chris PeBenito
bc01b352f6
trunk: 2 patches from dan.
2007-10-12 17:35:56 +00:00
Chris PeBenito
cdf98fedc0
trunk: 10 patches from dan.
2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
Chris PeBenito
6c53a10e28
trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust.
2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
4ddc7ba539
trunk: xml doc one-liner from Stefan Schulze Frielinghaus.
2007-09-24 13:01:17 +00:00
Chris PeBenito
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00
Chris PeBenito
14add30d03
trunk: 3 patches from dan.
2007-09-12 14:53:39 +00:00
Chris PeBenito
134a799c75
trunk: 3 patches from dan.
2007-09-11 19:24:32 +00:00
Chris PeBenito
8a9d6f6449
trunk: 6 patches from dan.
2007-09-07 13:41:20 +00:00
Chris PeBenito
72f82c47c2
trunk: six patches from dan.
2007-09-06 18:34:40 +00:00
Chris PeBenito
016e5c5cdc
trunk: 4 patches from dan.
2007-09-05 14:48:21 +00:00
Chris PeBenito
0a0b8078ca
trunk: 5 patches from dan.
2007-09-04 18:57:58 +00:00
Chris PeBenito
6dd721a686
trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate.
2007-08-27 17:57:36 +00:00
Chris PeBenito
a2f444884b
trunk: patch to allow sendmail to read ssl/tls certificates from Stefan Schulze Frielinghaus.
2007-08-27 17:00:18 +00:00
Chris PeBenito
2af7b42a06
trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels.
2007-08-22 20:21:52 +00:00
Chris PeBenito
8d2c34195e
trunk: updates from dan on 9 modules
2007-08-22 20:02:41 +00:00
Chris PeBenito
80d5e02c81
trunk: Files and radvd updates from Stefan Schulze Frielinghaus.
2007-08-21 19:03:34 +00:00
Chris PeBenito
1779bef032
trunk: fix gdm xsession scripts on redhat machines.
2007-08-20 18:54:29 +00:00
Chris PeBenito
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
Chris PeBenito
371d11ec04
trunk: add 3rd party interface for apache cgi.
2007-07-26 19:48:40 +00:00
Chris PeBenito
708aab1393
trunk: fix targeted sshd. When the domain was unaliased from unconfined_t, a transition to unconfined_t was not added.
2007-07-20 18:25:26 +00:00
Chris PeBenito
d46cfe45cd
trunk: add application module
2007-07-19 18:57:48 +00:00
Chris PeBenito
f80a0e4f25
trunk: Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
2007-07-02 15:25:46 +00:00
Chris PeBenito
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
Chris PeBenito
e5e55ace89
trunk, strict-targeted-merge: add mmap_zero to xserver domains.
2007-06-28 12:34:08 +00:00
Chris PeBenito
7b61fe506d
trunk: add rpcbind from dan
2007-06-27 16:31:55 +00:00
Chris PeBenito
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
2c3ac47d45
trunk: pyzor and clamav updates from dan
2007-06-26 18:43:11 +00:00
Chris PeBenito
02f2c3e979
trunk: nagios update from dan
2007-06-21 17:23:19 +00:00
Chris PeBenito
a90a256f64
trunk: procmail tweak from dan.
2007-06-21 14:54:34 +00:00
Chris PeBenito
92d1ade254
trunk: trivial gentoo tweaks
2007-06-20 20:08:26 +00:00
Chris PeBenito
99b5a56cb6
trunk: radius one-liner from dan
2007-06-20 15:03:55 +00:00
Chris PeBenito
40df56772f
trunk: big samba update from dan
2007-06-19 19:11:35 +00:00
Chris PeBenito
788d88c923
trunk: drop snmpd_etc_t.
2007-06-19 17:39:35 +00:00
Chris PeBenito
6c8aba7b31
trunk: confine sendmail and logrotate on targeted
2007-06-19 17:01:39 +00:00
Chris PeBenito
cb10a2d5bf
trunk: Tunable connection to postgresql for users from KaiGai Kohei.
2007-06-19 14:30:06 +00:00
Chris PeBenito
d139413c64
trunk: 2 patches from dan
2007-06-13 13:54:56 +00:00
Chris PeBenito
d5b81a81ff
trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern().
2007-06-12 18:46:14 +00:00
Chris PeBenito
262def165a
trunk: version bumps for previous commit.
2007-06-12 13:08:19 +00:00
Chris PeBenito
f7101c5430
trunk: 7 simple patches from dan.
2007-06-12 13:06:13 +00:00
Chris PeBenito
6649aec9d0
trunk: 3 patches from dan
2007-06-11 15:43:37 +00:00
Chris PeBenito
d534d35a7e
trunk: 5 patches from dan
2007-06-11 15:01:10 +00:00
Chris PeBenito
f6a590d7b4
six simple patches from dan
2007-06-11 14:09:09 +00:00
Chris PeBenito
a39a931362
trunk: snmp tweak from dan
2007-05-15 18:06:31 +00:00
Chris PeBenito
c412be6bef
trunk: remaining pieces for apcupsd module
2007-05-15 15:43:00 +00:00
Chris PeBenito
762d2cb989
merge restorecon into setfiles
2007-05-11 17:10:43 +00:00
Chris PeBenito
12217cc286
Patch to begin separating out hald helper programs from Dan Walsh.
2007-05-07 17:57:48 +00:00
Chris PeBenito
78f17e6d6c
add apcupsd from dan
2007-05-07 14:55:54 +00:00
Chris PeBenito
b129e2001c
Fixes for squid, dovecot, and snmp from Dan Walsh.
2007-05-07 13:45:17 +00:00
Chris PeBenito
4967aaa320
Miscellaneous consolekit fixes from Dan Walsh.
2007-05-03 14:15:38 +00:00
Chris PeBenito
ed4b7301fb
Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh.
2007-05-03 12:45:28 +00:00
Chris PeBenito
517618f0b4
Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
2007-05-02 17:55:03 +00:00
Chris PeBenito
6a2975706a
add rwho from Nalin Dahyabhai
2007-04-30 17:39:01 +00:00
Chris PeBenito
747ab18400
Patch to allow amavis to read spamassassin libraries from Dan Walsh.
2007-04-30 15:19:47 +00:00
Chris PeBenito
ae32fb7e7b
trivial aide fix from dan
2007-04-30 15:09:15 +00:00
Chris PeBenito
7487a66705
trivial fix from dan for bluetooth
2007-04-30 14:33:12 +00:00
Chris PeBenito
d28e528b0d
Fixes for RHEL4 from the CLIP project.
2007-04-27 15:08:15 +00:00
Chris PeBenito
cd16fe6e2c
Replace the old lrrd fc entries with correct munin ones.
2007-04-23 17:36:35 +00:00
Chris PeBenito
7a4bd42ea3
Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface.
2007-04-19 14:24:02 +00:00
Chris PeBenito
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
Chris PeBenito
4029f11670
last piece of previous consolekit patch
2007-04-11 20:02:59 +00:00
Chris PeBenito
97e8156ecb
add zabbix from dan
2007-04-11 18:55:44 +00:00
Chris PeBenito
697489040e
5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes
2007-04-11 17:56:03 +00:00
Chris PeBenito
99064c9fbd
more consolekit updates from dan
2007-04-11 14:04:35 +00:00
Chris PeBenito
ebc1e8be97
from dan:
...
kadmind trys to setattr on krb5kdc file. Just a library checking access.
2007-04-10 17:20:07 +00:00
Chris PeBenito
9af48eef6e
six patches from dan
2007-04-10 13:10:58 +00:00
Chris PeBenito
39d8dcdb4f
fix http_script_domains, it was incorrectly applied to the content type rather than the script domain. bug #24 .
2007-04-02 13:20:55 +00:00
Chris PeBenito
9e8f65c83e
six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed
2007-03-26 20:47:29 +00:00
Chris PeBenito
56e1b3d207
- Move booleans and tunables to modules when it is only used in a single
...
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89
remove disable_trans booleans
2007-03-23 21:01:49 +00:00
Chris PeBenito
19fd9301e6
patch from dan to have ricci modstorage transition to lvm
2007-03-21 20:02:50 +00:00
Chris PeBenito
cd3ee91a4b
add fail2ban from dan
2007-03-21 15:51:52 +00:00
Chris PeBenito
a5f5eba459
Add dontaudits for init fds and console to init_daemon_domain().
2007-03-20 18:47:18 +00:00
Chris PeBenito
7200146ea8
trivial patch for radius from dan
2007-03-19 18:42:57 +00:00
Chris PeBenito
86b28c9594
trivial patch from dan for sysstat access to sysfs
2007-03-19 18:38:54 +00:00
Chris PeBenito
e66689f7be
other part of consolekit addition
2007-03-19 18:36:36 +00:00
Chris PeBenito
c224d91c7b
from Dan:
...
This is a new policy for the User Switching capability coming in gnome.
consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
0cca516db7
fix for rh bug 203290
2007-03-08 19:01:21 +00:00
Chris PeBenito
b5a6c86f46
last bit of dans patch
2007-03-08 17:53:52 +00:00
Chris PeBenito
cdc91b9aeb
Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh.
2007-03-08 15:14:45 +00:00
Chris PeBenito
59bedc1886
procmail uses /tmp files
...
Wants to send signull to itself
Can exec ls
Read spamassinn_lib_dirs
New directory for spamassin /var/lib/
pyzor uses tmp files
2007-03-07 21:33:22 +00:00
Chris PeBenito
7aefc69117
trivial change from dan
2007-03-06 17:44:26 +00:00
Chris PeBenito
7aca2aa827
setroubleshoot has a plugin that checks the file context on disk versus a matchpathcon. So needs additional privs
2007-03-06 17:16:08 +00:00
Chris PeBenito
c23eb5b1c4
Patch for gssd fixes from Dan Walsh
2007-03-06 16:18:59 +00:00
Chris PeBenito
c5561c777d
patches for lvm and ricci fixes from Dan Walsh.
2007-03-06 15:35:02 +00:00
Chris PeBenito
f2c69c47b3
lmtp and smtp are the same file require same context of setfiles complains
...
postfix_pickup_t wants to read postfix_spool_maildrop_t dir
2007-03-01 20:41:19 +00:00
Chris PeBenito
ecc98e19e3
patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh.
2007-03-01 15:43:39 +00:00
Chris PeBenito
4900fdf7d1
Patch for kerberized telnet fixes from Dan Walsh.
2007-02-28 17:17:52 +00:00
Chris PeBenito
09c56f5496
Patch for kerberized ftp and other ftp fixes from Dan Walsh.
2007-02-28 17:01:47 +00:00
Chris PeBenito
f0eaed31be
Patch for misc fixes to bluetooth from Dan Walsh.
2007-02-26 17:23:52 +00:00
Chris PeBenito
5b06477c8e
On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote:
...
> Eliminate excess avc messages created when using kerberos libraries
>
> krb5kdc wans to setsched
>
> Also uses a fifo_file to communicate.
>
> Needs to search_network_sysctl
2007-02-26 17:04:56 +00:00
Chris PeBenito
66cf194680
Patch to remove redundant mls_trusted_object() call from Dan Walsh.
2007-02-23 20:05:12 +00:00
Chris PeBenito
4685213857
Patch for misc fixes to nis ypxfr policy from Dan Walsh.
2007-02-23 19:52:52 +00:00
Chris PeBenito
aeb54c6dd0
Patch to allow apmd to telinit from Dan Walsh.
2007-02-23 19:41:41 +00:00
Chris PeBenito
d114071e7a
While using samba and SELinux with Debian GNU/Linux (etch) the
...
following files need to be labeled correctly:
/var/run/samba/gencache.tdb
/var/run/samba/share_info.tdb
Should also concern other distributions than Debian.
-Stefan
2007-02-23 19:30:17 +00:00
Chris PeBenito
bcac3a5e3d
Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
2007-02-23 19:08:45 +00:00
Chris PeBenito
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
Chris PeBenito
10e12095d6
Fix explicit use of httpd_t in openca_domtrans(), bug #22 .
2007-02-07 22:10:45 +00:00
Chris PeBenito
ff943a1b9b
Clean up file context regexes in apache and java, from Eamon Walsh:
...
Some file_contexts regular expressions in refpolicy-strict are causing
genhomedircon to die; refpolicy is failing to build for me entirely.
The regular expressions seem redundant to me, perhaps I am missing
something, but the following patch fixes the problems for me. Please
review and apply
2007-01-24 17:10:31 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863
patch from dan for some missing gen_require()s
2006-11-29 13:44:40 +00:00
Chris PeBenito
c31f6724c0
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:47:47 +00:00
Chris PeBenito
fa45da0efd
add aide, ccs, and ricci
2006-11-16 20:56:24 +00:00
Chris PeBenito
ed38ca9f3d
fixes from gentoo strict testing:
...
- Allow semanage to read from /root on strict non-MLS for
local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito
d9845ae92a
patch from dan Tue, 24 Oct 2006 11:00:28 -0400
2006-10-31 21:01:48 +00:00
Chris PeBenito
a52b4d4f23
bump versions to release numbers
2006-10-18 19:25:27 +00:00
Chris PeBenito
d4a48c41c2
make inetd optional
2006-10-18 15:49:45 +00:00
Chris PeBenito
14b1684aae
gentoo testing fixes.
2006-10-13 21:44:02 +00:00
Chris PeBenito
85f0c35922
make optional the inetd dependency in samba
2006-10-10 13:11:58 +00:00
Chris PeBenito
830c12eb2d
apply contested part of russell's last patch
2006-10-06 13:38:49 +00:00
Chris PeBenito
3c3c0439f6
patch from russell, Thu, 5 Oct 2006 22:44:49 +1000
...
Allow unconfined processes to see unlabeled processes in ps.
Removed a redundant rule in samba.te
Removed support for the pre-Fedora Red Hat code to create sym-links in /boot.
Removed support for devpts_t files in /tmp (there is no way that would ever
work).
Allowed postgrey to create socket files.
Made the specs for the /lib and /lib64 directories better support stem
compression.
2006-10-05 19:57:37 +00:00
Chris PeBenito
e070dd2df0
- Move range transitions to modules.
...
- Make number of MLS sensitivities, and number of MLS and MCS
categories configurable as build options.
2006-10-04 17:25:34 +00:00
Chris PeBenito
e2b84ef79a
patch from dan Mon, 25 Sep 2006 15:46:40 -0400
2006-09-28 14:37:29 +00:00
Chris PeBenito
693d4aedb5
patch from dan Fri, 22 Sep 2006 16:30:34 -0400
2006-09-25 18:53:06 +00:00
Chris PeBenito
8708d9bef2
patch from dan Wed, 20 Sep 2006 12:12:49 -0400
2006-09-22 17:14:35 +00:00
Chris PeBenito
a9e03b3752
* add a macro for generating category declarations
...
* fix userdom_search_all_users_home_content() to use search_dir_perms;
* change ssh daemon macro to use userdom_search_all_users_home_dirs() instead of _home_content()
2006-09-21 15:48:15 +00:00
Chris PeBenito
bf469d7669
gentoo testing fixes
2006-09-19 17:02:29 +00:00
Chris PeBenito
9dfbd81493
forgot to bump policy vers
2006-09-13 18:42:49 +00:00
Chris PeBenito
73ca55d311
patches from erich Wed, 13 Sep 2006 16:18:18 +0200
2006-09-13 18:35:10 +00:00
Chris PeBenito
0d96ff339e
misc fixes
2006-09-13 14:23:04 +00:00
Chris PeBenito
376fbc0be9
clean up usercanread
2006-09-11 18:23:09 +00:00
Chris PeBenito
95b8223eed
cleanups
2006-09-08 17:21:28 +00:00
Chris PeBenito
bbcd3c97dd
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
Chris PeBenito
75beb95014
patch from dan Tue, 05 Sep 2006 17:06:06 -0400
2006-09-06 16:36:23 +00:00
Chris PeBenito
13d7cec671
patch from erich Sat, 02 Sep 2006 03:37:44 +0200
2006-09-04 18:22:12 +00:00
Chris PeBenito
5dbda5558a
patch from dan Fri, 01 Sep 2006 15:45:24 -0400
2006-09-04 15:15:35 +00:00
Chris PeBenito
eac818f040
patch from dan Thu, 31 Aug 2006 15:16:30 -0400
2006-09-01 15:52:05 +00:00
Chris PeBenito
a5e2133bc8
patch from dan Wed, 23 Aug 2006 14:03:49 -0400
2006-08-29 02:41:00 +00:00
Chris PeBenito
d15dd5a739
more testing fixes
2006-08-23 03:47:39 +00:00
Chris PeBenito
3ef029db7c
add nscd_socket_use() to auth_use_nsswitch() since it caches nss lookups.
2006-08-22 19:37:56 +00:00
Chris PeBenito
3573908f1c
fix cron_system_entry() rules
2006-08-16 13:52:18 +00:00
Chris PeBenito
33c7e6b4e8
remove dead selopt rules
2006-08-15 20:00:58 +00:00
Chris PeBenito
497da0953c
ps/ptrace dontaudit cleanup
2006-08-08 17:49:03 +00:00
Chris PeBenito
4846dc8ad4
patch from Stefan for mrtg daemon operation.
2006-08-07 17:14:00 +00:00
Chris PeBenito
4b3b46d7ef
add authlogin interface to abstract common login program perms
2006-07-31 22:26:59 +00:00
Chris PeBenito
46551033aa
patch from dan Wed, 26 Jul 2006 14:42:46 -0400
2006-07-28 15:13:58 +00:00
Chris PeBenito
81aa67fcc0
more ssh agent fixes
2006-07-26 21:16:45 +00:00
Chris PeBenito
528811e040
clean up most of the remaining ssh TODO
2006-07-26 20:34:09 +00:00
Chris PeBenito
79f5f5e8fd
add gdm Xsession fc
2006-07-26 20:33:23 +00:00
Chris PeBenito
d617143ba4
remove deprecated mount_send_nfs_client_request() from stunnel
2006-07-25 22:28:47 +00:00
Chris PeBenito
ea3c1f508a
add helpers for printing warning and error messages
2006-07-25 17:27:00 +00:00
Chris PeBenito
19ebf01d6a
patch to fix escaping of . in file contexts from james athey
2006-07-24 15:43:57 +00:00
Chris PeBenito
da9bbc655a
fix up audit message perms now that audit_write denials are being audited by the kernel.
2006-07-13 17:22:08 +00:00
Chris PeBenito
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00