Chris PeBenito
97b990f86e
Fix corecmd_dontaudit_exec_all_executables doc.
2010-08-05 09:24:41 -04:00
Dominick Grift
705f70f098
Kernel layer xml fixes.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:08:07 -04:00
Chris PeBenito
a7ee7f819a
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 09:20:22 -04:00
Chris PeBenito
a72e42f485
Interface documentation standardization patch from Dan Walsh.
2010-08-02 09:22:09 -04:00
Chris PeBenito
27eeb649cc
Virtio disk file context update from Mika Pfluger.
2010-08-02 08:33:41 -04:00
Mika Pflüger
b3f7203d6a
Take virtio disks into account.
...
Signed-off-by: Mika Pflüger <debian@mikapflueger.de>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-08-02 08:25:14 -04:00
Chris PeBenito
21fdee9dd5
Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
...
We went back and reread the bindreservport code in glibc.
Turns out the range or ports that this will reserve are 512-1024 rather
then 600-1024.
The code actually first tries to reserve a port from 600-1024 and if
they are ALL reserved will try 512-599.
So we need to change corenetwork to reflect this.
2010-07-19 14:22:44 -04:00
Chris PeBenito
3c79f954d1
Rearrage interfaces in filesystem.
2010-06-22 10:17:42 -04:00
Chris PeBenito
eab2cc89b4
Slocate patch from Dan Walsh.
...
Locate attempts to look at network sate and does getattr on all blk/chr
and noxattr symlinks.
2010-06-22 09:58:14 -04:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
48e0aa86c9
Files patch from Dan Walsh.
...
Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
Fix labels on chroot environments
2010-06-09 09:09:34 -04:00
Chris PeBenito
135b1b4c54
Terminal patch from Dan Walsh.
2010-06-09 08:22:31 -04:00
Chris PeBenito
860c05d9de
Rearrange cgroup interfaces in filesystem.
2010-06-08 09:10:45 -04:00
Dominick Grift
c0c635b3f3
cgroup in filesystem.
...
Move cgroup_t declarations from kernel.te to filesystem.te
Redo cgroup interfaces in filesystem.if
Add file context specification for /cgroup mountpoint to filesystem.fc
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-08 08:38:18 -04:00
Chris PeBenito
60f04fcb7a
Kernel patch from Dan Walsh.
...
Add ability to dontaudit requiests to load kernel modules. If you
disable ipv6 every confined app that does ip, tries to get the kernel to
load the module.
Better handling of unlabeled files by the kernel interfaces
2010-06-07 11:08:35 -04:00
Chris PeBenito
fb7caddb4f
Devices patch from Dan Walsh.
...
vhost_device_t added for libvirt/qemu
/dev/usbmon device added
lots of new interfaces.
2010-06-07 09:20:18 -04:00
Chris PeBenito
46c0e57acf
Corecommands patch from Dan Walsh.
...
Lots of new places to stick bin_t files
2010-06-07 09:04:08 -04:00
Chris PeBenito
8f0de5df68
Storage patch from Dan Walsh.
...
Add /dev/hwcdrom
2010-06-04 09:47:45 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Jeremy Solt
d86c09846b
squid patch from Dan Walsh
...
Edits:
- Added netport to corenetwork.te.in
2010-05-24 13:08:07 -04:00
Chris PeBenito
fb3fc9e4f0
Cyrus patch from Dan Walsh.
2010-05-03 15:14:50 -04:00
Chris PeBenito
03a6e03926
Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t.
2010-05-03 11:17:16 -04:00
Chris PeBenito
05a2e3e2d7
Lircd patch from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
4a8bd017aa
Module version bump and extra comments for 194d61f
.
2010-04-24 08:10:43 -04:00
Chris Richards
194d61fd3c
modutils patch for update-modules
...
update-modules on Gentoo throws errors when run because it sources /etc/init.d/functions.sh, which always scans /var/lib/init.d to set SOFTLEVEL environment var. This is never used by update-modules.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:08:15 -04:00
Jeremy Solt
e6e2a769ac
Remove excess white space from ntop.te
...
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt
4f7b413cdc
Ntop policy from Dan Walsh
...
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito
46e16a2d2a
Use port range notation in corenetwork where it makes sense.
2010-04-13 11:55:04 -04:00
Chris PeBenito
3829eecb12
Clean up output of generated corenetwork.te.
2010-04-13 11:52:09 -04:00
Chris PeBenito
85e71c86da
Fix network_port() in corenetwork to correctly handle port ranges.
2010-04-13 11:06:02 -04:00
Chris PeBenito
e399e3abea
Add devtmpfs labeling.
2010-04-07 08:55:33 -04:00
Chris PeBenito
60def66b13
Second part of Apache patch from Dan Walsh.
2010-04-05 10:57:52 -04:00
Chris PeBenito
0417386142
Kernel patch from Dan Walsh.
2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502
Domain patch from Dan Walsh.
2010-03-17 10:02:07 -04:00
Chris PeBenito
827060cb04
Style fixes and module version bumps for 38fc1bd
.
2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
e8871c2092
Add additional documentation to kernel_request_load_module().
2010-03-16 15:08:00 -04:00
Chris PeBenito
7af0e9bc95
Filesystem patch from Dan Walsh.
2010-03-12 11:40:59 -05:00
Chris PeBenito
bd063de6c4
Fix another corenetwork typo.
2010-03-08 11:04:40 -05:00
Chris PeBenito
4af2b3fb98
Add back missing s0 on network_port().
2010-03-08 07:59:56 -05:00
Chris PeBenito
9c709c46a1
Corenetwork patch from Dan Walsh.
2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b
Corecommands patch from Dan Walsh.
2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc
Devices patch from Dan Walsh.
2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba
Storage patch from Dan Walsh.
2010-03-04 14:23:44 -05:00
Chris PeBenito
eeb7616f5e
Corenetwork patch from Dan Walsh.
2010-03-04 13:50:46 -05:00
Chris PeBenito
4a4436a778
Add examples to documentation of common corenetwork interfaces.
2010-03-03 13:42:15 -05:00
Chris PeBenito
88daf126f2
Improve the documentation of domain interfaces:
...
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652
Improve the documentation of ubac_constrained().
2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e
Improve the documentation of devices interfaces:
...
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69
Improve filesystem interfaces:
...
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00