Chris PeBenito
69347451fd
split dev_manage_dri_dev() into a manage and a filetrans interface.
2009-08-25 09:43:38 -04:00
Chris PeBenito
909922027b
Debian policykit fixes from Martin Orr.
...
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that. Also a couple of policykit rules.
2009-08-18 09:49:31 -04:00
Chris PeBenito
b2648249d9
Fix unconfined_r use of unconfined_java_t.
...
The unconfined role is running java in the unconfined_java_t. The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r. Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
4254cec711
Add missing x_device rules for XI2 functions, from Eamon Walsh.
...
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy. You can now create one or more
> "master devices" (mouse cursor and keyboard focus). The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device. Create/destroy controls the ability to create new master
> devices.
2009-08-14 13:18:16 -04:00
Chris PeBenito
2a77737d4e
Add missing rules to make unconfined_cronjob_t a valid cron job domain.
...
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain. This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
2009-08-12 14:15:39 -04:00
Chris PeBenito
97e42114db
remove redundant xen_append_log() call in hostname.
2009-08-11 14:19:38 -04:00
Chris PeBenito
e51390dfcb
fix refpolicy ticket #48 .
2009-08-10 11:14:03 -04:00
Chris PeBenito
02e594d5dc
Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49 .
2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197
Add missing compatibility aliases for xdm_xserver*_t types.
...
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625
fix ordering in sysnetwork.
2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc
fix ordering in raid.
2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646
fix ordering in pcmcia.
2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2
fix ordering in mount.
2009-08-05 10:16:41 -04:00
Chris PeBenito
54327d48ee
fix ordering in modutils.
2009-08-05 10:15:45 -04:00
Chris PeBenito
568efbe895
fix ordering of interface calls in lvm.
2009-08-05 10:07:35 -04:00
Chris PeBenito
8cd1306e5b
fix ordering of interface calls in locallogin.
2009-08-05 10:06:04 -04:00
Chris PeBenito
e6985f91ab
fix ordering of interface calls in iptables.
2009-08-05 10:04:13 -04:00
Chris PeBenito
464ffa57fd
fix ordering of interface calls in init.
2009-08-05 10:01:06 -04:00
Chris PeBenito
14d282253f
fix ordering of interface calls in hostname.
2009-08-05 09:57:14 -04:00
Chris PeBenito
5b5300c823
fix ordering of interface calls in getty.
2009-08-05 09:55:58 -04:00
Chris PeBenito
79ca728b5f
fix ordering of interface calls in fstools.
2009-08-05 09:54:52 -04:00
Chris PeBenito
08638af216
fix ordering of interface calls in clock.
2009-08-05 09:52:34 -04:00
Chris PeBenito
2acba7bbdb
fix ordering of interface calls in authlogin.
2009-08-05 09:51:47 -04:00
Chris PeBenito
9c47227c7a
fix ordering of interface calls in sudo.
2009-08-05 09:48:46 -04:00
Chris PeBenito
78a9c2815d
add bin_t labeling for gentoo dhcpcd-run-hooks location
2009-07-30 09:34:00 -04:00
Chris PeBenito
4c92f08f75
openrc unfortunately mounts a tmpfs at /lib/rc
2009-07-30 08:57:15 -04:00
Chris PeBenito
cfdbf366cb
gentoo init script system uses tmpfs for state data
2009-07-30 08:33:43 -04:00
Chris PeBenito
efa0acccea
gentoo init script system sends audit messages.
2009-07-29 21:50:32 -04:00
Chris PeBenito
3162277ade
alsa file location update for debian, from Manoj.
2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0
whitespace fixes in apt.
2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d
clean up 6a192f70d4
2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4
Update apt/aptitude policy to add support for lock/log files
...
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
2009-07-29 15:00:39 -04:00
Chris PeBenito
50458c8bb7
pull most of fedora changes to rpc.
2009-07-29 14:55:30 -04:00
Chris PeBenito
0c89174f7f
pull most of fedora changes to samba.
2009-07-29 14:40:34 -04:00
Chris PeBenito
105e85ac8e
/dev/fuse should be s0 not mls_high
...
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device. Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs. It will also make it unusable I
believe on an MLS machine. Mostly I have seen fusefs used for remote
access to data. sshfs for example.
2009-07-29 11:08:50 -04:00
Chris PeBenito
363e8fb98a
pull in part of fedora mta changes
2009-07-29 10:59:09 -04:00
Chris PeBenito
20c3ccee1a
add fprintd module from dan.
2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea
add devicekit module from dan.
2009-07-29 10:02:06 -04:00
Chris PeBenito
4e7c0a93a6
consolekit patch from dan.
2009-07-29 09:13:54 -04:00
Chris PeBenito
33322290f2
automount patch from dan.
2009-07-29 08:59:26 -04:00
Chris PeBenito
8f3bddfbfd
cups patch from dan.
2009-07-28 15:46:26 -04:00
Chris PeBenito
4be3e11094
pull in apache_admin() from fedora
2009-07-28 13:24:08 -04:00
Chris PeBenito
91550027de
vmware patch from dan.
2009-07-28 11:37:34 -04:00
Chris PeBenito
423a4a3a2c
fix dbus type transition conflict.
...
switch dbus ranged calls from daemon domain to system domain. This works
around a type transition conflict. It is also why the non-ranged
init_system_domain() is used instead of init_daemon_domain().
2009-07-28 11:05:19 -04:00
Chris PeBenito
41ea887598
sudo patch from dan.
2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814
readahead patch from dan.
2009-07-28 10:08:02 -04:00
Chris PeBenito
4083191c4b
add missing userdom interfaces
2009-07-28 09:35:46 -04:00
Chris PeBenito
c7ae9ae1c8
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-07-28 08:00:03 -04:00
Chris PeBenito
ebf3ec9063
snort patch from dan.
2009-07-27 16:04:10 -04:00