Commit Graph

241 Commits

Author SHA1 Message Date
Jeremy Solt
d8642cad29 readahead patch from Dan Walsh
Edits:
 - Removed files_dontaudit_read_security_files and fs_dontaudit_read_tmpfs_blk_dev interface calls
2010-05-24 13:08:08 -04:00
Chris PeBenito
ff1cae1f5e Move line in logrotate; module version bump. 2010-05-24 13:08:08 -04:00
Jeremy Solt
b8c9879a8c logrotate patch from Dan Walsh 2010-05-24 13:08:08 -04:00
Jeremy Solt
fdc0d0f77c vpn patch from Dan Walsh
Edits:
 - Removed userdom_read_home_certs
2010-05-24 13:08:08 -04:00
Jeremy Solt
2483d7ae56 Replace apache_delete_cache with apache_delete_cache_files in tmpreaper.te 2010-05-24 13:08:07 -04:00
Jeremy Solt
8daddcf37e tmpreaper patch from Dan Walsh 2010-05-24 13:08:07 -04:00
Jeremy Solt
7605d2738c Remove call to nagios_rw_inherited_tmp_files 2010-05-24 13:08:07 -04:00
Jeremy Solt
44dc1b9c21 netutils patch from Dan Walsh
Edits:
 - Dropping term_use_all_terms and user_ping tunables for ping and traceroute
 - Whitespace fixes
2010-05-24 13:08:07 -04:00
Chris PeBenito
9fe1b540b8 Prelink patch from Dan Walsh. 2010-05-20 08:54:51 -04:00
Chris PeBenito
16070400a8 RPM patch from Dan Walsh. 2010-05-11 11:11:40 -04:00
Chris PeBenito
4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito
c6491af860 Module version bump for d12f18e. 2010-03-16 14:34:50 -04:00
Jeremy Solt
d12f18e452 Change kernel_load_module to kernel_request_load_module from Dan Walsh 2010-03-16 13:44:52 -04:00
Chris PeBenito
fad6e761bf Whitespace fix for mcelog. 2010-03-16 13:15:38 -04:00
Chris PeBenito
580279da88 Module version bump for 74b51e6. 2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7 Whitespace fixes for smoltclient. 2010-03-16 13:11:53 -04:00
Jeremy Solt
1484157201 mcelog policy from Dan Walsh
Me: Removed permissive line, and fixed a couple style issues
2010-03-16 11:47:07 -04:00
Jeremy Solt
74b51e6db2 Firstboot sends dbus messages from Dan Walsh
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd Policy for smolt sendProfile client from Dan Walsh 2010-03-16 11:37:56 -04:00
Chris PeBenito
37e2499ed1 Module version bump for 1d3d00b. 2010-03-12 11:43:09 -05:00
Chris PeBenito
9e506eb236 Rearrange lines in alsa an mysql. 2010-03-12 08:59:23 -05:00
Jeremy Solt
1d3d00b279 Manage alsa writable config files interface from Dan Walsh
Moved term_dontaudit_use_console for style.
2010-03-12 08:54:29 -05:00
Chris PeBenito
547d62ea9e Module version bump for ddae1cc. 2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec Creates sock files in /tmp, reads network state. - From Dan Walsh
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
2010-03-09 09:32:23 -05:00
Chris PeBenito
6f9c3c4895 Module version bump for 42fa15b. 2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa Module version bump for 3fcdc39. 2010-03-08 10:02:58 -05:00
Chris PeBenito
e2e1b6721b Minor style fixes. 2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75 Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh 2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764 shorewall log file from Dan Walsh 2010-03-08 09:34:37 -05:00
Chris PeBenito
fa03ecc046 Shorewall patch from Dan Walsh. 2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378 Vbetool patch from Dan Walsh. 2010-02-19 11:34:28 -05:00
Chris PeBenito
29b580ce8f Add sectoolm by Miroslav Grepl. 2010-02-19 09:39:06 -05:00
Chris PeBenito
6a9da24987 Useradd home dir creation fix from Gentoo. 2010-02-17 20:34:23 -05:00
Chris PeBenito
15d80e3646 Misc portage fixes. 2010-02-17 20:25:39 -05:00
Chris PeBenito
05bd2f9837 Portage fixes for installing SELinux-aware programs. 2010-02-17 20:23:41 -05:00
Chris PeBenito
1322a1af4d Remove redundant conditional user_ping terminal rules. 2010-02-11 14:35:38 -05:00
Chris PeBenito
c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito
ed03a5b916 Sudo patch from Dan Walsh. 2010-02-11 09:15:45 -05:00
Chris PeBenito
ca5dc2f1cb Consoletype patch from Dan Walsh. 2010-02-11 08:56:53 -05:00
Chris PeBenito
d913e793ae Kismet and tzdata patches from Dan Walsh. 2009-11-25 15:12:52 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf adding puppet configuration management system
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
6af53d08ed rearrange readahead rules. 2009-09-09 09:53:28 -04:00
Chris PeBenito
c1e5b195f7 readahead patch from dan. 2009-09-09 09:45:34 -04:00
Chris PeBenito
163ddfaa80 prelink patch from dan. 2009-09-09 08:18:51 -04:00
Chris PeBenito
625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito
b2324fa76d certwatch patch from dan. 2009-09-01 08:50:39 -04:00
Chris PeBenito
b515ab0182 mrtg patch from dan. 2009-09-01 08:44:20 -04:00
Chris PeBenito
a9e9678fc7 kismet patch from dan. 2009-08-31 09:38:47 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
9c47227c7a fix ordering of interface calls in sudo. 2009-08-05 09:48:46 -04:00
Chris PeBenito
3162277ade alsa file location update for debian, from Manoj. 2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0 whitespace fixes in apt. 2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d clean up 6a192f70d4 2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4 Update apt/aptitude policy to add support for lock/log files
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
2009-07-29 15:00:39 -04:00
Chris PeBenito
41ea887598 sudo patch from dan. 2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814 readahead patch from dan. 2009-07-28 10:08:02 -04:00
Chris PeBenito
5be35f2acd tmpreaper patch from dan. 2009-07-27 09:11:38 -04:00
Chris PeBenito
adea587572 4 patches from dan. 2009-07-20 11:34:46 -04:00
Chris PeBenito
10b03f376b three debian patches from manoj 2009-07-14 09:05:59 -04:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
c7dc1c7222 trunk: Allow unix_update to change the security attributes associate with files so
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
Chris PeBenito
30425aa876 trunk: 1 patch from dan. 2009-06-12 15:30:15 +00:00
Chris PeBenito
a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito
63f0a71c8a trunk: 9 patches from dan. 2009-06-01 16:03:42 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
da04234f32 trunk: 5 patches from dan. 2009-03-10 19:32:04 +00:00
Chris PeBenito
9e7a338509 trunk: su fixes from clip. 2009-01-13 19:44:23 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
59d599642e trunk: fix certwatch version number. 2009-01-06 19:33:24 +00:00
Chris PeBenito
17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito
6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito
88cf0a9c2b trunk: whitespace fix; collapse multiple blank lines into one. 2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40 trunk: Remove hierarchy from portage module as it is not a good example of hieararchy. 2008-10-15 19:56:33 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
74993c4dae trunk: 8 patches from dan. 2008-10-13 15:06:23 +00:00
Chris PeBenito
12c61f36f4 trunk: 7 patches from dan, 1 from eamon. 2008-10-06 17:27:49 +00:00
Chris PeBenito
4bdf192962 trunk: firstboot update from dan. 2008-10-02 17:32:03 +00:00
Chris PeBenito
bf9f3480e5 trunk: readahead fix from dan. 2008-09-23 13:07:28 +00:00
Chris PeBenito
21ea2b1884 trunk: firstboot update from dan. 2008-09-12 15:54:11 +00:00
Chris PeBenito
36095d11ce trunk: kudzu and mta patches from dan. 2008-09-12 14:18:20 +00:00
Chris PeBenito
e40fa634b2 trunk: Logrotate and Bind updates from Vaclav Ovsik. 2008-09-03 14:12:56 +00:00
Chris PeBenito
93f445b8c0 trunk: firstboot update from dan. 2008-08-20 19:45:39 +00:00
Chris PeBenito
3e59876583 trunk: 6 patches from the fedora policy, cherry picked by david hardeman. 2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac trunk: two small patches from dan. 2008-08-14 13:08:53 +00:00
Chris PeBenito
cc1eee1202 trunk: add an empty m4 string so the index macro is not invoked, to prevent a warning. 2008-08-12 19:30:54 +00:00
Chris PeBenito
8a948caf2b trunk: 11 more cherry picks from fedora policy, by david hardeman. 2008-08-07 14:17:50 +00:00
Chris PeBenito
d13f876df7 trunk: another patch from the fedora policy, cherry picked by david hrdeman. 2008-07-28 15:10:32 +00:00