Jeremy Solt
d8642cad29
readahead patch from Dan Walsh
...
Edits:
- Removed files_dontaudit_read_security_files and fs_dontaudit_read_tmpfs_blk_dev interface calls
2010-05-24 13:08:08 -04:00
Chris PeBenito
ff1cae1f5e
Move line in logrotate; module version bump.
2010-05-24 13:08:08 -04:00
Jeremy Solt
b8c9879a8c
logrotate patch from Dan Walsh
2010-05-24 13:08:08 -04:00
Jeremy Solt
fdc0d0f77c
vpn patch from Dan Walsh
...
Edits:
- Removed userdom_read_home_certs
2010-05-24 13:08:08 -04:00
Jeremy Solt
2483d7ae56
Replace apache_delete_cache with apache_delete_cache_files in tmpreaper.te
2010-05-24 13:08:07 -04:00
Jeremy Solt
8daddcf37e
tmpreaper patch from Dan Walsh
2010-05-24 13:08:07 -04:00
Jeremy Solt
7605d2738c
Remove call to nagios_rw_inherited_tmp_files
2010-05-24 13:08:07 -04:00
Jeremy Solt
44dc1b9c21
netutils patch from Dan Walsh
...
Edits:
- Dropping term_use_all_terms and user_ping tunables for ping and traceroute
- Whitespace fixes
2010-05-24 13:08:07 -04:00
Chris PeBenito
9fe1b540b8
Prelink patch from Dan Walsh.
2010-05-20 08:54:51 -04:00
Chris PeBenito
16070400a8
RPM patch from Dan Walsh.
2010-05-11 11:11:40 -04:00
Chris PeBenito
4fbcd778de
Iptables patch from Dan Walsh.
2010-03-18 08:10:21 -04:00
Chris PeBenito
c6491af860
Module version bump for d12f18e
.
2010-03-16 14:34:50 -04:00
Jeremy Solt
d12f18e452
Change kernel_load_module to kernel_request_load_module from Dan Walsh
2010-03-16 13:44:52 -04:00
Chris PeBenito
fad6e761bf
Whitespace fix for mcelog.
2010-03-16 13:15:38 -04:00
Chris PeBenito
580279da88
Module version bump for 74b51e6
.
2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7
Whitespace fixes for smoltclient.
2010-03-16 13:11:53 -04:00
Jeremy Solt
1484157201
mcelog policy from Dan Walsh
...
Me: Removed permissive line, and fixed a couple style issues
2010-03-16 11:47:07 -04:00
Jeremy Solt
74b51e6db2
Firstboot sends dbus messages from Dan Walsh
...
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd
Policy for smolt sendProfile client from Dan Walsh
2010-03-16 11:37:56 -04:00
Chris PeBenito
37e2499ed1
Module version bump for 1d3d00b
.
2010-03-12 11:43:09 -05:00
Chris PeBenito
9e506eb236
Rearrange lines in alsa an mysql.
2010-03-12 08:59:23 -05:00
Jeremy Solt
1d3d00b279
Manage alsa writable config files interface from Dan Walsh
...
Moved term_dontaudit_use_console for style.
2010-03-12 08:54:29 -05:00
Chris PeBenito
547d62ea9e
Module version bump for ddae1cc
.
2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec
Creates sock files in /tmp, reads network state. - From Dan Walsh
...
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
2010-03-09 09:32:23 -05:00
Chris PeBenito
6f9c3c4895
Module version bump for 42fa15b
.
2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa
Module version bump for 3fcdc39
.
2010-03-08 10:02:58 -05:00
Chris PeBenito
e2e1b6721b
Minor style fixes.
2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75
Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764
shorewall log file from Dan Walsh
2010-03-08 09:34:37 -05:00
Chris PeBenito
fa03ecc046
Shorewall patch from Dan Walsh.
2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378
Vbetool patch from Dan Walsh.
2010-02-19 11:34:28 -05:00
Chris PeBenito
29b580ce8f
Add sectoolm by Miroslav Grepl.
2010-02-19 09:39:06 -05:00
Chris PeBenito
6a9da24987
Useradd home dir creation fix from Gentoo.
2010-02-17 20:34:23 -05:00
Chris PeBenito
15d80e3646
Misc portage fixes.
2010-02-17 20:25:39 -05:00
Chris PeBenito
05bd2f9837
Portage fixes for installing SELinux-aware programs.
2010-02-17 20:23:41 -05:00
Chris PeBenito
1322a1af4d
Remove redundant conditional user_ping terminal rules.
2010-02-11 14:35:38 -05:00
Chris PeBenito
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
Chris PeBenito
ed03a5b916
Sudo patch from Dan Walsh.
2010-02-11 09:15:45 -05:00
Chris PeBenito
ca5dc2f1cb
Consoletype patch from Dan Walsh.
2010-02-11 08:56:53 -05:00
Chris PeBenito
d913e793ae
Kismet and tzdata patches from Dan Walsh.
2009-11-25 15:12:52 -05:00
Chris PeBenito
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50
additional cleanup for e877913
.
2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf
adding puppet configuration management system
...
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
6af53d08ed
rearrange readahead rules.
2009-09-09 09:53:28 -04:00
Chris PeBenito
c1e5b195f7
readahead patch from dan.
2009-09-09 09:45:34 -04:00
Chris PeBenito
163ddfaa80
prelink patch from dan.
2009-09-09 08:18:51 -04:00
Chris PeBenito
625be1b4e6
add shorewall from dan.
2009-09-02 08:58:52 -04:00
Chris PeBenito
b2324fa76d
certwatch patch from dan.
2009-09-01 08:50:39 -04:00
Chris PeBenito
b515ab0182
mrtg patch from dan.
2009-09-01 08:44:20 -04:00
Chris PeBenito
a9e9678fc7
kismet patch from dan.
2009-08-31 09:38:47 -04:00
Chris PeBenito
aaff2fcfcd
module version number bump for tun patches
2009-08-31 09:17:31 -04:00
Paul Moore
9dc3cd1635
refpol: Policy for the new TUN driver access controls
...
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices. The policy rules for creating and attaching to a device are as
shown below:
# create a new device
allow domain_t self:tun_socket { create };
# attach to a persistent device (created by tunlbl_t)
allow domain_t tunlbl_t:tun_socket { relabelfrom };
allow domain_t self:tun_socket { relabelto };
Further discussion can be found on this thread:
* http://marc.info/?t=125080850900002&r=1&w=2
Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
62c80e2546
module version bumps and changelog update for the previous 3 commits.
2009-08-18 13:20:01 -04:00
LABBE Corentin
755c52b8f7
portage need capability sys_nice
2009-08-18 13:13:31 -04:00
Chris PeBenito
02e594d5dc
Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49 .
2009-08-05 14:19:54 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
9c47227c7a
fix ordering of interface calls in sudo.
2009-08-05 09:48:46 -04:00
Chris PeBenito
3162277ade
alsa file location update for debian, from Manoj.
2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0
whitespace fixes in apt.
2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d
clean up 6a192f70d4
2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4
Update apt/aptitude policy to add support for lock/log files
...
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
2009-07-29 15:00:39 -04:00
Chris PeBenito
41ea887598
sudo patch from dan.
2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814
readahead patch from dan.
2009-07-28 10:08:02 -04:00
Chris PeBenito
5be35f2acd
tmpreaper patch from dan.
2009-07-27 09:11:38 -04:00
Chris PeBenito
adea587572
4 patches from dan.
2009-07-20 11:34:46 -04:00
Chris PeBenito
10b03f376b
three debian patches from manoj
2009-07-14 09:05:59 -04:00
Chris PeBenito
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
Chris PeBenito
c7dc1c7222
trunk: Allow unix_update to change the security attributes associate with files so
...
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
Chris PeBenito
30425aa876
trunk: 1 patch from dan.
2009-06-12 15:30:15 +00:00
Chris PeBenito
a65fd90a50
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
Chris PeBenito
63f0a71c8a
trunk: 9 patches from dan.
2009-06-01 16:03:42 +00:00
Chris PeBenito
153fe24bdc
trunk: 5 patches from dan.
2009-04-07 14:09:43 +00:00
Chris PeBenito
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
Chris PeBenito
da04234f32
trunk: 5 patches from dan.
2009-03-10 19:32:04 +00:00
Chris PeBenito
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
Chris PeBenito
59d599642e
trunk: fix certwatch version number.
2009-01-06 19:33:24 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
6073ea1e13
trunk: whitespace fix changing multiple spaces into tabs.
2008-12-03 18:33:19 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
Chris PeBenito
88cf0a9c2b
trunk: whitespace fix; collapse multiple blank lines into one.
2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40
trunk: Remove hierarchy from portage module as it is not a good example of hieararchy.
2008-10-15 19:56:33 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
74993c4dae
trunk: 8 patches from dan.
2008-10-13 15:06:23 +00:00
Chris PeBenito
12c61f36f4
trunk: 7 patches from dan, 1 from eamon.
2008-10-06 17:27:49 +00:00
Chris PeBenito
4bdf192962
trunk: firstboot update from dan.
2008-10-02 17:32:03 +00:00
Chris PeBenito
bf9f3480e5
trunk: readahead fix from dan.
2008-09-23 13:07:28 +00:00
Chris PeBenito
21ea2b1884
trunk: firstboot update from dan.
2008-09-12 15:54:11 +00:00
Chris PeBenito
36095d11ce
trunk: kudzu and mta patches from dan.
2008-09-12 14:18:20 +00:00
Chris PeBenito
e40fa634b2
trunk: Logrotate and Bind updates from Vaclav Ovsik.
2008-09-03 14:12:56 +00:00
Chris PeBenito
93f445b8c0
trunk: firstboot update from dan.
2008-08-20 19:45:39 +00:00
Chris PeBenito
3e59876583
trunk: 6 patches from the fedora policy, cherry picked by david hardeman.
2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac
trunk: two small patches from dan.
2008-08-14 13:08:53 +00:00
Chris PeBenito
cc1eee1202
trunk: add an empty m4 string so the index macro is not invoked, to prevent a warning.
2008-08-12 19:30:54 +00:00
Chris PeBenito
8a948caf2b
trunk: 11 more cherry picks from fedora policy, by david hardeman.
2008-08-07 14:17:50 +00:00
Chris PeBenito
d13f876df7
trunk: another patch from the fedora policy, cherry picked by david hrdeman.
2008-07-28 15:10:32 +00:00