rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4,962 Commits 8 Branches 95 Tags 37 MiB
79355670f4
Commit Graph

4962 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
afbab5a372 - Support for fuse 
- fix vigr
 2006-09-27 23:56:21 +00:00
Daniel J Walsh
bfd584d6c7 - Fix dovecot, amanda 
- Fix mls
 2006-09-27 20:59:46 +00:00
Daniel J Walsh
201e1d333f - Fix dovecot, amanda 2006-09-27 19:49:43 +00:00
Daniel J Walsh
d25a3eebb6 - Allow java execheap for itanium 2006-09-26 20:41:36 +00:00
Daniel J Walsh
a76cf8a10b - Update with upstream 2006-09-26 14:59:58 +00:00
Chris PeBenito
693d4aedb5 patch from dan Fri, 22 Sep 2006 16:30:34 -0400 2006-09-25 18:53:06 +00:00
Daniel J Walsh
857ce15e7f - mls fixes 2006-09-25 15:58:33 +00:00
Daniel J Walsh
85bd855811 - Update from upstream 2006-09-22 20:41:12 +00:00
Chris PeBenito
8708d9bef2 patch from dan Wed, 20 Sep 2006 12:12:49 -0400 2006-09-22 17:14:35 +00:00
Daniel J Walsh
8d52bdbe62 - More fixes for mls 
- Revert change on automount transition to mount
 2006-09-22 14:21:35 +00:00
Daniel J Walsh
5ec822a112 - Fix cron jobs to run under the correct context 2006-09-21 23:05:49 +00:00
Chris PeBenito
a9e03b3752 * add a macro for generating category declarations 
* fix userdom_search_all_users_home_content() to use search_dir_perms;
* change ssh daemon macro to use userdom_search_all_users_home_dirs() instead of _home_content()
 2006-09-21 15:48:15 +00:00
Daniel J Walsh
cc9afdc096 - Fixes to make pppd work 2006-09-19 21:10:48 +00:00
Daniel J Walsh
b4815d027f - Fixes to make pppd work 2006-09-19 19:14:48 +00:00
Chris PeBenito
bf469d7669 gentoo testing fixes 2006-09-19 17:02:29 +00:00
Daniel J Walsh
c56aa106dc - Multiple policy fixes 
- Change max categories to 1023
 2006-09-19 14:59:46 +00:00
Daniel J Walsh
b8c78504ab - Fix transition on mcstransd 2006-09-16 12:06:36 +00:00
Daniel J Walsh
38b22ca261 - Add /dev/em8300 defs 2006-09-15 20:59:56 +00:00
Chris PeBenito
cf7af137c0 add mls fd constraints 2006-09-15 19:05:03 +00:00
Daniel J Walsh
3f1bb62fc8 - Upgrade to upstream 2006-09-15 18:28:09 +00:00
Daniel J Walsh
f511de4575 - Upgrade to upstream 2006-09-15 18:03:54 +00:00
Daniel J Walsh
60792f9cd0 - Fix ppp connections from network manager 2006-09-15 16:39:25 +00:00
Daniel J Walsh
588fb9dab1 - Fix ppp connections from network manager 2006-09-15 16:22:25 +00:00
Daniel J Walsh
5f2a4e5d4f - Fix ppp connections from network manager 2006-09-15 12:44:15 +00:00
Chris PeBenito
2b571d6880 common users list inotifyfs 2006-09-14 18:19:04 +00:00
Chris PeBenito
1a79cf0508 add -E to python commands 2006-09-13 19:10:53 +00:00
Chris PeBenito
9dfbd81493 forgot to bump policy vers 2006-09-13 18:42:49 +00:00
Chris PeBenito
73ca55d311 patches from erich Wed, 13 Sep 2006 16:18:18 +0200 2006-09-13 18:35:10 +00:00
Chris PeBenito
2cac32a605 fix miscfiles_read_localization() 2006-09-13 18:08:17 +00:00
Chris PeBenito
0d96ff339e misc fixes 2006-09-13 14:23:04 +00:00
Daniel J Walsh
861af1c0df - Add tty access to all domains boolean 
- Fix gnome-pty-helper context for ia64
 2006-09-13 12:00:21 +00:00
Daniel J Walsh
9fbb713e0e - Fixed typealias of firstboot_rw_t 2006-09-11 20:56:05 +00:00
Chris PeBenito
376fbc0be9 clean up usercanread 2006-09-11 18:23:09 +00:00
Chris PeBenito
b1bf2f7811 add last bit of role infrastructure 2006-09-11 15:26:25 +00:00
Chris PeBenito
95b8223eed cleanups 2006-09-08 17:21:28 +00:00
Daniel J Walsh
8b6c3732d7 - Fix location of xel log files 
- Fix handling of sysadm_r -> rpm_exec_t
 2006-09-08 17:10:41 +00:00
Daniel J Walsh
1ef9d40e46 - Fixes for autofs, lp 2006-09-07 19:15:29 +00:00
Chris PeBenito
bbcd3c97dd add main part of role-o-matic 2006-09-06 22:07:25 +00:00
Daniel J Walsh
937c1cc4df - Update from upstream 2006-09-06 18:29:35 +00:00
Chris PeBenito
75beb95014 patch from dan Tue, 05 Sep 2006 17:06:06 -0400 2006-09-06 16:36:23 +00:00
Daniel J Walsh
57075ee245 - Fixup for test6 2006-09-05 21:13:31 +00:00
Daniel J Walsh
66ca8d0003 - Fixup for test6 2006-09-05 20:19:56 +00:00
Daniel J Walsh
4bf7cf3e30 - Fixup for test6 2006-09-05 19:45:07 +00:00
Chris PeBenito
91dabf4d78 fix up usb.ids per distro 2006-09-05 14:31:27 +00:00
Chris PeBenito
686f11c22c add corenetwork.if dependency on corenetwork.te.in, since it is used to build the .if file 2006-09-05 14:29:37 +00:00
Daniel J Walsh
efb08979c0 - Update to upstream 2006-09-05 12:03:37 +00:00
Chris PeBenito
13d7cec671 patch from erich Sat, 02 Sep 2006 03:37:44 +0200 2006-09-04 18:22:12 +00:00
Chris PeBenito
5dbda5558a patch from dan Fri, 01 Sep 2006 15:45:24 -0400 2006-09-04 15:15:35 +00:00
Daniel J Walsh
928af41d8b - Update to upstream 2006-09-01 19:45:39 +00:00
Chris PeBenito
9b45c60308 This patch adds a polmatch avperm to arbitrate flow/state's access to 
a xfrm policy. It also defines MLS policy for association { sendto,
recvfrom, polmatch }.

NOTE: When an inbound packet is not using an IPSec SA, a check is performed
between the socket label and the unlabeled sid (SYSTEM_HIGH MLS label). For
MLS purposes however, the target of the check should be the MLS label taken
from the node sid (or secmark in the new secmark world). This would present
a severe performance overhead (to make a new sid based on the unlabeled sid
with the MLS taken from the node sid or secmark and then using this sid as
the target). Pending reconciliation of the netlabel, ipsec and iptables contexts,
I have chosen to currently make an exception for unlabeled_t SAs if TE policy
allowed it. A similar problem exists for the outbound case and it has been similarly
handled in the policy below (by making an exception for unlabeled_t).

I am submitting the below limited patch pending a comprehensive patch from
Joy Latten at IBM (latten@austin.ibm.com).

I am not sure if I needed to manually do a "make tolib" in the flask subdir
and submit the results as well. Please let me know if I needed to.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
 2006-09-01 17:06:53 +00:00