Commit Graph

42 Commits

Author SHA1 Message Date
Dan Walsh
c2dae98501 Allow a couple of sandbox issues.
Remove postgresl managing of etc_files, until I find out why it is needed.
Dontaudit leaks from rpm to mount
2010-09-14 10:02:43 -04:00
Dan Walsh
3034a8d941 Fix some names in passenger policy 2010-09-13 10:26:10 -04:00
Dan Walsh
cbadf720ba Merge branch 'master' of http://oss.tresys.com/git/refpolicy
Conflicts:
	policy/modules/kernel/domain.if
	policy/modules/services/xserver.te
2010-09-01 14:11:18 -04:00
Dan Walsh
3fdb12decd Allow prelink to read dbus config/Broken
nsplugin_config wants the kernel to load modules for it.
mount writes into livecd_tmp_t directories
2010-08-31 08:54:18 -04:00
Dan Walsh
898c0de0b7 merge latest upstream 2010-08-30 13:41:40 -04:00
Dan Walsh
3eaa993945 UPdate for f14 policy 2010-08-26 09:41:21 -04:00
Chris PeBenito
76a9fe96e4 Module version bumps and changelog for devtmpfs patchset. 2010-08-25 11:19:27 -04:00
Chris PeBenito
0d24805fd0 Trivial tweaks to devtmpfs patches. 2010-08-25 11:18:25 -04:00
Jeremy Solt
2fc79f1ef4 Early devtmpfs access
dontaudit attempts to read/write device_t chr files occurring before udev relabel
allow init_t and initrc_t read/write on device_t chr files (necessary to boot without unconfined)

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
2010-08-25 11:01:27 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
f0e959b4d2 fix ordering in mount. 2009-08-05 10:16:41 -04:00
Chris PeBenito
33322290f2 automount patch from dan. 2009-07-29 08:59:26 -04:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito
12cf805e1c trunk: add basic ubuntu support 2008-02-05 18:24:43 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
dd9e1de35e trunk: Improve several tunables descriptions from Dan Walsh. 2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito
c0cf6e0a6e trunk: clean up nsswitch usage, from dan. 2007-12-04 15:05:55 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito
f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito
d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito
116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Chris PeBenito
a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito
0d96ff339e misc fixes 2006-09-13 14:23:04 +00:00
Chris PeBenito
eac818f040 patch from dan Thu, 31 Aug 2006 15:16:30 -0400 2006-09-01 15:52:05 +00:00
Chris PeBenito
a5e2133bc8 patch from dan Wed, 23 Aug 2006 14:03:49 -0400 2006-08-29 02:41:00 +00:00
Chris PeBenito
33c7e6b4e8 remove dead selopt rules 2006-08-15 20:00:58 +00:00
Chris PeBenito
17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00