Commit Graph

755 Commits

Author SHA1 Message Date
Chris PeBenito
134191be67 move flask dir to top level, and update them from nsa cvs. move files in
misc to top level.  make mls support work.
2005-06-01 15:40:37 +00:00
Chris PeBenito
e32d52ba47 fix xml 2005-06-01 14:17:43 +00:00
Chris PeBenito
1293184998 last fixes for cab 2005-06-01 13:51:54 +00:00
Chris PeBenito
d115b24712 more cab work 2005-05-31 23:02:11 +00:00
Chris PeBenito
3b857eae09 add some file_t interfaces, and console write 2005-05-31 21:25:45 +00:00
Chris PeBenito
b8fca44d3f initial commit 2005-05-31 20:39:15 +00:00
Chris PeBenito
4bf4ed9e68 permission set macro changes, plus more cab related work 2005-05-31 19:52:57 +00:00
Chris PeBenito
08eb9d1a33 fix tmpfs assoc call 2005-05-31 13:45:37 +00:00
Chris PeBenito
f5c42bd80b many fixes from cab work 2005-05-30 21:17:20 +00:00
Chris PeBenito
32e53ac1b8 cleanup inspired by sediff 2005-05-27 21:56:01 +00:00
Chris PeBenito
16e9b0cb6b rpmbuild_t is not a system domain. also mark it as most likely dead. 2005-05-27 21:29:54 +00:00
Chris PeBenito
c6fd1f85ba restructure users, and add signalling 2005-05-27 20:44:05 +00:00
Chris PeBenito
07da0af7bd tmpfs associate for redhat 2005-05-27 20:43:37 +00:00
Chris PeBenito
dd31631500 fix ordering and put in var_lib_t 2005-05-27 20:29:17 +00:00
Chris PeBenito
d490eb6b5c fixes from cab 2005-05-26 20:38:45 +00:00
Chris PeBenito
c220381539 initial commit 2005-05-26 15:50:53 +00:00
Chris PeBenito
efd8ede34d many fixes from cab testing 2005-05-25 20:58:21 +00:00
Chris PeBenito
10abae75d9 initial commit 2005-05-25 19:52:21 +00:00
Chris PeBenito
cbeef67c1c cleanup 2005-05-24 22:22:26 +00:00
Chris PeBenito
3b3bf871a7 cleanup 2005-05-24 21:41:29 +00:00
Chris PeBenito
6f3dab294e initial commit 2005-05-24 21:32:34 +00:00
Chris PeBenito
7d7a36af98 initial commit 2005-05-24 21:23:39 +00:00
Chris PeBenito
e7fcdc6d2f fix the object class in process transition interfaces 2005-05-24 20:45:27 +00:00
Chris PeBenito
c907b3e2c7 cleanup for corenetwork interface generation 2005-05-24 17:34:29 +00:00
Chris PeBenito
dc771ff40e another cleanup pass 2005-05-24 15:55:57 +00:00
Chris PeBenito
6276f10155 instead of using macros to drop out non-macro calls during corenetwork
interface generation, use grep to get the macro calls and feed to m4
2005-05-24 15:52:57 +00:00
Chris PeBenito
992aba5f15 initial commit 2005-05-23 17:56:47 +00:00
Chris PeBenito
6b48fd013c stuff from rpm 2005-05-23 17:56:35 +00:00
Chris PeBenito
57440fb076 add dontaudit shadow_t getattr 2005-05-23 17:56:26 +00:00
Chris PeBenito
957e269eb2 fix tmpfs associate infoflow 2005-05-23 17:56:00 +00:00
Chris PeBenito
39255175ca move in stuff from rpm 2005-05-23 17:01:51 +00:00
Chris PeBenito
15a9613ca4 add ldconfig and rpm transitions 2005-05-23 15:51:33 +00:00
Chris PeBenito
162a57e583 add missing xml 2005-05-23 15:50:12 +00:00
Chris PeBenito
46410fd2b9 add tmpfsfile support 2005-05-23 15:49:31 +00:00
Chris PeBenito
1c9f9a50df add signull all domains 2005-05-23 15:49:03 +00:00
Chris PeBenito
3000a31552 make transition on shell work 2005-05-23 15:48:45 +00:00
Chris PeBenito
c4309768f1 add transitions 2005-05-23 15:47:13 +00:00
Chris PeBenito
48e0dbd63e add ldconfig 2005-05-23 15:45:53 +00:00
Chris PeBenito
e32c0d3b86 add mls sensitivity to genfscon, initial sids and fs_use 2005-05-20 20:43:18 +00:00
Chris PeBenito
0d0d2bafd6 add mls port support 2005-05-20 20:23:25 +00:00
Chris PeBenito
085faa06ff add xml comments to generated sections, and add mls support to interfaces
and nodes
2005-05-20 20:07:42 +00:00
Chris PeBenito
daa0e0b01f add xml comments to interfaces, convert over userdomain stuff 2005-05-19 21:06:06 +00:00
Chris PeBenito
bee546bfd4 add context template to support mls 2005-05-18 21:02:15 +00:00
Chris PeBenito
26c87e0c42 add userdomain:fd use 2005-05-18 21:00:56 +00:00
Chris PeBenito
490639cd57 add a xml comment 2005-05-18 21:00:30 +00:00
Chris PeBenito
2e77b29e67 add xml 2005-05-18 21:00:00 +00:00
Chris PeBenito
494e988f80 fix xml 2005-05-18 20:59:38 +00:00
Chris PeBenito
8623d5b854 move run_init to selinux, as it is part of policycoreutils 2005-05-18 16:03:54 +00:00
Chris PeBenito
1786071159 rename some selinuxfs interfaces for more clarity 2005-05-18 13:22:37 +00:00
Chris PeBenito
ef373408a6 add source policy interfaces 2005-05-18 13:21:28 +00:00
Chris PeBenito
5817e3a820 add renice all domains 2005-05-18 13:21:00 +00:00
Chris PeBenito
759ba0a459 add get all filesystems quotas 2005-05-18 13:20:38 +00:00
Chris PeBenito
76bff31d96 add admin template 2005-05-18 13:20:16 +00:00
Chris PeBenito
c3dff2e0a2 add device_node:{ chr_file blk_file } getattr; 2005-05-18 13:19:51 +00:00
Chris PeBenito
4d8ddf9a4f start adding admin template 2005-05-18 13:18:49 +00:00
Chris PeBenito
dd14d0d892 change read_shared_libraries to use_shared_libraries, since the execute
permission is checked when using shared libs to execute code in them, which
is not the same as just reading the shared libs.
2005-05-17 15:32:52 +00:00
Chris PeBenito
650e75c57d initial commit 2005-05-16 21:11:26 +00:00
Chris PeBenito
b16c6b8c32 start adding user domains. fix ttynode and ptynode handling, as they're
more then user terminals (at least ptynode is).  start adding XML comments
2005-05-16 21:10:33 +00:00
Chris PeBenito
c6a3a22457 add more parts to send_mail and drop transition since its more then a transition 2005-05-13 20:52:28 +00:00
Chris PeBenito
ff31386090 move make_{daemon,init,system}_domain to init to fix type_transition'ing 2005-05-13 20:21:50 +00:00
Chris PeBenito
24a7ae1a5a add lvm.fc, and move relevant entries to devices.fc and storage.fc 2005-05-13 15:03:19 +00:00
Chris PeBenito
7bba9d317a pile of updates 2005-05-13 14:37:13 +00:00
Chris PeBenito
1bde8321dd initial commit 2005-05-13 14:36:35 +00:00
Chris PeBenito
075c4fdaf1 additions for cron and mta 2005-05-12 20:50:09 +00:00
Chris PeBenito
fd9deeb8ee reorg and a fix 2005-05-12 20:49:39 +00:00
Chris PeBenito
d18e3d73bb add crontab 2005-05-11 20:55:40 +00:00
Chris PeBenito
fb1aee72f4 add iface creating private logs 2005-05-11 20:54:14 +00:00
Chris PeBenito
d25dd9c1c2 add make temporary_file and daemon_runtime_file 2005-05-11 19:36:36 +00:00
Chris PeBenito
38e24ae49e add files_make_temporary_file and remove type attribute from
create_private_tmp
2005-05-11 19:21:40 +00:00
Chris PeBenito
0b1af28713 fix logging_make_log_file use 2005-05-11 19:11:14 +00:00
Chris PeBenito
23caa6d147 initial commit 2005-05-11 19:05:50 +00:00
Chris PeBenito
24280a524d updates needed for cron 2005-05-11 19:05:15 +00:00
Chris PeBenito
3ec805f7e5 add read and search for etc_t:dir 2005-05-11 16:48:10 +00:00
Chris PeBenito
118186e3dc make a reasonable lib_t interface 2005-05-11 15:46:51 +00:00
Chris PeBenito
1832271029 reorder for more consistency 2005-05-11 15:22:28 +00:00
Chris PeBenito
dec1686f0b oops 2005-05-10 20:25:20 +00:00
Chris PeBenito
6b674012fc reorder for more consistency 2005-05-10 20:24:26 +00:00
Chris PeBenito
b3416a3762 initial commit 2005-05-10 20:06:19 +00:00
Chris PeBenito
eeb2558418 leftover from netutils 2005-05-10 20:06:04 +00:00
Chris PeBenito
f8ec0ad43b initial commit 2005-05-10 19:51:00 +00:00
Chris PeBenito
63a310c8cf leftover from modutils 2005-05-10 19:50:41 +00:00
Chris PeBenito
279b555ae3 reorder to fit file context style rules 2005-05-10 19:47:37 +00:00
Chris PeBenito
0f3be6dbbb initial commit 2005-05-10 15:31:48 +00:00
Chris PeBenito
6f50b57665 use ptys 2005-05-10 15:03:56 +00:00
Chris PeBenito
2812bfac86 fix hotplug optional 2005-05-10 15:00:54 +00:00
Chris PeBenito
35b2fb4d41 add v4l_device_t 2005-05-10 14:12:10 +00:00
Chris PeBenito
46be1f32ca add printer_device_t 2005-05-10 13:59:10 +00:00
Chris PeBenito
13e94c09e4 more authlogin handling 2005-05-09 21:07:53 +00:00
Chris PeBenito
5c162193b7 move system_chkpwd to .te rather then using template, so that the
ifelse(system,..) can be eliminated
2005-05-09 21:06:51 +00:00
Chris PeBenito
cb28738d20 priv* attribute fixes for sulogin 2005-05-09 21:05:01 +00:00
Chris PeBenito
c18e825f57 unexpand can_kerberos 2005-05-09 21:03:38 +00:00
Chris PeBenito
a9a20ddaae allow all domains to use /dev/{zero,null,tty} 2005-05-09 19:55:01 +00:00
Chris PeBenito
e843cc89fd reorder restorecon and setfiles relabel rules for consistency 2005-05-09 19:06:56 +00:00
Chris PeBenito
a1f94a3441 clean up authentication attributes 2005-05-09 18:50:20 +00:00
Chris PeBenito
96b0000f1b start adding infrastructure for the constraint exceptions 2005-05-09 17:47:57 +00:00
Chris PeBenito
18f25afdf6 start adding infrastructure for the constraint exceptions 2005-05-09 17:41:29 +00:00
Chris PeBenito
c5b5a7479a cleanup 2005-05-09 15:40:56 +00:00
Chris PeBenito
5d7e8ba6fb add sulogin 2005-05-09 15:38:06 +00:00
Chris PeBenito
15e3d8e8bc initial commit 2005-05-09 13:26:33 +00:00
Chris PeBenito
8e02803ce3 add lvm_vg interfaces and do a little cleanup 2005-05-06 21:36:11 +00:00
Chris PeBenito
b2b38c78d4 initial commit 2005-05-05 21:40:32 +00:00
Chris PeBenito
ec81ecb30c add read fonts 2005-05-05 21:36:53 +00:00
Chris PeBenito
44a43b680b interfaces needed for clock 2005-05-05 21:19:18 +00:00
Chris PeBenito
2274f9ae4a initial commit 2005-05-05 21:18:27 +00:00
Chris PeBenito
0fef98c405 add legacy read locale 2005-05-05 20:33:35 +00:00
Chris PeBenito
ebf7600f20 cleanup 2005-05-05 19:04:51 +00:00
Chris PeBenito
bbd6a62111 convert over to system_domain, plus a couple init cleanups 2005-05-05 18:30:00 +00:00
Chris PeBenito
4fc91539f6 initial commit 2005-05-05 17:44:36 +00:00
Chris PeBenito
d0eddb6b0d add in system_domain 2005-05-05 17:44:11 +00:00
Chris PeBenito
f66a1af94b move type delcarations after attribute delcarations to fix a typeattribute
ordering issue. comment out the TODO types with a # so they don't get moved
2005-05-05 14:08:26 +00:00
Chris PeBenito
23af43bfef fix depends 2005-05-05 14:02:32 +00:00
Chris PeBenito
df431c87fb add missing copyright and policy_module lines 2005-05-05 14:01:59 +00:00
Chris PeBenito
f1470e5ede rules picked up from sediff 2005-05-04 21:44:51 +00:00
Chris PeBenito
849380bd9a add usermanage 2005-05-04 19:15:13 +00:00
Chris PeBenito
1e5c2a416a more conversion 2005-05-04 17:01:46 +00:00
Chris PeBenito
bd202fe157 clean up interfaces for new binary module optional structure 2005-05-04 13:19:47 +00:00
Chris PeBenito
f1578d05a9 stuff from sysnetwork 2005-05-04 13:16:34 +00:00
Chris PeBenito
0bc32e04de a few more copied over 2005-05-04 13:16:09 +00:00
Chris PeBenito
0d7ad32935 start moving in dhcpc and ifconfig 2005-05-04 13:14:48 +00:00
Chris PeBenito
75a10baf44 add in pam console 2005-05-03 21:04:20 +00:00
Chris PeBenito
b2e0625ca1 more conversion due to new interfaces 2005-05-03 20:44:35 +00:00
Chris PeBenito
3ce6cb4a45 fill pam and utempter authlogin policy and fix up interfaces 2005-05-03 20:23:33 +00:00
Chris PeBenito
07d6e32f44 reorg run_init a little, and add a convert to a few new interfaces 2005-05-02 21:02:14 +00:00
Chris PeBenito
ab64c30fc3 add newrole:fd use 2005-05-02 21:01:31 +00:00
Chris PeBenito
3a9aef9246 updates 2005-05-02 21:01:08 +00:00
Chris PeBenito
6b93833ba0 initial commit 2005-05-02 19:24:29 +00:00
Chris PeBenito
25baab18d1 switch over to tunable_policy and optional_policy 2005-05-02 19:22:58 +00:00
Chris PeBenito
f360f82f54 fix stupid _depend define errors (s/ifdef/define/g) 2005-05-02 19:19:06 +00:00
Chris PeBenito
67484fced4 add ignore read system state 2005-05-02 18:42:33 +00:00
Chris PeBenito
de2cee6817 add tty_device_t and devpts_t chr_file interfaces 2005-05-02 18:42:10 +00:00
Chris PeBenito
dfaf6c2ad8 add authlogin_read_pam_runtime_data and cleanup interfaces 2005-05-02 18:41:20 +00:00
Chris PeBenito
9f2f9e6dfe add ignore read rootfs file 2005-05-02 18:40:42 +00:00
Chris PeBenito
d0b6abebb9 add in use and ignore use init control channel interfaces 2005-05-02 18:40:05 +00:00
Chris PeBenito
ba7740d145 handful of changes 2005-05-02 18:38:02 +00:00
Chris PeBenito
c3c58c5d8e move in rule from hotplug 2005-05-02 18:37:24 +00:00
Chris PeBenito
1b909968df add in missing policy_module line 2005-05-02 18:36:51 +00:00
Chris PeBenito
fc83dba9a0 domains not needed for execute interface 2005-05-02 18:36:11 +00:00
Chris PeBenito
85bd7f1ffa add in transition and execute interfaces, and newrole sigchld interface 2005-05-02 18:18:45 +00:00
Chris PeBenito
5eafc37492 add append to /dev/null write 2005-05-02 15:42:20 +00:00
Chris PeBenito
e9a6fcb8f1 fix privfd 2005-04-29 21:00:40 +00:00
Chris PeBenito
4472f3ec01 doh 2005-04-29 21:00:29 +00:00
Chris PeBenito
7009881cc0 add in missing devices 2005-04-29 20:35:49 +00:00
Chris PeBenito
05a5cdccc3 add a few missing ports, and ppp_device_t 2005-04-29 20:22:04 +00:00
Chris PeBenito
a7ed44d531 initial commit 2005-04-29 20:16:38 +00:00
Chris PeBenito
a2d8246bf6 make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00
Chris PeBenito
07efe969fe initial local login commit 2005-04-28 19:50:58 +00:00
Chris PeBenito
ee5772e455 add bulk of selinux module policy, and add required interfaces 2005-04-28 18:59:01 +00:00
Chris PeBenito
f9cfa192a4 minor fixes 2005-04-28 18:58:39 +00:00
Chris PeBenito
b5860610b4 missed that sysctl_dev is a dir too 2005-04-28 15:52:42 +00:00
Chris PeBenito
3009816bcd convert over optional policy to optional_policy macro 2005-04-28 15:48:27 +00:00
Chris PeBenito
55a46da18a add console setattr if 2005-04-28 15:47:50 +00:00
Chris PeBenito
4fbd2ee111 remove entrypoint assertion 2005-04-28 15:46:53 +00:00
Chris PeBenito
4600e08867 reorganize the policy 2005-04-28 15:46:23 +00:00
Chris PeBenito
dfb86adde5 initial commit 2005-04-28 15:45:32 +00:00
Chris PeBenito
b5ab18b3f1 initial commit 2005-04-28 13:41:37 +00:00
Chris PeBenito
55f4564e31 start merging in rules from daemon domain 2005-04-27 21:56:41 +00:00
Chris PeBenito
889c9a9789 add init_t:fd use interface and initrc pty rw interface 2005-04-27 21:56:12 +00:00
Chris PeBenito
bcd35991d1 daemon domain allows noatsecure siginh rlimitinh, not dontaudit 2005-04-27 21:55:18 +00:00
Chris PeBenito
8119850297 add console dontaudit 2005-04-27 21:54:39 +00:00
Chris PeBenito
3016a9ff95 initial commit 2005-04-26 21:12:52 +00:00
Chris PeBenito
f9438fdfd1 add search all dirs 2005-04-26 21:12:32 +00:00
Chris PeBenito
e064a64b0e move system_chkpwd to fix ordering issue with checkpolicy 2005-04-26 21:10:11 +00:00
Chris PeBenito
8beec89d27 add legacy lib use 2005-04-26 19:10:29 +00:00
Chris PeBenito
960373dddd add module statement macro and entrypoint executable attribute to replicate
can_exec($1,exec_type)
2005-04-26 17:00:25 +00:00
Chris PeBenito
94edcc5c83 fix tmp_domain 2005-04-25 21:44:48 +00:00
Chris PeBenito
5f75f56066 move modules_object_t back to bootloader 2005-04-25 21:32:09 +00:00
Chris PeBenito
91a7ab6cb3 add sysnetwork 2005-04-25 21:28:25 +00:00
Chris PeBenito
b303042477 add missing transition dontaudits 2005-04-25 21:07:59 +00:00
Chris PeBenito
549180e874 initial commit 2005-04-25 20:13:45 +00:00
Chris PeBenito
219bcf7a8f attack with sediff, make fs:getattr interfaces consistent, create init and
daemon domains
2005-04-25 19:54:27 +00:00
Chris PeBenito
a266e3cc83 restructure kernel module to be consistent with other module ordering. put
in missing rules.  fix naming problems
2005-04-25 16:11:21 +00:00
Chris PeBenito
343a231d5f reorg 2005-04-22 22:00:09 +00:00
Chris PeBenito
22e1131e23 fix te trans error 2005-04-22 22:00:02 +00:00
Chris PeBenito
8a0da1086c make getattr and setattr interfaces and make naming consistent 2005-04-22 19:31:32 +00:00
Chris PeBenito
33bc0dd994 clean up some filesystem assoc 2005-04-21 22:46:49 +00:00
Chris PeBenito
0e730cc8e1 complete corenetwork 2005-04-21 21:53:15 +00:00
Chris PeBenito
1f7b37c585 insmod can be run directly from kernel; fix update_modules errors 2005-04-21 21:35:45 +00:00
Chris PeBenito
9eb5e812fe exec and transition interfaces, plus include mod object symlinks in reading modules 2005-04-21 21:34:47 +00:00
Chris PeBenito
32b5029cc5 uncomment test file 2005-04-21 21:34:08 +00:00
Chris PeBenito
5a95221115 add devlog_t symlink to loggers 2005-04-21 21:33:50 +00:00
Chris PeBenito
bf9e1e3f72 logging and modutils updates 2005-04-21 21:32:54 +00:00
Chris PeBenito
033c80e683 rename files_manage_general_lock_files() to more appropriate files_manage_system_lock_files() 2005-04-21 13:35:01 +00:00
Chris PeBenito
7c5d78fbca more insmod work, bring in depmod and update_modules 2005-04-20 21:00:01 +00:00
Chris PeBenito
bd76460f61 more comments 2005-04-20 19:14:56 +00:00
Chris PeBenito
e181fe05d8 add copyright statement 2005-04-20 19:07:16 +00:00
Chris PeBenito
0154356271 initial commit 2005-04-20 13:24:10 +00:00
Chris PeBenito
879b00fe60 initial commit 2005-04-19 21:08:13 +00:00
Chris PeBenito
67e2ff428c initial commit 2005-04-19 20:51:05 +00:00
Chris PeBenito
f0872d22b4 add cap sys_rawio to raw memory access interfaces 2005-04-19 20:47:29 +00:00
Chris PeBenito
c4890efc00 add per-userdomain template, and shadow_t interfaces 2005-04-19 20:45:54 +00:00
Chris PeBenito
3ba13bbf03 add all types for this module 2005-04-19 20:45:24 +00:00
Chris PeBenito
4ddc1abd78 add all types for this module, and add klogd policy 2005-04-19 20:44:52 +00:00
Chris PeBenito
8c77177b75 add interface to send syslog messages 2005-04-19 20:44:07 +00:00
Chris PeBenito
5050e500fe use interface to send syslog messages 2005-04-19 20:43:44 +00:00
Chris PeBenito
b470e3896b initial commit 2005-04-19 20:42:32 +00:00
Chris PeBenito
f0578249d1 reorganize and add rootfs dontaudits 2005-04-19 18:58:16 +00:00
Chris PeBenito
7aebdb853d add rootfs dontaudits for use in init.te 2005-04-19 18:57:13 +00:00
Chris PeBenito
053f6a200a add dontaudit fs getattr 2005-04-19 18:56:47 +00:00
Chris PeBenito
5496553038 kernel can load modules 2005-04-19 13:52:45 +00:00
Chris PeBenito
7f89c7efc6 hold off on improving 2005-04-19 13:46:06 +00:00
Chris PeBenito
1ea98d0407 remove relabeling privilege for now 2005-04-18 20:27:16 +00:00
Chris PeBenito
57d236548b move assert.te here 2005-04-18 20:17:25 +00:00
Chris PeBenito
5d78128fda add interface to associate to filesystems w/o xattr. allow regular files to
associate to no xattr filesystems
2005-04-16 17:20:59 +00:00
Chris PeBenito
70dcf798e9 add boot_runtime_t 2005-04-16 17:18:34 +00:00
Chris PeBenito
b4cd153394 initial commit 2005-04-14 20:18:17 +00:00