Commit Graph

221 Commits

Author SHA1 Message Date
Chris PeBenito
888d9e4652 Improve the documentation of ubac_constrained(). 2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e Improve the documentation of devices interfaces:
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69 Improve filesystem interfaces:
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
7cf2858e4a Improve the documentation of files interfaces:
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
42eb0f10a9 Improve the documentation of corenetwork interfaces
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
3a744d1275 Improve documentation of corecmd_exec_bin() and corecmd_exec_shell(). 2010-02-26 08:58:32 -05:00
Chris PeBenito
7a0c0b4088 Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks(). 2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4 Add additional documentation to files_type(). 2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e Rearrange files interfaces. 2010-02-25 08:32:22 -05:00
Chris PeBenito
fca4a96bae Improve documentation on files_read_etc_files(). 2010-02-24 15:20:03 -05:00
Chris Richards
68cda59844 Add MySQL Manager to MySQL policy module
Second submission to fix mistakes from first.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
2f84a77d22 Syslog fixes from Gentoo. 2010-02-17 20:33:53 -05:00
Chris PeBenito
8b8501991e Clean up leaked portage file descriptors. 2010-02-17 20:33:31 -05:00
Chris PeBenito
a513794b4c Chronyd from Miroslav Grepl. 2010-02-16 14:53:59 -05:00
Chris PeBenito
c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito
21673b238a Hal patch from Dan Walsh. 2010-02-11 08:42:00 -05:00
Chris PeBenito
3079cbceb1 Virt/svirt patch from Dan Walsh. 2010-02-09 10:28:17 -05:00
Chris PeBenito
27eab81f2f Misc fixes for 1031ee6. 2010-02-08 13:38:48 -05:00
Chris PeBenito
7d2f96783c Module version number bump for 1031ee6. 2010-02-08 13:37:42 -05:00
Dominick Grift
1031ee6f6a Implement cobblerd policy.
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.

Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.

As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.

Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
Chris PeBenito
e526fca176 Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl. 2010-02-08 11:29:12 -05:00
Chris PeBenito
d2acef78f4 Inetd patch from Dan Walsh. 2010-01-08 10:36:49 -05:00
Chris PeBenito
32f27a7489 asterisk patch from Dan Walsh. 2009-12-18 10:37:52 -05:00
Chris PeBenito
b84d6ec491 smartmon patch from Dan Walsh. 2009-12-18 10:33:50 -05:00
Chris PeBenito
e21162e471 Kdump reads the kernel core. 2009-11-25 10:04:40 -05:00
Chris PeBenito
dccbb80cb0 Whitespace cleanup. 2009-11-24 11:11:38 -05:00
Chris PeBenito
910b1d8ecb Files patch from Dan Walsh. 2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020 Corecommands patch from Dan Walsh. 2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00 Filesystem patch from Dan Walsh. 2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557 Add terminal patch from Dan Walsh. 2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42 Add devices patch from Dan Walsh. 2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0 Add kernel patch from Dan Walsh 2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785 Add storage patch, from Dan Walsh. 2009-11-19 09:03:36 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf adding puppet configuration management system
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
808341bb9b revise MCS constraints to use only MCS-specific attributes. 2009-10-07 11:48:14 -04:00
Chris PeBenito
f67bc918d4 term_write_all_terms() patch from Stefan Schulze Frielinghaus 2009-09-08 10:06:38 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
78a9c2815d add bin_t labeling for gentoo dhcpcd-run-hooks location 2009-07-30 09:34:00 -04:00
Chris PeBenito
105e85ac8e /dev/fuse should be s0 not mls_high
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device.  Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs.  It will also make it unusable I
believe on an MLS machine.  Mostly I have seen fusefs used for remote
access to data.  sshfs for example.
2009-07-29 11:08:50 -04:00
Chris PeBenito
9de7c1706d hal patch from dan. 2009-07-27 10:18:50 -04:00
Chris PeBenito
06625d302c mozilla patch from dan. 2009-07-27 09:11:12 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
5271dd30bc module version bump for 9b1907b217 2009-07-21 10:07:10 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
edb7b90d89 add kismet and pulseaudio ports. fix sorting of ports. 2009-07-20 11:17:31 -04:00