Commit Graph

297 Commits

Author SHA1 Message Date
Chris PeBenito
03a6e03926 Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t. 2010-05-03 11:17:16 -04:00
Chris PeBenito
05a2e3e2d7 Lircd patch from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito
4a8bd017aa Module version bump and extra comments for 194d61f. 2010-04-24 08:10:43 -04:00
Chris Richards
194d61fd3c modutils patch for update-modules
update-modules on Gentoo throws errors when run because it sources /etc/init.d/functions.sh, which always scans /var/lib/init.d to set SOFTLEVEL environment var.  This is never used by update-modules.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:08:15 -04:00
Jeremy Solt
e6e2a769ac Remove excess white space from ntop.te
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt
4f7b413cdc Ntop policy from Dan Walsh
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito
46e16a2d2a Use port range notation in corenetwork where it makes sense. 2010-04-13 11:55:04 -04:00
Chris PeBenito
3829eecb12 Clean up output of generated corenetwork.te. 2010-04-13 11:52:09 -04:00
Chris PeBenito
85e71c86da Fix network_port() in corenetwork to correctly handle port ranges. 2010-04-13 11:06:02 -04:00
Chris PeBenito
e399e3abea Add devtmpfs labeling. 2010-04-07 08:55:33 -04:00
Chris PeBenito
60def66b13 Second part of Apache patch from Dan Walsh. 2010-04-05 10:57:52 -04:00
Chris PeBenito
0417386142 Kernel patch from Dan Walsh. 2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502 Domain patch from Dan Walsh. 2010-03-17 10:02:07 -04:00
Chris PeBenito
827060cb04 Style fixes and module version bumps for 38fc1bd. 2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180 Likewise policy.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
e8871c2092 Add additional documentation to kernel_request_load_module(). 2010-03-16 15:08:00 -04:00
Chris PeBenito
7af0e9bc95 Filesystem patch from Dan Walsh. 2010-03-12 11:40:59 -05:00
Chris PeBenito
bd063de6c4 Fix another corenetwork typo. 2010-03-08 11:04:40 -05:00
Chris PeBenito
4af2b3fb98 Add back missing s0 on network_port(). 2010-03-08 07:59:56 -05:00
Chris PeBenito
9c709c46a1 Corenetwork patch from Dan Walsh. 2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b Corecommands patch from Dan Walsh. 2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc Devices patch from Dan Walsh. 2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba Storage patch from Dan Walsh. 2010-03-04 14:23:44 -05:00
Chris PeBenito
eeb7616f5e Corenetwork patch from Dan Walsh. 2010-03-04 13:50:46 -05:00
Chris PeBenito
4a4436a778 Add examples to documentation of common corenetwork interfaces. 2010-03-03 13:42:15 -05:00
Chris PeBenito
88daf126f2 Improve the documentation of domain interfaces:
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652 Improve the documentation of ubac_constrained(). 2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e Improve the documentation of devices interfaces:
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69 Improve filesystem interfaces:
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
7cf2858e4a Improve the documentation of files interfaces:
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
42eb0f10a9 Improve the documentation of corenetwork interfaces
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
3a744d1275 Improve documentation of corecmd_exec_bin() and corecmd_exec_shell(). 2010-02-26 08:58:32 -05:00
Chris PeBenito
7a0c0b4088 Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks(). 2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4 Add additional documentation to files_type(). 2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e Rearrange files interfaces. 2010-02-25 08:32:22 -05:00
Chris PeBenito
fca4a96bae Improve documentation on files_read_etc_files(). 2010-02-24 15:20:03 -05:00
Chris Richards
68cda59844 Add MySQL Manager to MySQL policy module
Second submission to fix mistakes from first.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
2f84a77d22 Syslog fixes from Gentoo. 2010-02-17 20:33:53 -05:00
Chris PeBenito
8b8501991e Clean up leaked portage file descriptors. 2010-02-17 20:33:31 -05:00
Chris PeBenito
a513794b4c Chronyd from Miroslav Grepl. 2010-02-16 14:53:59 -05:00
Chris PeBenito
c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito
21673b238a Hal patch from Dan Walsh. 2010-02-11 08:42:00 -05:00
Chris PeBenito
3079cbceb1 Virt/svirt patch from Dan Walsh. 2010-02-09 10:28:17 -05:00
Chris PeBenito
27eab81f2f Misc fixes for 1031ee6. 2010-02-08 13:38:48 -05:00
Chris PeBenito
7d2f96783c Module version number bump for 1031ee6. 2010-02-08 13:37:42 -05:00
Dominick Grift
1031ee6f6a Implement cobblerd policy.
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.

Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.

As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.

Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
Chris PeBenito
e526fca176 Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl. 2010-02-08 11:29:12 -05:00
Chris PeBenito
d2acef78f4 Inetd patch from Dan Walsh. 2010-01-08 10:36:49 -05:00
Chris PeBenito
32f27a7489 asterisk patch from Dan Walsh. 2009-12-18 10:37:52 -05:00
Chris PeBenito
b84d6ec491 smartmon patch from Dan Walsh. 2009-12-18 10:33:50 -05:00
Chris PeBenito
e21162e471 Kdump reads the kernel core. 2009-11-25 10:04:40 -05:00
Chris PeBenito
dccbb80cb0 Whitespace cleanup. 2009-11-24 11:11:38 -05:00
Chris PeBenito
910b1d8ecb Files patch from Dan Walsh. 2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020 Corecommands patch from Dan Walsh. 2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00 Filesystem patch from Dan Walsh. 2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557 Add terminal patch from Dan Walsh. 2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42 Add devices patch from Dan Walsh. 2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0 Add kernel patch from Dan Walsh 2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785 Add storage patch, from Dan Walsh. 2009-11-19 09:03:36 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf adding puppet configuration management system
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
808341bb9b revise MCS constraints to use only MCS-specific attributes. 2009-10-07 11:48:14 -04:00
Chris PeBenito
f67bc918d4 term_write_all_terms() patch from Stefan Schulze Frielinghaus 2009-09-08 10:06:38 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
78a9c2815d add bin_t labeling for gentoo dhcpcd-run-hooks location 2009-07-30 09:34:00 -04:00
Chris PeBenito
105e85ac8e /dev/fuse should be s0 not mls_high
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device.  Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs.  It will also make it unusable I
believe on an MLS machine.  Mostly I have seen fusefs used for remote
access to data.  sshfs for example.
2009-07-29 11:08:50 -04:00
Chris PeBenito
9de7c1706d hal patch from dan. 2009-07-27 10:18:50 -04:00
Chris PeBenito
06625d302c mozilla patch from dan. 2009-07-27 09:11:12 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
5271dd30bc module version bump for 9b1907b217 2009-07-21 10:07:10 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
edb7b90d89 add kismet and pulseaudio ports. fix sorting of ports. 2009-07-20 11:17:31 -04:00
Chris PeBenito
ce6fee6575 5 patches from dan 2009-07-14 10:30:22 -04:00
Chris PeBenito
45b975db5b trunk: add missing varnish port. 2009-06-30 17:48:15 +00:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito
731008ad85 trunk: 2 patches from dan. 2009-06-08 17:18:26 +00:00
Chris PeBenito
16fd1fd814 trunk: MLS constraints for the x_selection class, from Eamon Walsh. 2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe trunk: add gpsd from miroslav grepl 2009-06-02 14:28:40 +00:00
Chris PeBenito
80348b73a0 trunk: 4 patches from dan. 2009-05-14 14:41:50 +00:00
Chris PeBenito
3392356f36 trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
Chris PeBenito
a5ef553c2d trunk: 5 modules from dan. 2009-04-20 19:03:15 +00:00
Chris PeBenito
8f800d48df trunk: 14 patches from dan. 2009-03-23 14:56:43 +00:00
Chris PeBenito
11c944faf1 trunk: fix typo in devices file contexts. 2009-03-05 17:46:22 +00:00
Chris PeBenito
2c664e7fb8 trunk: storage patch from dan. 2009-03-05 15:49:41 +00:00
Chris PeBenito
7b76207e37 trunk: devices patch from dan. 2009-03-05 15:36:41 +00:00
Chris PeBenito
be5aaebfd6 trunk: corecommands patch from dan. 2009-03-05 14:43:03 +00:00
Chris PeBenito
c45fdad85b trunk: filesystem patch from dan. 2009-03-04 15:53:07 +00:00
Chris PeBenito
e1a70f1dde trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls.  Based on
the following post to the SELinux Reference Policy mailing list:

 * http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385 trunk: Drop write permission from fs_read_rpc_sockets(). 2009-02-24 20:00:15 +00:00
Chris PeBenito
f3fcadfe04 trunk: Patch for RadSec port from Glen Turner. 2009-02-23 13:41:28 +00:00
Chris PeBenito
7722c29e88 trunk: Enable network_peer_controls policy capability from Paul Moore. 2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09 trunk: btrfs from Paul Moore. 2009-01-30 13:44:14 +00:00
Chris PeBenito
019dfaf9dc trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project. 2009-01-15 20:31:06 +00:00
Chris PeBenito
f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00