Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Syntax error.
Squash me with 959aa527a5394d23b994ecf75347d2445106d0c4
Replace type and attributes statements by comma delimiters where possible.
Syntax error.
Squach me with 779a708452142d6e4ac2ba2a158f724782a03291
Replace type and attributes statements by comma delimiters where possible.
Syntax error.
Squash me with 89180ea115794aadddaa9b356ab1dfcdc9ff102
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.
Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.