Chris PeBenito
|
f82c6ac64c
|
bah typo
|
2005-07-20 15:08:33 +00:00 |
|
Chris PeBenito
|
0b28a23114
|
user home dirs were missing file type in targ policy
|
2005-07-20 15:06:49 +00:00 |
|
Chris PeBenito
|
1e3f610b3b
|
add missing dir and file perms for selinuxfs in unconfined
|
2005-07-20 14:57:13 +00:00 |
|
Chris PeBenito
|
689f6ddb35
|
fix typos and import some rules from NSA cvs to make targeted policy work
|
2005-07-20 14:25:24 +00:00 |
|
Chris PeBenito
|
474f43d13d
|
should actually try compiling first :x
|
2005-07-20 13:39:10 +00:00 |
|
Chris PeBenito
|
bd7e7a6417
|
missed a line
|
2005-07-20 13:37:18 +00:00 |
|
Chris PeBenito
|
a28f6db576
|
add in some rules from NSA CVS to make targeted policy work
|
2005-07-20 13:30:06 +00:00 |
|
Chris PeBenito
|
8c3f438f75
|
corenet was missing from unconfined
|
2005-07-19 20:38:26 +00:00 |
|
Chris PeBenito
|
892266ca76
|
more targeted policy fixes
|
2005-07-19 20:26:02 +00:00 |
|
Chris PeBenito
|
21f47732b1
|
add new netlink socket class
|
2005-07-19 20:25:42 +00:00 |
|
Chris PeBenito
|
ec848d247f
|
more fixes for targeted
|
2005-07-19 19:37:43 +00:00 |
|
Chris PeBenito
|
2ec4c9d38f
|
more cleanup
|
2005-07-19 18:40:31 +00:00 |
|
Chris PeBenito
|
8b0bbdda34
|
fixes for targeted policy
|
2005-07-19 18:40:19 +00:00 |
|
Chris PeBenito
|
391edeb577
|
fix assertions for framework
|
2005-07-18 20:17:21 +00:00 |
|
Chris PeBenito
|
a5f339f134
|
more cleanup in system
|
2005-07-18 18:31:49 +00:00 |
|
Chris PeBenito
|
9f103ce14b
|
fix to use context_template()
|
2005-07-18 14:25:05 +00:00 |
|
Chris PeBenito
|
3b6174a142
|
add missing context template
|
2005-07-15 20:54:24 +00:00 |
|
Chris PeBenito
|
50aca6d2f9
|
add raid (mdadm)
|
2005-07-15 20:45:26 +00:00 |
|
Chris PeBenito
|
d9fd8e7562
|
more pcmcia cleanup
|
2005-07-15 19:18:55 +00:00 |
|
Chris PeBenito
|
157c69416f
|
add macro to expand object class sets for use in require blocks
|
2005-07-15 15:53:54 +00:00 |
|
Chris PeBenito
|
50f6503452
|
* break up files_getattr_all_files into correct interfaces
* move stuff out of pcmcia into the appropriate modules
|
2005-07-15 15:17:57 +00:00 |
|
Chris PeBenito
|
f136a944c5
|
reorder in alpha order of type, for sanity purposes
|
2005-07-15 14:30:19 +00:00 |
|
Chris PeBenito
|
e0d57fbcb1
|
add pcmcia
|
2005-07-14 20:57:17 +00:00 |
|
Chris PeBenito
|
c429cb5e26
|
fix up the xml
|
2005-07-14 20:02:53 +00:00 |
|
Chris PeBenito
|
11633bbaa8
|
add ipsec
|
2005-07-14 18:15:47 +00:00 |
|
Chris PeBenito
|
493d6c4adc
|
add nscd
|
2005-07-13 20:48:51 +00:00 |
|
Chris PeBenito
|
df00b2e235
|
* fix chroot exec interface
* more TODO cleanup
* move IPC out of generic domtrans interfaces
|
2005-07-13 18:29:08 +00:00 |
|
Chris PeBenito
|
b24f35d8a3
|
more cleanup of current TODOs
|
2005-07-12 20:34:24 +00:00 |
|
Chris PeBenito
|
20a22759a7
|
fix comments for templates to have same number of # as interfaces
|
2005-07-12 20:33:42 +00:00 |
|
Chris PeBenito
|
4051d15b62
|
fix xml
|
2005-07-11 19:15:54 +00:00 |
|
Chris PeBenito
|
ae9e2716c3
|
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
|
2005-07-11 19:02:50 +00:00 |
|
Chris PeBenito
|
a42ca7ebec
|
another round of TODO cleanup
|
2005-07-08 20:44:57 +00:00 |
|
Chris PeBenito
|
4d0d4157f4
|
silly formatting fix
|
2005-07-08 19:44:12 +00:00 |
|
Chris PeBenito
|
e5f8060316
|
implement direct_sysadm_daemon
|
2005-07-07 15:25:28 +00:00 |
|
Chris PeBenito
|
1aa526281b
|
missing rules uncovered by sediff
|
2005-07-07 15:20:24 +00:00 |
|
Chris PeBenito
|
c98340cfeb
|
support for targeted policy
|
2005-07-06 20:28:29 +00:00 |
|
Chris PeBenito
|
ed1a92b88c
|
ksu moves to su
|
2005-07-06 17:41:58 +00:00 |
|
Chris PeBenito
|
bb32544d61
|
add missing ssh file contexts
|
2005-07-06 15:59:54 +00:00 |
|
Chris PeBenito
|
9726b31857
|
add unconfined
|
2005-07-05 20:59:51 +00:00 |
|
Chris PeBenito
|
e8f0055b6d
|
fix quoting problem
|
2005-07-05 20:54:12 +00:00 |
|
Chris PeBenito
|
2745476e4a
|
add required tags
|
2005-07-05 17:47:15 +00:00 |
|
Chris PeBenito
|
a7a9799d79
|
convert can_kerberos()
|
2005-07-01 13:31:34 +00:00 |
|
Chris PeBenito
|
65c8613766
|
ul has to be in a p
|
2005-07-01 13:10:57 +00:00 |
|
Chris PeBenito
|
5e1ed4903e
|
initial commit
|
2005-06-30 21:11:54 +00:00 |
|
Chris PeBenito
|
fd89e19f12
|
more work on current modules
|
2005-06-30 18:54:08 +00:00 |
|
Chris PeBenito
|
ebdc3b7902
|
clean up more todos
|
2005-06-29 20:53:53 +00:00 |
|
Chris PeBenito
|
d233bfce3f
|
make layer summary required
|
2005-06-29 16:54:13 +00:00 |
|
Chris PeBenito
|
8fd3673225
|
another round of renaming, for consistency
|
2005-06-29 14:26:41 +00:00 |
|
Chris PeBenito
|
96ce00afcc
|
add logrotate, more low-hanging fruit
|
2005-06-28 20:54:49 +00:00 |
|
Chris PeBenito
|
ceebe3b4b0
|
change desc to summary
|
2005-06-28 19:51:46 +00:00 |
|
Chris PeBenito
|
cbca03f513
|
add lost_found_t manage, rename fs_type attribute to filesystem_type and rename fs_make_fs to fs_type
|
2005-06-28 17:48:59 +00:00 |
|
Chris PeBenito
|
783b38347e
|
more low hanging fruit cleanup
|
2005-06-28 17:32:57 +00:00 |
|
Chris PeBenito
|
58c3da55f3
|
add fstools, and more cleanup
|
2005-06-27 20:59:28 +00:00 |
|
Chris PeBenito
|
80436b9b8f
|
changes to make inetd work
|
2005-06-27 18:37:33 +00:00 |
|
Chris PeBenito
|
24bf11c62a
|
initial commit
|
2005-06-27 18:36:56 +00:00 |
|
Chris PeBenito
|
ab940a4cc1
|
autofs_t and ypbind cleanup
|
2005-06-27 16:30:55 +00:00 |
|
Chris PeBenito
|
e88003ffe3
|
xml updates and nis stuff
|
2005-06-24 20:37:09 +00:00 |
|
Chris PeBenito
|
73fbc771d1
|
initial commit
|
2005-06-24 19:49:46 +00:00 |
|
Chris PeBenito
|
62a7b02c5b
|
add/update comments
|
2005-06-24 13:36:57 +00:00 |
|
Chris PeBenito
|
414e415198
|
update for new documentation method
|
2005-06-23 21:30:57 +00:00 |
|
Chris PeBenito
|
aad5b98eba
|
more updates
|
2005-06-23 20:35:48 +00:00 |
|
Chris PeBenito
|
9916c694b4
|
update to new commenting style
|
2005-06-23 20:27:06 +00:00 |
|
Chris PeBenito
|
45239964e5
|
move ssh tunables into global_tunables
|
2005-06-23 19:57:15 +00:00 |
|
Chris PeBenito
|
19ea99d495
|
fix
|
2005-06-23 16:06:39 +00:00 |
|
Chris PeBenito
|
261e0e66ee
|
shorten some xml tags
|
2005-06-23 16:00:05 +00:00 |
|
Chris PeBenito
|
d3b892e4fd
|
convert a couple network macros
|
2005-06-23 15:44:18 +00:00 |
|
Chris PeBenito
|
007ca5600c
|
more setcurrent stuff
|
2005-06-23 15:37:39 +00:00 |
|
Chris PeBenito
|
2a3478cf15
|
fixes pointed out by steve, plus fixes revealed by the added assertions
|
2005-06-23 14:19:56 +00:00 |
|
Chris PeBenito
|
9ccd96dfc6
|
more work on ssh, plus import ssh-agent
|
2005-06-22 21:14:48 +00:00 |
|
Chris PeBenito
|
199895e201
|
move all interfaces over to the interface macro. add traceback debugging info
|
2005-06-22 19:21:31 +00:00 |
|
Chris PeBenito
|
cbc9d6951a
|
remove remaining _depend macros to prep for switchover to interface declaration macro
|
2005-06-22 16:07:14 +00:00 |
|
Chris PeBenito
|
0404a3903a
|
initial commit of ssh.
|
2005-06-21 21:07:46 +00:00 |
|
Chris PeBenito
|
21871a5cf6
|
work on newrole policy
|
2005-06-21 17:01:45 +00:00 |
|
Chris PeBenito
|
e04b8e7832
|
initial commit
|
2005-06-20 18:43:14 +00:00 |
|
Chris PeBenito
|
57869a681e
|
XML: encapsulate modules in layers, rather then layer being an attribute of
module tag
|
2005-06-20 18:40:44 +00:00 |
|
Chris PeBenito
|
7a2f20a315
|
more work to clean up and complete current modules
|
2005-06-20 17:41:29 +00:00 |
|
Chris PeBenito
|
2ba9a794db
|
interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
|
2005-06-17 19:17:57 +00:00 |
|
Chris PeBenito
|
bc1fbab472
|
interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
|
2005-06-17 18:59:34 +00:00 |
|
Chris PeBenito
|
c9b7f1a28e
|
add rw_term_perms
|
2005-06-17 18:56:23 +00:00 |
|
Chris PeBenito
|
5e6f9e5aac
|
services interfaces review
|
2005-06-17 18:41:07 +00:00 |
|
Chris PeBenito
|
7f2e39b8e6
|
review of admin interfaces
|
2005-06-17 18:27:08 +00:00 |
|
Chris PeBenito
|
139520a233
|
review of system interfaces
|
2005-06-17 17:59:26 +00:00 |
|
Chris PeBenito
|
a7c3a1b920
|
eliminate _depend macros
|
2005-06-16 21:06:29 +00:00 |
|
Chris PeBenito
|
0e721690dc
|
misc cleanup
|
2005-06-16 20:54:18 +00:00 |
|
Chris PeBenito
|
562cc2bd6c
|
reorder gpg tunable for alpha sorting
|
2005-06-16 20:34:57 +00:00 |
|
Chris PeBenito
|
d35c621eb0
|
add a couple more nfs and cifs interfaces, to cover most of the
use_(nfs|cifs)_home_dirs tunable
|
2005-06-16 20:33:51 +00:00 |
|
Chris PeBenito
|
77c124c8cd
|
eliminate _depend macros
|
2005-06-16 20:30:59 +00:00 |
|
Chris PeBenito
|
8c2f3ac695
|
have can_exec add a require block
|
2005-06-16 20:30:07 +00:00 |
|
Chris PeBenito
|
8eaa723d28
|
put user line in col 1, since genhomedircon breaks otherwise
|
2005-06-15 14:07:20 +00:00 |
|
Chris PeBenito
|
828e03f635
|
initial commit
|
2005-06-15 13:53:48 +00:00 |
|
Chris PeBenito
|
5e0da6a03e
|
finish renaming system/selinux to system/selinuxutil
|
2005-06-14 20:48:34 +00:00 |
|
Chris PeBenito
|
ff7bc148e4
|
move security_t to selinux module
|
2005-06-14 20:40:09 +00:00 |
|
Chris PeBenito
|
be4a8011d4
|
move selinux to selinuxutil
|
2005-06-14 20:12:46 +00:00 |
|
Chris PeBenito
|
8bd6789954
|
move constraints interfaces to domain module. move sysfs and usbfs to
devices module
|
2005-06-14 19:56:46 +00:00 |
|
Chris PeBenito
|
810f2b7155
|
fix typo
|
2005-06-14 18:15:01 +00:00 |
|
Chris PeBenito
|
b57dd19400
|
stray renames in distro_redhat
|
2005-06-14 17:36:21 +00:00 |
|
Chris PeBenito
|
3eed10909e
|
convert relevant conditionals into tunable_policy
|
2005-06-14 14:43:04 +00:00 |
|
Chris PeBenito
|
92e928e1bd
|
start making genhomedircon work
|
2005-06-13 21:16:05 +00:00 |
|
Chris PeBenito
|
c24ac9c51c
|
rename requires_block_template to gen_require
|
2005-06-13 20:51:09 +00:00 |
|
Chris PeBenito
|
fa7bea8feb
|
rename requires_block_tempalte to gen_require
|
2005-06-13 20:47:04 +00:00 |
|
Chris PeBenito
|
34c8fabeeb
|
tunables work
|
2005-06-13 20:44:23 +00:00 |
|
Chris PeBenito
|
31908be07f
|
a few missed renames, and start fixing up tunables
|
2005-06-13 20:27:32 +00:00 |
|
Chris PeBenito
|
5a45e70177
|
rename setattr removable_device_t
|
2005-06-13 20:00:36 +00:00 |
|
Karl MacMillan
|
8700497fb1
|
Updates to documentation.
|
2005-06-13 19:22:00 +00:00 |
|
Chris PeBenito
|
d9507b1874
|
fix xml
|
2005-06-13 17:40:51 +00:00 |
|
Chris PeBenito
|
c9428d33dc
|
renaming insanity
|
2005-06-13 17:35:46 +00:00 |
|
Karl MacMillan
|
f0c985ca80
|
Devices rename.
|
2005-06-13 16:22:32 +00:00 |
|
Chris PeBenito
|
0fd9dc55cf
|
renaming insanity
|
2005-06-10 01:01:13 +00:00 |
|
Chris PeBenito
|
24040829d0
|
fix can_exec
|
2005-06-10 01:00:48 +00:00 |
|
Chris PeBenito
|
cab7c00ff4
|
make macro work
|
2005-06-09 23:06:23 +00:00 |
|
Chris PeBenito
|
e3fd778b8f
|
add can_exec
|
2005-06-09 23:06:07 +00:00 |
|
Chris PeBenito
|
1b8d67d157
|
fix
|
2005-06-09 22:46:38 +00:00 |
|
Chris PeBenito
|
a154cd45f3
|
reorder
|
2005-06-09 21:07:58 +00:00 |
|
Chris PeBenito
|
588ffaeb7f
|
kernel.if renaming
|
2005-06-09 20:50:17 +00:00 |
|
Chris PeBenito
|
eda201efe8
|
more renaming and xml
|
2005-06-09 19:52:50 +00:00 |
|
Chris PeBenito
|
eca5b2dd79
|
rename
|
2005-06-09 19:22:27 +00:00 |
|
Chris PeBenito
|
cc41a97c99
|
aliases
|
2005-06-09 18:08:26 +00:00 |
|
Chris PeBenito
|
7591e83cba
|
fix layer in module tag
|
2005-06-09 17:56:38 +00:00 |
|
Chris PeBenito
|
c6ebefd2f2
|
rename
|
2005-06-09 17:51:40 +00:00 |
|
Chris PeBenito
|
d90b274e40
|
for now, drop infoflow tags
|
2005-06-09 17:23:53 +00:00 |
|
Chris PeBenito
|
dc67f782e4
|
aliases
|
2005-06-09 17:21:52 +00:00 |
|
Chris PeBenito
|
0a10b1fa12
|
aliases
|
2005-06-09 15:32:23 +00:00 |
|
Chris PeBenito
|
fe040c9777
|
renaming and xml
|
2005-06-09 15:20:31 +00:00 |
|
Chris PeBenito
|
dd822947d2
|
aliases
|
2005-06-09 14:50:48 +00:00 |
|
Chris PeBenito
|
80048ca5d2
|
aliases
|
2005-06-09 14:26:05 +00:00 |
|
Chris PeBenito
|
5d31560b4d
|
genhomedircon entries
|
2005-06-08 22:32:43 +00:00 |
|
Chris PeBenito
|
5552ed88f3
|
initial commit
|
2005-06-08 22:32:33 +00:00 |
|
Chris PeBenito
|
f2e4ab3a99
|
make corenetwork generation explicit, rather then on-the-fly
|
2005-06-08 21:46:39 +00:00 |
|
Chris PeBenito
|
7edd02d4f1
|
aliasing
|
2005-06-08 21:07:03 +00:00 |
|
Chris PeBenito
|
b29d23f315
|
initial commit
|
2005-06-08 20:49:16 +00:00 |
|
Chris PeBenito
|
c2c00bee05
|
add aliases
|
2005-06-08 20:28:45 +00:00 |
|
Karl MacMillan
|
72bdc60860
|
Moved and changed user_mls to gen_user.
|
2005-06-08 20:23:43 +00:00 |
|
Karl MacMillan
|
eb5e237573
|
Renamed support macros for consistency.
|
2005-06-08 20:23:12 +00:00 |
|
Chris PeBenito
|
9f72a2655f
|
renaming
|
2005-06-08 18:40:30 +00:00 |
|
Chris PeBenito
|
0c5a288e98
|
interface renaming
|
2005-06-08 18:00:04 +00:00 |
|
Chris PeBenito
|
1694dee685
|
interface renaming
|
2005-06-08 16:18:08 +00:00 |
|
Chris PeBenito
|
066d463147
|
comment fix
|
2005-06-08 16:16:41 +00:00 |
|
Chris PeBenito
|
a7197232e8
|
add can_exec
|
2005-06-08 13:41:05 +00:00 |
|
Chris PeBenito
|
763c441e3b
|
start renaming filesystem interfaces
|
2005-06-08 13:12:00 +00:00 |
|
Chris PeBenito
|
a9ec5414d1
|
add interface macro
|
2005-06-08 13:11:47 +00:00 |
|
Chris PeBenito
|
b46609f09f
|
fix missing _socket in class
|
2005-06-08 13:08:01 +00:00 |
|
Chris PeBenito
|
3865d6b95e
|
add xml
|
2005-06-07 22:36:07 +00:00 |
|
Chris PeBenito
|
ddea18b0ad
|
more tunable work
|
2005-06-07 22:26:39 +00:00 |
|
Chris PeBenito
|
758618b1f3
|
initial commit
|
2005-06-07 22:26:11 +00:00 |
|
Chris PeBenito
|
254bbc7bb3
|
start switching over to new tunable infrastructure
|
2005-06-07 18:45:47 +00:00 |
|
Chris PeBenito
|
02b584a174
|
initial commit
|
2005-06-07 15:10:43 +00:00 |
|
Chris PeBenito
|
43bc3906c5
|
initial commit
|
2005-06-07 14:46:31 +00:00 |
|
Chris PeBenito
|
2d68932a8d
|
fix broken macros
|
2005-06-07 14:46:20 +00:00 |
|
Chris PeBenito
|
a1d2e8ab29
|
add domain(_auto)_trans
|
2005-06-07 14:43:14 +00:00 |
|
Chris PeBenito
|
eb7f9a34cb
|
move audit to logging
|
2005-06-07 14:27:19 +00:00 |
|