Commit Graph

192 Commits

Author SHA1 Message Date
Chris PeBenito
1abafe3707 trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. 2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581 trunk: several fc updates from dan. 2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae trunk: add openoffice locations in gentoo. 2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e trunk: Improve several tunables descriptions from Dan Walsh. 2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito
c0cf6e0a6e trunk: clean up nsswitch usage, from dan. 2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215 trunk: add /dev symlink relabel since its not short circuited. 2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29 trunk: version bump for newrole fixes. 2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5 trunk: test fix 2 for newrole. 2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e trunk: test fix for newrole. 2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5 trunk: handle early boot on debian, for /dev labeling. 2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik. 2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5 trunk: version bumps for previous commit. 2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb trunk: More complete labeled networking infrastructure from KaiGai Kohei. 2007-11-26 16:44:57 +00:00
Chris PeBenito
ccf6611bdd trunk: add unconfined_run_to(). 2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1 trunk: switch newrole and run_init over to use nsswitch. 2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config(). 2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d trunk: reorganize selinuxutil. 2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c trunk: 9 patches from dan. 2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762 trunk: 8 patches from dan. 2007-11-15 16:54:18 +00:00
Chris PeBenito
9820351703 trunk: add in polmatch for default spd. 2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6 trunk: add labeled networking support to unconfined. 2007-11-14 14:38:45 +00:00
Chris PeBenito
847937da7d trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh. 2007-11-13 19:31:43 +00:00
Chris PeBenito
eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e trunk: fix init_ranged_system_domain range_transition object class, from james carter. 2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito
bd973e3e68 trunk: remove unused types from dbus. 2007-10-26 18:04:38 +00:00
Chris PeBenito
cdf98fedc0 trunk: 10 patches from dan. 2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
6c53a10e28 trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. 2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito
aef93a760f trunk: one-liner from Shintaro Fujiwara 2007-09-26 14:28:20 +00:00
Chris PeBenito
6f49b490b8 trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara. 2007-09-17 18:04:35 +00:00
Chris PeBenito
14add30d03 trunk: 3 patches from dan. 2007-09-12 14:53:39 +00:00
Chris PeBenito
134a799c75 trunk: 3 patches from dan. 2007-09-11 19:24:32 +00:00
Chris PeBenito
abc89340c4 trunk: two tiny patches from Stefan Schulze Frielinghaus 2007-09-06 19:29:54 +00:00
Chris PeBenito
72f82c47c2 trunk: six patches from dan. 2007-09-06 18:34:40 +00:00
Chris PeBenito
8241b538af trunk: udev update and brctl module from dan. 2007-09-05 17:55:57 +00:00
Chris PeBenito
0a0b8078ca trunk: 5 patches from dan. 2007-09-04 18:57:58 +00:00
Chris PeBenito
4922765ec6 trunk: fix certwatch_run() interface, which had a typo in the name. 2007-08-30 15:01:48 +00:00
Chris PeBenito
752ddf588f trunk: add missing commas in can_exec in daemontools that worked by luck. 2007-08-24 15:55:06 +00:00
Chris PeBenito
2af7b42a06 trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels. 2007-08-22 20:21:52 +00:00
Chris PeBenito
8d2c34195e trunk: updates from dan on 9 modules 2007-08-22 20:02:41 +00:00
Chris PeBenito
f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf trunk: several MLS enhancements. 2007-08-20 15:15:03 +00:00
Chris PeBenito
d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito
6929521e0a trunk: fix missed netlabel deprecation 2007-07-19 15:11:19 +00:00
Chris PeBenito
116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito
113b4fc4a2 Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module. 2007-06-28 17:25:46 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
7f089782ae trunk: xen updates from dan 2007-06-21 13:36:05 +00:00
Chris PeBenito
92d1ade254 trunk: trivial gentoo tweaks 2007-06-20 20:08:26 +00:00
Chris PeBenito
cb10a2d5bf trunk: Tunable connection to postgresql for users from KaiGai Kohei. 2007-06-19 14:30:06 +00:00
Chris PeBenito
d5b81a81ff trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). 2007-06-12 18:46:14 +00:00
Chris PeBenito
6649aec9d0 trunk: 3 patches from dan 2007-06-11 15:43:37 +00:00
Chris PeBenito
d534d35a7e trunk: 5 patches from dan 2007-06-11 15:01:10 +00:00
Chris PeBenito
7782966db1 add fc entry for make_reiser4 2007-06-08 20:01:34 +00:00
Chris PeBenito
38d0cf1b8a trunk: long overdue cleanup from when range_transitions were only in the base module 2007-05-14 15:35:47 +00:00
Chris PeBenito
762d2cb989 merge restorecon into setfiles 2007-05-11 17:10:43 +00:00
Chris PeBenito
0ef5d66468 textrel lib update from dan 2007-05-03 13:43:44 +00:00
Chris PeBenito
882186c933 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
Chris PeBenito
d28e528b0d Fixes for RHEL4 from the CLIP project. 2007-04-27 15:08:15 +00:00
Chris PeBenito
b4dfdc7d30 Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties. 2007-04-19 14:30:57 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
697489040e 5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes 2007-04-11 17:56:03 +00:00
Chris PeBenito
82e284bb89 last piece of dan's previous patch 2007-04-11 13:31:10 +00:00
Chris PeBenito
19b2dee3cc confine ldconfig in targeted, from dan 2007-04-10 19:39:22 +00:00
Chris PeBenito
98faba122c gentoo /lib can be a symlink on x86-64 systems 2007-04-02 13:33:18 +00:00
Chris PeBenito
a26923c32e Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file. 2007-03-28 18:47:45 +00:00
Chris PeBenito
9e8f65c83e six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed 2007-03-26 20:47:29 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89 remove disable_trans booleans 2007-03-23 21:01:49 +00:00
Chris PeBenito
5f5b7a1ec6 network fix from dan 2007-03-22 14:33:00 +00:00
Chris PeBenito
cc9130b90a one-liner from dan 2007-03-22 14:01:55 +00:00
Chris PeBenito
a5f5eba459 Add dontaudits for init fds and console to init_daemon_domain(). 2007-03-20 18:47:18 +00:00
Chris PeBenito
c224d91c7b from Dan:
This is a new policy for the User Switching capability coming in gnome.

consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
c5561c777d patches for lvm and ricci fixes from Dan Walsh. 2007-03-06 15:35:02 +00:00
Chris PeBenito
ecc98e19e3 patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh. 2007-03-01 15:43:39 +00:00
Chris PeBenito
ca448bd66c add init_exec() to init_telinit(). 2007-02-26 20:19:53 +00:00
Chris PeBenito
5c45eaede1 On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
> audit needs fsetid
> 
> syslog needs to be able to create a tcp_socket for off machine logging.
2007-02-23 20:19:29 +00:00
Chris PeBenito
6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito
42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863 patch from dan for some missing gen_require()s 2006-11-29 13:44:40 +00:00
Chris PeBenito
c6a60bb28d On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
2006-11-14 13:38:52 +00:00
Chris PeBenito
ed38ca9f3d fixes from gentoo strict testing:
- Allow semanage to read from /root on strict non-MLS for
  local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
  on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito
0f9a2be65d add missing gentoo file contexts for initrc and lvm 2006-11-07 19:38:10 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Chris PeBenito
582438054d fix up corecommands perm sets, add seutil_manage_config_dirs() 2006-10-27 13:55:35 +00:00
Chris PeBenito
d5ae683e2b add seutil_rw_config() 2006-10-25 20:48:04 +00:00
Chris PeBenito
a8671ae5b2 enhanced setransd support from darrel goeddel 2006-10-20 14:44:23 +00:00
Chris PeBenito
a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito
b04eccd87b fix duplicate /usr/bin/mplayer fc match for targeted 2006-10-18 17:31:14 +00:00
Chris PeBenito
130f8a4aa5 merge netlabel stuff from labeled-networking branch 2006-10-17 16:58:17 +00:00
Chris PeBenito
aeaae5185e fix ticket #16 2006-10-16 16:51:57 +00:00