0f5e26b620
Add btrfs and ext4 to labeling targets.
2009-08-11 09:01:58 -04:00
90286f4292
Fix infrastructure to expand macros in initrc_context when installing.
...
The initrc_context file uses the mls_systemhigh macro and needs to be properly
expanded based on the build.conf settings. Add makefile support to do this.
2009-08-10 14:00:34 -04:00
02e594d5dc
Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49 .
2009-08-05 14:19:54 -04:00
e335910197
Add missing compatibility aliases for xdm_xserver*_t types.
...
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
915dfa68b6
release 2.20090730
2009-07-30 14:35:47 -04:00
64c7061e1a
changelog entry for the previous gentoo fixes
2009-07-30 10:41:17 -04:00
20c3ccee1a
add fprintd module from dan.
2009-07-29 10:28:31 -04:00
677c4c2fea
add devicekit module from dan.
2009-07-29 10:02:06 -04:00
c7ae9ae1c8
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-07-28 08:00:03 -04:00
5f6c30f8bd
wm policy from dan
2009-07-27 15:11:22 -04:00
f4962ab15b
add cpufreqselector from dan
2009-07-27 09:09:00 -04:00
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
9b1907b217
add pulseaudio from dan.
2009-07-21 10:05:38 -04:00
dc0ab0f0c3
changelog for previous commit
2009-07-20 11:16:22 -04:00
50824a99ca
trunk: pads from dan.
2009-06-30 15:03:20 +00:00
267d9c60c5
trunk: varnishd from dan.
2009-06-30 13:49:53 +00:00
c017ee17ab
trunk: add sssd from dan.
2009-06-22 15:33:21 +00:00
c9c0d846de
trunk: Greylist milter from Paul Howarth.
2009-06-18 14:36:35 +00:00
c7dc1c7222
trunk: Allow unix_update to change the security attributes associate with files so
...
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
df28a0c444
trunk: Misc fixes for unix_update from Brandon Whalen.
2009-06-18 13:36:40 +00:00
95ea7d6986
trunk: Add x_device permissions for XI2 functions, from Eamon Walsh.
2009-06-18 13:07:23 +00:00
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
cca4a215fe
trunk: add gpsd from miroslav grepl
2009-06-02 14:28:40 +00:00
350ed89156
se-postgresql update from kaigai
...
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
db_database:{getattr}
db_table:{getattr lock}
db_column:{getattr}
db_procedure:{drop getattr setattr}
db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
impossible to refer read-only table with foreign-key constraint.
(FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
It should allow them on sepgsql_trusted_proc_exec_t.
I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
da3ed0667f
trunk: lircd from miroslav grepl
2009-05-06 15:09:46 +00:00
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
0cf1d56018
trunk: Milter state directory patch from Paul Howarth.
2009-04-21 20:40:45 +00:00
a5ef553c2d
trunk: 5 modules from dan.
2009-04-20 19:03:15 +00:00
153fe24bdc
trunk: 5 patches from dan.
2009-04-07 14:09:43 +00:00
42d567c3f4
trunk: 6 patches from dan.
2009-03-31 13:40:59 +00:00
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
81fa19ed73
trunk: remove unused udev_runtime_t type.
2009-02-24 19:31:08 +00:00
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00
805f34ed09
trunk: btrfs from Paul Moore.
2009-01-30 13:44:14 +00:00
466e22a8ba
trunk: Add db_procedure install permission from KaiGai Kohei.
2009-01-23 19:49:36 +00:00
019dfaf9dc
trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project.
2009-01-15 20:31:06 +00:00
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
347a701119
trunk: Add kernel_service access vectors, from Stephen Smalley.
2009-01-05 21:44:33 +00:00
e66a0cad18
trunk: check in version and changelog for release.
2008-12-10 19:49:42 +00:00
3196971ae8
trunk: Fix consistency of audioentropy and iscsi module naming.
2008-12-09 16:47:33 +00:00
b3eb124654
trunk: Debian file context fix for xen from Russell Coker.
2008-11-24 15:34:54 +00:00
b9e5238a24
trunk: add milter module from Paul Howarth.
2008-11-24 15:06:58 +00:00
7f49194215
trunk: Xserver MLS fix from Eamon Walsh.
2008-11-17 13:49:19 +00:00
99282e6be0
trunk: add omapi port for dhcpcd.
2008-11-12 13:11:00 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
Chris PeBenito