Commit Graph

162 Commits

Author SHA1 Message Date
Chris PeBenito
ca7fa520e7 gpg patch from dan.
gpg sends sigstop and signull

Reads usb devices

Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
2009-09-03 08:23:18 -04:00
Chris PeBenito
93be4ba581 Webalizer does not list inotify, this was caused by leaked file descriptors in either dbus or cron. Both of which have been cleaned up. 2009-09-02 09:10:30 -04:00
Chris PeBenito
a4b6385b9d cdrecord patch from dan. 2009-09-01 09:22:40 -04:00
Chris PeBenito
1a79193449 awstats patch from dan. 2009-09-01 08:59:24 -04:00
Chris PeBenito
aac56b12b7 add ptchown policy from dan. 2009-08-31 10:21:01 -04:00
Chris PeBenito
a3dd1499ef pulseaudio patch from dan. 2009-08-31 10:07:57 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t.
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
0c89174f7f pull most of fedora changes to samba. 2009-07-29 14:40:34 -04:00
Chris PeBenito
91550027de vmware patch from dan. 2009-07-28 11:37:34 -04:00
Chris PeBenito
c7ae9ae1c8 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-07-28 08:00:03 -04:00
Chris PeBenito
5f6c30f8bd wm policy from dan 2009-07-27 15:11:22 -04:00
Chris PeBenito
06625d302c mozilla patch from dan. 2009-07-27 09:11:12 -04:00
Chris PeBenito
f4962ab15b add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
5bb5ec1d40 podsleuth patch from dan. 2009-07-21 10:11:16 -04:00
Chris PeBenito
e4f73afb8e gpg patch from dan 2009-07-21 10:07:38 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
ce6fee6575 5 patches from dan 2009-07-14 10:30:22 -04:00
Chris PeBenito
10b03f376b three debian patches from manoj 2009-07-14 09:05:59 -04:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
63f0a71c8a trunk: 9 patches from dan. 2009-06-01 16:03:42 +00:00
Chris PeBenito
c90440a7cd trunk: 4 patches from dan. 2009-03-11 13:32:23 +00:00
Chris PeBenito
f79314234a trunk: 6 patches from dan. 2009-02-11 19:28:30 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito
ff8f0a63f4 trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito
2a98379a24 trunk: additional whitespace fixes. 2008-10-17 15:52:39 +00:00
Chris PeBenito
88cf0a9c2b trunk: whitespace fix; collapse multiple blank lines into one. 2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
7aabe358f4 trunk: missed fixes on previous commit. 2008-08-07 14:45:37 +00:00
Chris PeBenito
8a948caf2b trunk: 11 more cherry picks from fedora policy, by david hardeman. 2008-08-07 14:17:50 +00:00
Chris PeBenito
6224fc1485 trunk: 7 patches from Fedora policy, cherry picked by david hrdeman. 2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8 trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
Chris PeBenito
cfcf5004e5 trunk: bump versions for release. 2008-07-02 14:07:57 +00:00
Chris PeBenito
a713ad8b8a trunk: pull in most of dans vmware patch. 2008-06-18 15:35:49 +00:00
Chris PeBenito
131634a581 trunk: podsleuth and hal updates from dan. 2008-06-17 14:07:44 +00:00
Chris PeBenito
eb4216397c trunk: add qemu and virt from dan. 2008-06-16 18:59:07 +00:00
Chris PeBenito
4b28c2ecc2 trunk: misc gentoo fc fixes. 2008-06-06 03:40:27 +00:00
Chris PeBenito
b34db7a8ec trunk: another pile of misc fixes. 2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0 trunk: a pile of misc fixes, mainly sync xml docs with interface implementation. 2008-05-15 13:10:34 +00:00
Chris PeBenito
a42ce93a4d trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik. 2008-05-12 20:05:32 +00:00
Chris PeBenito
e9c6cda7da trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
Chris PeBenito
a0647afa0c trunk: add missing mplayer_etc_t require in role template. 2008-04-21 12:47:09 +00:00
Chris PeBenito
8152a78836 trunk: 7 patches from dan. 2008-04-04 17:08:34 +00:00
Chris PeBenito
0a14f3ae09 trunk: bump module version numbers for release. 2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad trunk: add core xselinux support. 2008-04-01 20:23:23 +00:00
Chris PeBenito
e828954c63 trunk: 4 patches from dan. 2008-03-27 15:20:16 +00:00
Chris PeBenito
6e2123fc72 trunk: add wireshark. 2008-03-14 15:26:52 +00:00
Chris PeBenito
737fcf232c trunk: dontaudit init fds in loadkeys. 2008-03-04 18:48:30 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito
bd973e3e68 trunk: remove unused types from dbus. 2007-10-26 18:04:38 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
81d4c88f8c trunk: remove stale user_net_control reference in usernetctl.if. 2007-10-08 13:38:25 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito
0cf6df55e5 trunk: add awstats from Stefan Schulze Frielinghaus. 2007-09-17 17:25:40 +00:00
Chris PeBenito
8a9d6f6449 trunk: 6 patches from dan. 2007-09-07 13:41:20 +00:00
Chris PeBenito
0a0b8078ca trunk: 5 patches from dan. 2007-09-04 18:57:58 +00:00
Chris PeBenito
6dd721a686 trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate. 2007-08-27 17:57:36 +00:00
Chris PeBenito
8d2c34195e trunk: updates from dan on 9 modules 2007-08-22 20:02:41 +00:00
Chris PeBenito
d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito
116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
22bff65f4d trunk: fix typo in vmware.fc 2007-06-26 14:31:31 +00:00
Chris PeBenito
d139413c64 trunk: 2 patches from dan 2007-06-13 13:54:56 +00:00
Chris PeBenito
262def165a trunk: version bumps for previous commit. 2007-06-12 13:08:19 +00:00
Chris PeBenito
f7101c5430 trunk: 7 simple patches from dan. 2007-06-12 13:06:13 +00:00
Chris PeBenito
f6a590d7b4 six simple patches from dan 2007-06-11 14:09:09 +00:00
Chris PeBenito
17b9cb7dda trunk: fix line in evolution to be strict-only; was being covered up by genhomedircon. 2007-05-22 17:01:38 +00:00
Chris PeBenito
f9029fc5b6 Patch to allow slocate to getattr other filesystems and directories on those filesystems from Dan Walsh. 2007-04-30 15:01:19 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
697489040e 5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes 2007-04-11 17:56:03 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
4832f0e066 create user gpg keys dir patch from dan 2007-03-19 19:10:43 +00:00
Chris PeBenito
ecc98e19e3 patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh. 2007-03-01 15:43:39 +00:00
Chris PeBenito
2aea366ffc Patch for an additional wine executable from Dan Walsh. 2007-02-28 16:23:06 +00:00
Chris PeBenito
bf39cdb807 Patch for additional games file contexts from Dan Walsh. 2007-02-28 15:30:38 +00:00
Chris PeBenito
6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito
ff943a1b9b Clean up file context regexes in apache and java, from Eamon Walsh:
Some file_contexts regular expressions in refpolicy-strict are causing 
genhomedircon to die; refpolicy is failing to build for me entirely.

The regular expressions seem redundant to me, perhaps I am missing 
something, but the following patch fixes the problems for me.  Please 
review and apply
2007-01-24 17:10:31 +00:00
Chris PeBenito
42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863 patch from dan for some missing gen_require()s 2006-11-29 13:44:40 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Chris PeBenito
a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito
b04eccd87b fix duplicate /usr/bin/mplayer fc match for targeted 2006-10-18 17:31:14 +00:00
Chris PeBenito
f76d07072a fix some stuff that does not affect policy 2006-10-06 17:31:52 +00:00