rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
2,833 Commits 8 Branches 92 Tags 37 MiB
ac498fa5d9
Commit Graph

358 Commits

Author SHA1 Message Date
Chris PeBenito
bd75703c7d reorganize tun patch changes. 2009-08-31 08:49:57 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls 
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
 2009-08-31 08:36:06 -04:00
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template 
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
 2009-08-28 13:29:36 -04:00
Chris PeBenito
fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t. 
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
 2009-08-17 13:19:26 -04:00
Chris PeBenito
97e42114db remove redundant xen_append_log() call in hostname. 2009-08-11 14:19:38 -04:00
Chris PeBenito
e51390dfcb fix refpolicy ticket #48. 2009-08-10 11:14:03 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625 fix ordering in sysnetwork. 2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc fix ordering in raid. 2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646 fix ordering in pcmcia. 2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2 fix ordering in mount. 2009-08-05 10:16:41 -04:00
Chris PeBenito
54327d48ee fix ordering in modutils. 2009-08-05 10:15:45 -04:00
Chris PeBenito
568efbe895 fix ordering of interface calls in lvm. 2009-08-05 10:07:35 -04:00
Chris PeBenito
8cd1306e5b fix ordering of interface calls in locallogin. 2009-08-05 10:06:04 -04:00
Chris PeBenito
e6985f91ab fix ordering of interface calls in iptables. 2009-08-05 10:04:13 -04:00
Chris PeBenito
464ffa57fd fix ordering of interface calls in init. 2009-08-05 10:01:06 -04:00
Chris PeBenito
14d282253f fix ordering of interface calls in hostname. 2009-08-05 09:57:14 -04:00
Chris PeBenito
5b5300c823 fix ordering of interface calls in getty. 2009-08-05 09:55:58 -04:00
Chris PeBenito
79ca728b5f fix ordering of interface calls in fstools. 2009-08-05 09:54:52 -04:00
Chris PeBenito
08638af216 fix ordering of interface calls in clock. 2009-08-05 09:52:34 -04:00
Chris PeBenito
2acba7bbdb fix ordering of interface calls in authlogin. 2009-08-05 09:51:47 -04:00
Chris PeBenito
4c92f08f75 openrc unfortunately mounts a tmpfs at /lib/rc 2009-07-30 08:57:15 -04:00
Chris PeBenito
cfdbf366cb gentoo init script system uses tmpfs for state data 2009-07-30 08:33:43 -04:00
Chris PeBenito
efa0acccea gentoo init script system sends audit messages. 2009-07-29 21:50:32 -04:00
Chris PeBenito
33322290f2 automount patch from dan. 2009-07-29 08:59:26 -04:00
Chris PeBenito
4083191c4b add missing userdom interfaces 2009-07-28 09:35:46 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
26410ddf54 trunk: remove unnecessary semicolons after interface/template calls. 2009-06-19 13:52:33 +00:00
Chris PeBenito
df28a0c444 trunk: Misc fixes for unix_update from Brandon Whalen. 2009-06-18 13:36:40 +00:00
Chris PeBenito
30425aa876 trunk: 1 patch from dan. 2009-06-12 15:30:15 +00:00
Chris PeBenito
22894e33c4 trunk: add libjackserver.so textrel fc. 2009-06-01 13:04:40 +00:00
Chris PeBenito
c0f5fa011a trunk: whitespace fixes. 2009-05-06 14:44:57 +00:00
Chris PeBenito
3392356f36 trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
09125ae411 trunk: module version bump for previous commit. 2009-04-03 14:15:53 +00:00
Chris PeBenito
d6605bc48b trunk: 3 patches from dan. 2009-04-03 14:14:43 +00:00
Chris PeBenito
244b45d225 trunk: 3 patches from dan. 2009-03-20 13:58:15 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
81fa19ed73 trunk: remove unused udev_runtime_t type. 2009-02-24 19:31:08 +00:00
Chris PeBenito
c1e501136b trunk: add context contains to setrans. 2009-02-09 13:58:22 +00:00
Chris PeBenito
f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito
3196971ae8 trunk: Fix consistency of audioentropy and iscsi module naming. 2008-12-09 16:47:33 +00:00
Chris PeBenito
ff8f0a63f4 trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito
b3eb124654 trunk: Debian file context fix for xen from Russell Coker. 2008-11-24 15:34:54 +00:00
Chris PeBenito
7a4c282536 trunk: fix logging admin interfaces. 2008-11-14 13:53:21 +00:00
Chris PeBenito
73c77e2c9b trunk: 2 fixes from martin orr. 2008-11-13 18:44:23 +00:00
Chris PeBenito
27337d8c21 trunk: patch from Mike Edenfield to add udevadm fc entry. 2008-11-11 15:03:06 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
932c3536f8 trunk: additional open fixes. 2008-11-04 14:37:05 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito
2a98379a24 trunk: additional whitespace fixes. 2008-10-17 15:52:39 +00:00
Chris PeBenito
88cf0a9c2b trunk: whitespace fix; collapse multiple blank lines into one. 2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
aa7c463e5d trunk: a pile of misc fixes. 2008-10-13 13:36:50 +00:00
Chris PeBenito
06099da657 trunk: 3 patches from dan. 2008-10-09 18:06:24 +00:00
Chris PeBenito
04d2861035 trunk: missing bits from dan's previous round of patches. 2008-10-09 14:01:53 +00:00
Chris PeBenito
88c02e0538 trunk: init script for setrans. 2008-09-18 18:20:31 +00:00
Chris PeBenito
64c5b9975b trunk: add interface to transition to initrc_t on labeled init scripts. 2008-09-18 13:47:43 +00:00
Chris PeBenito
cfafe4a7a8 trunk: logging update from dan. 2008-09-18 13:20:57 +00:00
Chris PeBenito
36095d11ce trunk: kudzu and mta patches from dan. 2008-09-12 14:18:20 +00:00
Chris PeBenito
8786916e8d trunk: ntp and setrans update from dan. 2008-09-11 14:54:40 +00:00
Chris PeBenito
96851b1d63 trunk: fix bad require. 2008-09-03 15:37:24 +00:00
Chris PeBenito
e40fa634b2 trunk: Logrotate and Bind updates from Vaclav Ovsik. 2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635 trunk: first part of init script labeling support. 2008-08-29 19:00:02 +00:00
Chris PeBenito
e4171e8048 trunk: fix unconfined mail sending out by postfix and qmail. 2008-08-29 12:50:31 +00:00
Chris PeBenito
c11057f7ae trunk: fedora update cherry picked by david hardeman. 2008-08-22 15:17:01 +00:00
Chris PeBenito
770c015f88 trunk: 2 patches from dan. 2008-08-14 15:10:41 +00:00
Chris PeBenito
3e59876583 trunk: 6 patches from the fedora policy, cherry picked by david hardeman. 2008-08-14 14:19:50 +00:00
Chris PeBenito
6e328912ac trunk: two small patches from dan. 2008-08-14 13:08:53 +00:00
Chris PeBenito
9acf481bd0 trunk: fix from fedora policy, cherry picked from David Hardeman. 2008-08-12 19:52:29 +00:00
Chris PeBenito
9c4500b2f4 trunk: Glibc 2.7 fix from Vaclav Ovsik. 2008-08-12 19:33:18 +00:00
Chris PeBenito
e0ed765c0e trunk: 3 patches from the fedora policy, cherry picked by David Hardeman. 2008-08-11 14:03:36 +00:00
Chris PeBenito
8a948caf2b trunk: 11 more cherry picks from fedora policy, by david hardeman. 2008-08-07 14:17:50 +00:00
Chris PeBenito
3338f231d5 trunk: Policy size optimization with a non-security file attribute from James Carter. 2008-07-31 14:05:46 +00:00
Chris PeBenito
556556cdd0 trunk: 3 more cherry picked Fedora fixes from David Hrdeman. 2008-07-25 12:11:14 +00:00
Chris PeBenito
dc1920b218 trunk: Database labeled networking update from KaiGai Kohei. 2008-07-25 04:07:09 +00:00
Chris PeBenito
2b592aa495 trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus 2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086 trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage. 2008-07-15 15:33:51 +00:00
Chris PeBenito
cfcf5004e5 trunk: bump versions for release. 2008-07-02 14:07:57 +00:00
Chris PeBenito
f7eaeebbae trunk: more xml doc fixes. 2008-06-24 14:43:47 +00:00
Chris PeBenito
c5cfd2d405 trunk: Add unused interface/template parameter metadata in XML. 2008-06-24 14:23:40 +00:00
Chris PeBenito
b1a903654f trunk: add missing requires. 2008-06-24 12:53:30 +00:00
Chris PeBenito
fe5618edf5 trunk: add /usr/lib32 symlink labeling for debian. 2008-06-13 13:55:22 +00:00
Chris PeBenito
e8cb08aefa trunk: add sepostgresql policy from kaigai kohei. 2008-06-10 15:33:18 +00:00
Chris PeBenito
d87efeec73 trunk: fixes for gentoo targeted systems. 2008-05-27 12:07:03 +00:00
Chris PeBenito
7d8fbdc062 trunk: fix bad cifs interface. 2008-05-23 14:41:36 +00:00
Chris PeBenito
b34db7a8ec trunk: another pile of misc fixes. 2008-05-22 15:24:52 +00:00
Chris PeBenito
8f3a0a95e0 trunk: a pile of misc fixes, mainly sync xml docs with interface implementation. 2008-05-15 13:10:34 +00:00
Chris PeBenito
e9c6cda7da trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
Chris PeBenito
2083db2e40 trunk: Cryptsetup runs shell scripts. Patch from Martin Orr. 2008-04-18 15:32:03 +00:00
Chris PeBenito
0a14f3ae09 trunk: bump module version numbers for release. 2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad trunk: add core xselinux support. 2008-04-01 20:23:23 +00:00
Chris PeBenito
e828954c63 trunk: 4 patches from dan. 2008-03-27 15:20:16 +00:00
Chris PeBenito
2ed4f5aedf trunk: small fixes for gentoo system. 2008-03-20 14:55:17 +00:00
Chris PeBenito
91d6c92160 trunk: a pair of tweaks from gentoo systems. 2008-03-14 14:55:34 +00:00
Chris PeBenito
47333d8246 trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too. 2008-03-10 19:29:47 +00:00
Chris PeBenito
e065ac8ab5 trunk: Apt updates for ptys and logs, from Martin Orr. 2008-03-04 19:48:58 +00:00
Chris PeBenito
834401ff97 trunk: dovecot fix from Stefan Schulze Frielinghaus. 2008-02-25 19:31:03 +00:00
Chris PeBenito
90c3c561ef trunk: fc fix and if addtion from Stefan Schulze Frielinghaus. 2008-02-25 14:20:56 +00:00
Chris PeBenito
9fa023ff58 trunk: Pam and samba updates from Stefan Schulze Frielinghaus. 2008-02-19 19:33:48 +00:00
Chris PeBenito
ee6608baeb trunk: 8 patches from dan. 2008-02-18 18:44:40 +00:00
Chris PeBenito
6e7a1fc871 trunk: fix userdom_role_change_template() xml. 2008-02-13 20:26:18 +00:00
Chris PeBenito
12cf805e1c trunk: add basic ubuntu support 2008-02-05 18:24:43 +00:00
Chris PeBenito
9323a50bcc trunk: add run_init domtrans to chk passwd. 2008-01-03 19:46:40 +00:00
Chris PeBenito
7cbfeb97cf trunk: uncomment set loginuid for functional login programs under strict. 2008-01-03 18:30:45 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
1abafe3707 trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. 2007-12-12 16:18:50 +00:00
Chris PeBenito
02d968c581 trunk: several fc updates from dan. 2007-12-12 15:55:21 +00:00
Chris PeBenito
9f6e2db3ae trunk: add openoffice locations in gentoo. 2007-12-10 15:59:01 +00:00
Chris PeBenito
dd9e1de35e trunk: Improve several tunables descriptions from Dan Walsh. 2007-12-07 15:44:53 +00:00
Chris PeBenito
09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito
c0cf6e0a6e trunk: clean up nsswitch usage, from dan. 2007-12-04 15:05:55 +00:00
Chris PeBenito
08dccef215 trunk: add /dev symlink relabel since its not short circuited. 2007-11-30 15:56:48 +00:00
Chris PeBenito
f98cfb5a29 trunk: version bump for newrole fixes. 2007-11-28 20:20:49 +00:00
Chris PeBenito
c2b87f2af5 trunk: test fix 2 for newrole. 2007-11-28 19:06:07 +00:00
Chris PeBenito
6138d3da0e trunk: test fix for newrole. 2007-11-28 18:39:47 +00:00
Chris PeBenito
1483be1fe5 trunk: handle early boot on debian, for /dev labeling. 2007-11-26 20:22:17 +00:00
Chris PeBenito
2f5c2f23da trunk: remove duplicate init_system_domain() call for setfiles, from Vaclav Ovsik. 2007-11-26 19:32:51 +00:00
Chris PeBenito
0aa18d9fd5 trunk: version bumps for previous commit. 2007-11-26 16:46:38 +00:00
Chris PeBenito
0b6acad1bb trunk: More complete labeled networking infrastructure from KaiGai Kohei. 2007-11-26 16:44:57 +00:00
Chris PeBenito
ccf6611bdd trunk: add unconfined_run_to(). 2007-11-16 19:50:34 +00:00
Chris PeBenito
013783b2b1 trunk: switch newrole and run_init over to use nsswitch. 2007-11-16 15:58:23 +00:00
Chris PeBenito
53da70cdaa trunk: deprecate seutil_manage_selinux_config() in favor of correctly named seutil_manage_config(). 2007-11-16 15:39:55 +00:00
Chris PeBenito
389ad7b48d trunk: reorganize selinuxutil. 2007-11-16 15:39:09 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
226c06969c trunk: 9 patches from dan. 2007-11-15 20:10:26 +00:00
Chris PeBenito
6c91189762 trunk: 8 patches from dan. 2007-11-15 16:54:18 +00:00
Chris PeBenito
9820351703 trunk: add in polmatch for default spd. 2007-11-14 15:53:18 +00:00
Chris PeBenito
bdccbacdd6 trunk: add labeled networking support to unconfined. 2007-11-14 14:38:45 +00:00
Chris PeBenito
847937da7d trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh. 2007-11-13 19:31:43 +00:00
Chris PeBenito
eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito
3ece11804e trunk: fix init_ranged_system_domain range_transition object class, from james carter. 2007-10-29 22:09:53 +00:00
Chris PeBenito
7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito
bd973e3e68 trunk: remove unused types from dbus. 2007-10-26 18:04:38 +00:00
Chris PeBenito
cdf98fedc0 trunk: 10 patches from dan. 2007-10-11 18:12:29 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
6c53a10e28 trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. 2007-10-05 18:00:55 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00