Chris PeBenito
c7a4cf3179
Module version bump for 9681df1
.
2010-03-22 08:58:41 -04:00
Chris PeBenito
32103f250f
Module version bump for d3b5907
.
2010-03-22 08:58:20 -04:00
Chris PeBenito
340af119b0
Minor tweaks on icecast.
2010-03-22 08:56:32 -04:00
Jeremy Solt
584dfaca45
icecast policy from Dan Walsh
...
Fixed some style and spacing issues
Replace manage_var_run interface with manage_pid_files with fewer permissions
Replaced rkit_daemon_system_domain with rtkit_schedule
2010-03-22 08:49:54 -04:00
Jeremy Solt
ac19f1ac26
rtkit patch from Dan Walsh:
...
rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
Needs sys_nice capability
Needs to getsched on all domains.
Fix bug in te file
Me:
changed interface name from rtkit_daemon_system_domain to rtkit_schedule
Already had sys_nice capability
2010-03-22 08:41:42 -04:00
Jeremy Solt
9681df1c8d
postgresql patch from Dan Walsh:
...
"File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info"
Moved signal interface for style.
2010-03-22 08:39:15 -04:00
Jeremy Solt
d3b5907ea4
openvpn needs ipc_lock capability, connects to http ports,
...
and manages net_conf_t files - from Dan Walsh
2010-03-22 08:36:47 -04:00
Chris PeBenito
47293bd8d6
Tftp patch from Dan Walsh.
2010-03-19 15:56:14 -04:00
Chris PeBenito
788ba75491
Uucp patch from Dan Walsh.
2010-03-19 15:49:12 -04:00
Chris PeBenito
bed0a44560
Zebra patch from Dan Walsh.
2010-03-19 15:45:25 -04:00
Chris PeBenito
bc31d12725
Libraries patch from Dan Walsh.
2010-03-19 14:21:23 -04:00
Chris PeBenito
0d86ea1d7b
Xen patch from Dan Walsh.
2010-03-19 11:54:50 -04:00
Chris PeBenito
b60df9f57d
Getty patch from Dan Walsh.
2010-03-19 11:05:56 -04:00
Chris PeBenito
1fa92b8a55
Sysnetwork patch from Dan Walsh.
2010-03-18 15:40:04 -04:00
Chris PeBenito
ddd786e404
Init patch from Dan Walsh.
2010-03-18 10:19:49 -04:00
Chris PeBenito
153ed8751a
Authlogin patch from Dan Walsh.
2010-03-18 08:59:25 -04:00
Chris PeBenito
4fbcd778de
Iptables patch from Dan Walsh.
2010-03-18 08:10:21 -04:00
Chris PeBenito
a124c0a81f
Udev patch from Dan Walsh.
2010-03-17 15:17:48 -04:00
Chris PeBenito
7a8807b627
Logging patch from Dan Walsh.
2010-03-17 14:40:06 -04:00
Chris PeBenito
90e65feca5
Ipsec patch from Dan Walsh.
2010-03-17 13:52:07 -04:00
Chris PeBenito
d13c6758a4
Modutils patch from Dan Walsh.
2010-03-17 11:59:14 -04:00
Chris PeBenito
0417386142
Kernel patch from Dan Walsh.
2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502
Domain patch from Dan Walsh.
2010-03-17 10:02:07 -04:00
Chris PeBenito
7b50b7053d
Module version bump for 6a03548
.
2010-03-17 09:42:46 -04:00
Jeremy Solt
6a035482dc
amavis uses uptime which reads utmp, and reads certs - from Dan Walsh
2010-03-17 09:41:18 -04:00
Chris PeBenito
827060cb04
Style fixes and module version bumps for 38fc1bd
.
2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
2a62db7883
Module version bump for 414a570
.
2010-03-16 15:28:36 -04:00
Jeremy Solt
414a5704df
fetchmail executes programs in bin (uname), from Dan Walsh
2010-03-16 15:27:40 -04:00
Chris PeBenito
e8871c2092
Add additional documentation to kernel_request_load_module().
2010-03-16 15:08:00 -04:00
Chris PeBenito
5911f3dbca
Module version bump for 935151a
.
2010-03-16 14:35:09 -04:00
Chris PeBenito
c6491af860
Module version bump for d12f18e
.
2010-03-16 14:34:50 -04:00
Chris PeBenito
9a59893e5a
Module version bump for d7ec247
.
2010-03-16 14:34:23 -04:00
Chris PeBenito
9570fc108e
Module version bump for 591af7b
.
2010-03-16 14:34:05 -04:00
Chris PeBenito
ce693cbbec
Module version bump for ae07c9e
.
2010-03-16 14:33:43 -04:00
Chris PeBenito
1656bf730f
Whitespace fixes in mailman.
2010-03-16 13:51:51 -04:00
Jeremy Solt
935151afcd
Change kernel_load_module to kernel_request_load_module for howl from Dan Walsh
2010-03-16 13:44:55 -04:00
Jeremy Solt
d12f18e452
Change kernel_load_module to kernel_request_load_module from Dan Walsh
2010-03-16 13:44:52 -04:00
Jeremy Solt
d7ec24785b
File context update for certmaster from Dan Walsh
2010-03-16 13:44:50 -04:00
Jeremy Solt
591af7be0c
file context updates from Dan Walsh
2010-03-16 13:44:48 -04:00
Jeremy Solt
ae07c9e2e8
Screen needs to setattr on user_ttydevice_t from Dan Walsh
2010-03-16 13:36:45 -04:00
Chris PeBenito
fad6e761bf
Whitespace fix for mcelog.
2010-03-16 13:15:38 -04:00
Chris PeBenito
fce868d074
Module version bump for f7d413a
.
2010-03-16 13:15:00 -04:00
Chris PeBenito
bf140fc32c
Rearrange interfaces in fail2ban.
2010-03-16 13:14:46 -04:00
Chris PeBenito
580279da88
Module version bump for 74b51e6
.
2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7
Whitespace fixes for smoltclient.
2010-03-16 13:11:53 -04:00
Chris PeBenito
ba1c45337b
Module version bump for 3137148
.
2010-03-16 13:10:14 -04:00
Jeremy Solt
1484157201
mcelog policy from Dan Walsh
...
Me: Removed permissive line, and fixed a couple style issues
2010-03-16 11:47:07 -04:00
Jeremy Solt
f7d413af27
fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh
...
Did not include dontaudit_leaks interface
Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set
2010-03-16 11:44:35 -04:00
Jeremy Solt
74b51e6db2
Firstboot sends dbus messages from Dan Walsh
...
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd
Policy for smolt sendProfile client from Dan Walsh
2010-03-16 11:37:56 -04:00
Jeremy Solt
31371480b0
Run interface for ptchown from Dan Walsh
2010-03-16 11:34:58 -04:00
Chris PeBenito
37e2499ed1
Module version bump for 1d3d00b
.
2010-03-12 11:43:09 -05:00
Chris PeBenito
ce0570dc6d
Module version bump for e172614
.
2010-03-12 11:42:28 -05:00
Chris PeBenito
7af0e9bc95
Filesystem patch from Dan Walsh.
2010-03-12 11:40:59 -05:00
Chris PeBenito
9e506eb236
Rearrange lines in alsa an mysql.
2010-03-12 08:59:23 -05:00
Chris PeBenito
e172614b57
Whitespace cleanup on mysql.if.
2010-03-12 08:55:34 -05:00
Jeremy Solt
1d3d00b279
Manage alsa writable config files interface from Dan Walsh
...
Moved term_dontaudit_use_console for style.
2010-03-12 08:54:29 -05:00
Jeremy Solt
12a6a53f63
mysql policy from Dan Walsh
...
My changes to patch:
A couple changes to match style.
Removed files_dontaudit_search_all_mountpoints(mysqld_safe_t), it doesn't exist in refpolicy
2010-03-12 08:54:29 -05:00
Chris PeBenito
2f0e3a4e7e
Raid patch from Dan Walsh.
2010-03-09 15:33:29 -05:00
Chris PeBenito
30496b1575
Iscsi and tgtd patches from Dan Walsh.
2010-03-09 15:17:16 -05:00
Chris PeBenito
939eaf2f13
Fstools patch from Dan Walsh.
2010-03-09 14:32:17 -05:00
Chris PeBenito
d0a6df5c47
Miscfiles patch from Dan Walsh.
2010-03-09 10:44:55 -05:00
Chris PeBenito
547d62ea9e
Module version bump for ddae1cc
.
2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec
Creates sock files in /tmp, reads network state. - From Dan Walsh
...
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
2010-03-09 09:32:23 -05:00
Chris PeBenito
bd063de6c4
Fix another corenetwork typo.
2010-03-08 11:04:40 -05:00
Chris PeBenito
6f9c3c4895
Module version bump for 42fa15b
.
2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa
Module version bump for 3fcdc39
.
2010-03-08 10:02:58 -05:00
Chris PeBenito
5dac50953f
Module version bump for cf3da95
.
2010-03-08 10:02:34 -05:00
Chris PeBenito
e2e1b6721b
Minor style fixes.
2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75
Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764
shorewall log file from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
cf3da95084
Allow cdrecord_t to execute bin_t from Dan Walsh
...
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito
4af2b3fb98
Add back missing s0 on network_port().
2010-03-08 07:59:56 -05:00
Chris PeBenito
09b92dcc3c
Guest patch from Dan Walsh.
2010-03-05 14:09:49 -05:00
Chris PeBenito
9c709c46a1
Corenetwork patch from Dan Walsh.
2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b
Corecommands patch from Dan Walsh.
2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc
Devices patch from Dan Walsh.
2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba
Storage patch from Dan Walsh.
2010-03-04 14:23:44 -05:00
Dominick Grift
183f79e38e
Fix cobbler_admin interface to require cobblerd_initrc_exec_t.
...
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-04 14:12:41 -05:00
Chris PeBenito
eeb7616f5e
Corenetwork patch from Dan Walsh.
2010-03-04 13:50:46 -05:00
Chris PeBenito
c9ab7707b3
add write to manage_lnk_file_perms.
2010-03-04 11:29:06 -05:00
Chris PeBenito
1112a5bc20
Module version bump for be47d75.
2010-03-04 09:18:04 -05:00
Chris PeBenito
ec0205ff73
Module version bump for e1e78df.
2010-03-04 09:18:04 -05:00
Chris PeBenito
b7070a9f3d
Module version bump for 52b215f.
2010-03-04 09:18:04 -05:00
Chris PeBenito
cb6385d0ba
Module version bump for cf5e81d.
2010-03-04 09:18:04 -05:00
Chris PeBenito
c4faa1db8e
Module version bump for 96b7e9f.
2010-03-04 09:18:04 -05:00
Chris PeBenito
812f30af02
Module version bump for a005018.
2010-03-04 09:18:04 -05:00
Chris PeBenito
4931c57e4b
Add additional comments for e1e78df.
2010-03-04 09:18:04 -05:00
Jeremy Solt
4d2680e508
hotplug transition to brctl from Dan Walsh
2010-03-04 09:18:04 -05:00
Jeremy Solt
9a1f0d21e1
Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
...
Patch from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
15ae77bd77
Domain transition for apmd to vbetool from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
6a9ef9e852
gen_require typo fix in dbadm.if from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
a739053cf5
Changed amavis_initrc_domtrans domain summary to match style.
2010-03-04 09:18:03 -05:00
Jeremy Solt
6665c3c768
Changed arpwatch_initrc_domtrans domain summary to match style.
...
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
2010-03-04 09:18:03 -05:00
Dominick Grift
d783374bc9
Various arpwatch fixes.
...
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
6eed0aa57c
Modified apcupsd_initrc_domtrans interface summary to match style.
...
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
2010-03-04 09:18:03 -05:00
Dominick Grift
eda6417669
Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.
...
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
3b814894c7
Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
...
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
2010-03-04 09:18:02 -05:00
Dominick Grift
88340b904a
Various amavis fixes.
...
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:02 -05:00
Chris PeBenito
402bbb9fe9
Improve documentation of udev_read_db().
2010-03-03 14:16:36 -05:00
Chris PeBenito
b675cec7f8
Improve documentation of seutil_sigchld_newrole().
2010-03-03 14:16:22 -05:00
Chris PeBenito
4a4436a778
Add examples to documentation of common corenetwork interfaces.
2010-03-03 13:42:15 -05:00
Chris PeBenito
a6bafb5a25
Module version bump for bf530f5
.
2010-03-03 13:11:58 -05:00
Dominick Grift
bf530f532c
Various permission set fixes.
...
Fix various interfaces to use permission sets for compatiblity with open permission.
Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.
The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
Chris PeBenito
b58db31da6
Improve the documentation of application_domain().
2010-03-03 10:37:58 -05:00
Chris PeBenito
d24a7df15c
Improve the documentation of auth_use_nsswitch().
2010-03-03 10:37:37 -05:00
Chris PeBenito
0bbb165448
Improve the documentation of nis_use_ypbind().
2010-03-03 10:37:15 -05:00
Dominick Grift
4cb24aed7b
Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
Chris PeBenito
c46376e665
Improve documentation for userdomain interfaces:
...
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00
Chris PeBenito
88daf126f2
Improve the documentation of domain interfaces:
...
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652
Improve the documentation of ubac_constrained().
2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e
Improve the documentation of devices interfaces:
...
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69
Improve filesystem interfaces:
...
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
42f1b11482
Module version bump for 03dd57f
.
2010-03-01 13:34:10 -05:00
Dominick Grift
03dd57fe7b
Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
Chris PeBenito
7cf2858e4a
Improve the documentation of files interfaces:
...
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
5fb5bf2686
Additional docs for logging_log_filetrans().
2010-03-01 10:38:24 -05:00
Chris PeBenito
42eb0f10a9
Improve the documentation of corenetwork interfaces
...
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
14e543cb1c
Improve the documentation of unconfined_domain().
2010-02-26 13:47:17 -05:00
Chris PeBenito
45185c0783
Improve the documentation of logging_log_file() and logging_log_filetrans().
2010-02-26 09:34:41 -05:00
Chris PeBenito
3a744d1275
Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
2010-02-26 08:58:32 -05:00
Chris PeBenito
13f000d2ef
Improve the documentation of:
...
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()
2010-02-25 16:00:58 -05:00
Chris PeBenito
d6887176c1
Improve sysnet_read_config() documentation.
2010-02-25 13:54:34 -05:00
Chris PeBenito
81a0fb4024
Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage.
2010-02-25 13:53:52 -05:00
Chris PeBenito
7a0c0b4088
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4
Add additional documentation to files_type().
2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e
Rearrange files interfaces.
2010-02-25 08:32:22 -05:00
Chris PeBenito
6e48775f75
Improve documentation on logging_send_syslog_msg().
2010-02-24 15:56:05 -05:00
Chris PeBenito
fca4a96bae
Improve documentation on files_read_etc_files().
2010-02-24 15:20:03 -05:00
Chris PeBenito
611bc9311d
Improve documentation on miscfiles_read_localization().
2010-02-24 14:56:07 -05:00
Chris PeBenito
d124921979
Module version bump for cd17345
.
2010-02-24 10:13:12 -05:00
Dominick Grift
cd17345324
Various abrt fixes.
...
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:11:51 -05:00
Chris PeBenito
2040268b01
Module version bump for 534e57b
.
2010-02-24 10:08:41 -05:00
Dominick Grift
534e57b770
Various afs fixes.
...
Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:07:28 -05:00
Dominick Grift
6306637c89
mysqlmanagerd_var_run_t is not a domain type.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:00:05 -05:00
Chris PeBenito
1021460884
Minor tweaks and module version bump for 68cda59
.
2010-02-23 13:58:18 -05:00
Chris Richards
68cda59844
Add MySQL Manager to MySQL policy module
...
Second submission to fix mistakes from first.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
1049180cd8
Automount patch from Dan Walsh.
2010-02-19 13:50:01 -05:00
Chris PeBenito
fa03ecc046
Shorewall patch from Dan Walsh.
2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378
Vbetool patch from Dan Walsh.
2010-02-19 11:34:28 -05:00
Chris PeBenito
4fd0889171
Java patch from Dan Walsh.
2010-02-19 11:21:38 -05:00
Chris PeBenito
1e0f483a18
Mono patch from Dan Walsh.
2010-02-19 10:42:43 -05:00
Chris PeBenito
a777957b49
Rename qemu_unconfined_t to unconfined_qemu_t.
2010-02-19 10:27:09 -05:00
Chris PeBenito
8a1c9c505f
Rearrage qemu.if.
2010-02-19 10:16:28 -05:00
Chris PeBenito
72295e93e1
Qemu patch from Dan Walsh.
2010-02-19 10:15:19 -05:00
Chris PeBenito
29b580ce8f
Add sectoolm by Miroslav Grepl.
2010-02-19 09:39:06 -05:00
Chris PeBenito
4796d07ee0
Wine patch from Dan Walsh.
2010-02-19 09:17:51 -05:00
Chris PeBenito
6a9da24987
Useradd home dir creation fix from Gentoo.
2010-02-17 20:34:23 -05:00
Chris PeBenito
2f84a77d22
Syslog fixes from Gentoo.
2010-02-17 20:33:53 -05:00