Chris PeBenito
95ea7d6986
trunk: Add x_device permissions for XI2 functions, from Eamon Walsh.
2009-06-18 13:07:23 +00:00
Chris PeBenito
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe
trunk: add gpsd from miroslav grepl
2009-06-02 14:28:40 +00:00
Chris PeBenito
350ed89156
se-postgresql update from kaigai
...
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
db_database:{getattr}
db_table:{getattr lock}
db_column:{getattr}
db_procedure:{drop getattr setattr}
db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
impossible to refer read-only table with foreign-key constraint.
(FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
It should allow them on sepgsql_trusted_proc_exec_t.
I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
Chris PeBenito
da3ed0667f
trunk: lircd from miroslav grepl
2009-05-06 15:09:46 +00:00
Chris PeBenito
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
Chris PeBenito
0cf1d56018
trunk: Milter state directory patch from Paul Howarth.
2009-04-21 20:40:45 +00:00
Chris PeBenito
a5ef553c2d
trunk: 5 modules from dan.
2009-04-20 19:03:15 +00:00
Chris PeBenito
153fe24bdc
trunk: 5 patches from dan.
2009-04-07 14:09:43 +00:00
Chris PeBenito
42d567c3f4
trunk: 6 patches from dan.
2009-03-31 13:40:59 +00:00
Chris PeBenito
3c9b2e9bc6
trunk: 6 patches from dan.
2009-03-19 17:56:10 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
Chris PeBenito
81fa19ed73
trunk: remove unused udev_runtime_t type.
2009-02-24 19:31:08 +00:00
Chris PeBenito
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
Chris PeBenito
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09
trunk: btrfs from Paul Moore.
2009-01-30 13:44:14 +00:00
Chris PeBenito
466e22a8ba
trunk: Add db_procedure install permission from KaiGai Kohei.
2009-01-23 19:49:36 +00:00
Chris PeBenito
019dfaf9dc
trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project.
2009-01-15 20:31:06 +00:00
Chris PeBenito
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
Chris PeBenito
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
347a701119
trunk: Add kernel_service access vectors, from Stephen Smalley.
2009-01-05 21:44:33 +00:00
Chris PeBenito
e66a0cad18
trunk: check in version and changelog for release.
2008-12-10 19:49:42 +00:00
Chris PeBenito
3196971ae8
trunk: Fix consistency of audioentropy and iscsi module naming.
2008-12-09 16:47:33 +00:00
Chris PeBenito
b3eb124654
trunk: Debian file context fix for xen from Russell Coker.
2008-11-24 15:34:54 +00:00
Chris PeBenito
b9e5238a24
trunk: add milter module from Paul Howarth.
2008-11-24 15:06:58 +00:00
Chris PeBenito
7f49194215
trunk: Xserver MLS fix from Eamon Walsh.
2008-11-17 13:49:19 +00:00
Chris PeBenito
99282e6be0
trunk: add omapi port for dhcpcd.
2008-11-12 13:11:00 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
6e68e6bb5e
trunk: Move shared library calls from individual modules to the domain module.
2008-10-17 17:36:56 +00:00
Chris PeBenito
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40
trunk: Remove hierarchy from portage module as it is not a good example of hieararchy.
2008-10-15 19:56:33 +00:00
Chris PeBenito
b19f862271
trunk: Remove enableaudit target from modular build as semodule -DB supplants it.
2008-10-15 14:30:14 +00:00
Chris PeBenito
40db860272
trunk: version bits for the release.
2008-10-14 17:38:03 +00:00
Chris PeBenito
967fd1ba3f
trunk: 8 patches from dan.
2008-10-08 20:03:24 +00:00
Chris PeBenito
73edbc9101
trunk: add oident from dominick grift.
2008-10-06 14:01:59 +00:00
Chris PeBenito
52ceaaac6e
trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr.
2008-09-11 14:02:53 +00:00
Chris PeBenito
a71e136cc3
trunk: add cyphesis from dan.
2008-09-03 14:46:10 +00:00
Chris PeBenito
e40fa634b2
trunk: Logrotate and Bind updates from Vaclav Ovsik.
2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635
trunk: first part of init script labeling support.
2008-08-29 19:00:02 +00:00
Chris PeBenito
32f8ff393b
trunk: add w3c from dan.
2008-08-21 13:52:52 +00:00
Chris PeBenito
9c4500b2f4
trunk: Glibc 2.7 fix from Vaclav Ovsik.
2008-08-12 19:33:18 +00:00
Chris PeBenito
8a948caf2b
trunk: 11 more cherry picks from fedora policy, by david hardeman.
2008-08-07 14:17:50 +00:00
Chris PeBenito
b81bfc2651
trunk: Samba/winbind update from Mike Edenfield.
2008-08-05 12:54:11 +00:00
Chris PeBenito
3338f231d5
trunk: Policy size optimization with a non-security file attribute from James Carter.
2008-07-31 14:05:46 +00:00
Chris PeBenito
dc1920b218
trunk: Database labeled networking update from KaiGai Kohei.
2008-07-25 04:07:09 +00:00
Chris PeBenito
6224fc1485
trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
Chris PeBenito
2b592aa495
trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus
2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086
trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage.
2008-07-15 15:33:51 +00:00
Chris PeBenito
e64c38c7a4
trunk: VERSION and Changelog update for release.
2008-07-02 15:39:31 +00:00
Chris PeBenito
e311e23a44
trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.
2008-07-01 13:57:53 +00:00
Chris PeBenito
c5cfd2d405
trunk: Add unused interface/template parameter metadata in XML.
2008-06-24 14:23:40 +00:00
Chris PeBenito
8c6292b7a4
trunk: Patch to handle postfix data_directory from Vaclav Ovsik.
2008-06-24 13:21:35 +00:00
Chris PeBenito
131634a581
trunk: podsleuth and hal updates from dan.
2008-06-17 14:07:44 +00:00
Chris PeBenito
eb4216397c
trunk: add qemu and virt from dan.
2008-06-16 18:59:07 +00:00
Chris PeBenito
e8cb08aefa
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
Chris PeBenito
ef55a11980
trunk: Patch for X.org dbus support from Martin Orr.
2008-06-07 13:31:48 +00:00
Chris PeBenito
cdbd09f65e
trunk: add prelude from dan.
2008-06-06 03:13:42 +00:00
Chris PeBenito
308baad28c
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
Chris PeBenito
782c10e949
trunk: add kerneloops from dan.
2008-05-26 17:47:49 +00:00
Chris PeBenito
ff79b83c51
trunk: add kismet from dan.
2008-05-26 15:35:25 +00:00
Chris PeBenito
4416c416fa
trunk: Module loading now requires setsched on kernel threads.
2008-05-22 18:39:03 +00:00
Chris PeBenito
a42ce93a4d
trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
2008-05-12 20:05:32 +00:00
Chris PeBenito
d923d54c08
trunk: X application data class from Eamon Walsh and Ted Toth.
2008-05-06 14:37:05 +00:00
Chris PeBenito
e9c6cda7da
trunk: Move user roles into individual modules.
2008-04-29 13:58:34 +00:00
Chris PeBenito
7e11b74087
trunk: make hald_log_t a log file.
2008-04-18 16:04:15 +00:00
Chris PeBenito
2083db2e40
trunk: Cryptsetup runs shell scripts. Patch from Martin Orr.
2008-04-18 15:32:03 +00:00
Chris PeBenito
c07f9ccd18
trunk: Add file for enabling policy capabilities.
2008-04-18 14:21:01 +00:00
Chris PeBenito
75da4b8ad3
trunk: Patch to fix leaky interface/template call depth calculator from Vaclav Ovsik.
2008-04-18 12:57:01 +00:00
Chris PeBenito
c565b44f9c
trunk: release
2008-04-02 18:44:07 +00:00
Chris PeBenito
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
Chris PeBenito
9377a3e59c
trunk: fix winbind socket connection interface for default location of the sock_file.
2008-03-21 14:18:13 +00:00
Chris PeBenito
6e2123fc72
trunk: add wireshark.
2008-03-14 15:26:52 +00:00
Chris PeBenito
47333d8246
trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.
2008-03-10 19:29:47 +00:00
Chris PeBenito
e276d50e21
trunk: Add iferror.m4 rather generate it out of the Makefiles.
2008-03-06 20:17:46 +00:00
Chris PeBenito
210607be61
trunk: Definitions for open permisson on file and similar objects from Eric Paris.
2008-03-04 20:19:29 +00:00
Chris PeBenito
e065ac8ab5
trunk: Apt updates for ptys and logs, from Martin Orr.
2008-03-04 19:48:58 +00:00
Chris PeBenito
01e8ff4ab3
trunk: rpc update from Vaclav Ovsik.
2008-03-04 19:14:08 +00:00
Chris PeBenito
d57a094347
trunk: Exim updates on Debian from Devin Carrawy.
2008-03-04 18:25:13 +00:00
Chris PeBenito
9fa023ff58
trunk: Pam and samba updates from Stefan Schulze Frielinghaus.
2008-02-19 19:33:48 +00:00
Chris PeBenito
45b56b01e8
trunk: Backup update on Debian from Vaclav Ovsik.
2008-02-19 14:26:59 +00:00
Chris PeBenito
51223bfc56
trunk: Cracklib update on Deban from Vaclav Ovsik.
2008-02-19 14:06:11 +00:00
Chris PeBenito
037fc0f4e6
trunk: label /proc/kallsyms with system_map_t.
2008-02-15 19:59:10 +00:00
Chris PeBenito
8b9ffed517
trunk: add capability2 class, from Stephen Smalley.
2008-02-07 17:51:59 +00:00
Chris PeBenito
f3da31d339
trunk: Labeled networking peer object class updates.
2008-01-03 16:20:01 +00:00
Chris PeBenito
cde477c7e5
trunk: package versioning for release.
2007-12-14 18:49:30 +00:00
Chris PeBenito
1abafe3707
trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
2007-12-12 16:18:50 +00:00
Chris PeBenito
dd9e1de35e
trunk: Improve several tunables descriptions from Dan Walsh.
2007-12-07 15:44:53 +00:00
Chris PeBenito
c0cf6e0a6e
trunk: clean up nsswitch usage, from dan.
2007-12-04 15:05:55 +00:00
Chris PeBenito
0b6acad1bb
trunk: More complete labeled networking infrastructure from KaiGai Kohei.
2007-11-26 16:44:57 +00:00
Chris PeBenito
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
Chris PeBenito
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
Chris PeBenito
4605adcba7
trunk: add postfixpolicyd from Jan-Frode Myklebust.
2007-11-07 20:17:44 +00:00
Chris PeBenito
164772b537
trunk: Russian man page translations from Andrey Markelov.
2007-10-29 18:45:24 +00:00
Chris PeBenito
bd973e3e68
trunk: remove unused types from dbus.
2007-10-26 18:04:38 +00:00
Chris PeBenito
6bf8bf4f5c
trunk: add exim from dan.
2007-10-24 15:07:40 +00:00
Chris PeBenito
a334d2918f
trunk: add infrastructure for managing user web content.
2007-10-18 19:23:33 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00