Chris PeBenito
4922765ec6
trunk: fix certwatch_run() interface, which had a typo in the name.
2007-08-30 15:01:48 +00:00
Chris PeBenito
752ddf588f
trunk: add missing commas in can_exec in daemontools that worked by luck.
2007-08-24 15:55:06 +00:00
Chris PeBenito
2af7b42a06
trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels.
2007-08-22 20:21:52 +00:00
Chris PeBenito
8d2c34195e
trunk: updates from dan on 9 modules
2007-08-22 20:02:41 +00:00
Chris PeBenito
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
Chris PeBenito
d46cfe45cd
trunk: add application module
2007-07-19 18:57:48 +00:00
Chris PeBenito
6929521e0a
trunk: fix missed netlabel deprecation
2007-07-19 15:11:19 +00:00
Chris PeBenito
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
Chris PeBenito
113b4fc4a2
Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module.
2007-06-28 17:25:46 +00:00
Chris PeBenito
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
7f089782ae
trunk: xen updates from dan
2007-06-21 13:36:05 +00:00
Chris PeBenito
92d1ade254
trunk: trivial gentoo tweaks
2007-06-20 20:08:26 +00:00
Chris PeBenito
cb10a2d5bf
trunk: Tunable connection to postgresql for users from KaiGai Kohei.
2007-06-19 14:30:06 +00:00
Chris PeBenito
d5b81a81ff
trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern().
2007-06-12 18:46:14 +00:00
Chris PeBenito
6649aec9d0
trunk: 3 patches from dan
2007-06-11 15:43:37 +00:00
Chris PeBenito
d534d35a7e
trunk: 5 patches from dan
2007-06-11 15:01:10 +00:00
Chris PeBenito
7782966db1
add fc entry for make_reiser4
2007-06-08 20:01:34 +00:00
Chris PeBenito
38d0cf1b8a
trunk: long overdue cleanup from when range_transitions were only in the base module
2007-05-14 15:35:47 +00:00
Chris PeBenito
762d2cb989
merge restorecon into setfiles
2007-05-11 17:10:43 +00:00
Chris PeBenito
0ef5d66468
textrel lib update from dan
2007-05-03 13:43:44 +00:00
Chris PeBenito
882186c933
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
...
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
Chris PeBenito
d28e528b0d
Fixes for RHEL4 from the CLIP project.
2007-04-27 15:08:15 +00:00
Chris PeBenito
b4dfdc7d30
Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties.
2007-04-19 14:30:57 +00:00
Chris PeBenito
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
Chris PeBenito
697489040e
5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes
2007-04-11 17:56:03 +00:00
Chris PeBenito
82e284bb89
last piece of dan's previous patch
2007-04-11 13:31:10 +00:00
Chris PeBenito
19b2dee3cc
confine ldconfig in targeted, from dan
2007-04-10 19:39:22 +00:00
Chris PeBenito
98faba122c
gentoo /lib can be a symlink on x86-64 systems
2007-04-02 13:33:18 +00:00
Chris PeBenito
a26923c32e
Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file.
2007-03-28 18:47:45 +00:00
Chris PeBenito
9e8f65c83e
six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed
2007-03-26 20:47:29 +00:00
Chris PeBenito
56e1b3d207
- Move booleans and tunables to modules when it is only used in a single
...
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89
remove disable_trans booleans
2007-03-23 21:01:49 +00:00
Chris PeBenito
5f5b7a1ec6
network fix from dan
2007-03-22 14:33:00 +00:00
Chris PeBenito
cc9130b90a
one-liner from dan
2007-03-22 14:01:55 +00:00
Chris PeBenito
a5f5eba459
Add dontaudits for init fds and console to init_daemon_domain().
2007-03-20 18:47:18 +00:00
Chris PeBenito
c224d91c7b
from Dan:
...
This is a new policy for the User Switching capability coming in gnome.
consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
c5561c777d
patches for lvm and ricci fixes from Dan Walsh.
2007-03-06 15:35:02 +00:00
Chris PeBenito
ecc98e19e3
patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh.
2007-03-01 15:43:39 +00:00
Chris PeBenito
ca448bd66c
add init_exec() to init_telinit().
2007-02-26 20:19:53 +00:00
Chris PeBenito
5c45eaede1
On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
...
> audit needs fsetid
>
> syslog needs to be able to create a tcp_socket for off machine logging.
2007-02-23 20:19:29 +00:00
Chris PeBenito
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863
patch from dan for some missing gen_require()s
2006-11-29 13:44:40 +00:00
Chris PeBenito
c6a60bb28d
On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
...
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
2006-11-14 13:38:52 +00:00
Chris PeBenito
ed38ca9f3d
fixes from gentoo strict testing:
...
- Allow semanage to read from /root on strict non-MLS for
local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito
0f9a2be65d
add missing gentoo file contexts for initrc and lvm
2006-11-07 19:38:10 +00:00