Commit Graph

410 Commits

Author SHA1 Message Date
Chris PeBenito
704327e8b2 fix transitions in and out of unconfined. fix bugs uncovered by rawhide testing 2005-11-16 21:08:52 +00:00
Chris PeBenito
2e0a880165 changed rules fixes 2005-11-10 21:37:54 +00:00
Chris PeBenito
725926c586 pile of sediff fixes 2005-11-08 22:00:30 +00:00
Chris PeBenito
8967bf8b89 merge in some of dan's old policy changes 2005-11-07 20:09:28 +00:00
Chris PeBenito
7afca0b4c1 user tty fixes 2005-11-03 19:33:53 +00:00
Don Miner
8f882ffcd9 Added rules so that tracepath, traceroute and ping work. 2005-11-02 20:44:17 +00:00
Chris PeBenito
73ef293bc5 fixes just so sediff is easier to handle 2005-11-01 21:15:11 +00:00
Chris PeBenito
31a1c2df88 fix filesystem associations 2005-11-01 15:45:00 +00:00
Chris PeBenito
30910b37c6 more fixes 2005-10-31 22:19:16 +00:00
Chris PeBenito
f0f18e0734 typo 2005-10-28 15:12:23 +00:00
Chris PeBenito
495a7026d9 add missing range transition 2005-10-28 15:09:03 +00:00
Chris PeBenito
005a9aa6e2 initrc fixes 2005-10-28 14:34:26 +00:00
Chris PeBenito
4614e83fbb more fixing 2005-10-26 21:03:19 +00:00
Chris PeBenito
33acca55ce pile o fixes 2005-10-26 16:00:13 +00:00
Chris PeBenito
c3cf6693c7 try to fix associations 2005-10-25 20:06:27 +00:00
Chris PeBenito
2aec1461b4 use our own interface to make maintenance easier 2005-10-25 18:13:47 +00:00
Chris PeBenito
7eec657c86 add default_t read back 2005-10-25 18:00:42 +00:00
Chris PeBenito
60789e16d0 fixes 2005-10-25 02:51:07 +00:00
Don Miner
c11417c4df Reduced the number of differences in amanda between the targeted and the refpolicy 2005-10-24 21:35:50 +00:00
Chris PeBenito
67167371a5 fix most of samba 2005-10-24 21:33:46 +00:00
Chris PeBenito
7ebd6a9079 add proc_net lnk 2005-10-24 20:25:59 +00:00
Chris PeBenito
30705b6bc0 fixes 2005-10-24 19:50:21 +00:00
Chris PeBenito
9bbc757a76 more fix 2005-10-24 18:40:24 +00:00
Chris PeBenito
15fefa4958 remove bin policy and kern module assertions for now 2005-10-24 15:10:03 +00:00
Chris PeBenito
1480d3ad21 fix mls r_t 2005-10-24 14:22:13 +00:00
Chris PeBenito
34e722f3cd more sediff 2005-10-24 14:15:29 +00:00
Chris PeBenito
710791f1a4 more missing types 2005-10-24 03:52:35 +00:00
Chris PeBenito
19b5555f77 more fixes 2005-10-24 03:21:26 +00:00
Chris PeBenito
43989f82f8 add rpc 2005-10-24 01:53:13 +00:00
Chris PeBenito
2db2c7d099 fixes from sediff 2005-10-24 00:54:39 +00:00
Chris PeBenito
f85544209a nwmgr fixes 2005-10-23 22:46:06 +00:00
Chris PeBenito
ef5ca0fb79 add cups 2005-10-23 22:10:59 +00:00
Chris PeBenito
230838e117 add pegasus 2005-10-22 21:55:39 +00:00
Chris PeBenito
ad3b9d76dc add lpd 2005-10-22 21:09:03 +00:00
Chris PeBenito
10b1f324d5 add amanda 2005-10-22 19:58:58 +00:00
Chris PeBenito
1f8a8bbbbd more sediff fixes 2005-10-21 22:56:41 +00:00
Chris PeBenito
e6a2eaffdf more fixes 2005-10-21 21:35:25 +00:00
Chris PeBenito
da4fc9ce2b sediff fixes 2005-10-21 19:36:49 +00:00
Chris PeBenito
23a4442bf1 add xdm 2005-10-21 17:55:15 +00:00
Chris PeBenito
cf6141a72e fix corenetwork generation and add distcc 2005-10-21 13:11:17 +00:00
Chris PeBenito
12ae7557d3 piles of fixes for loadable modules 2005-10-18 18:25:33 +00:00
Chris PeBenito
c3812748c3 misc fixes 2005-10-18 15:07:11 +00:00
Chris PeBenito
e749cd12a6 wrap up almost all of apache 2005-10-17 17:55:38 +00:00
Chris PeBenito
e08118a52f add ppp 2005-10-14 20:00:07 +00:00
Chris PeBenito
d8636fc937 more merging from 1.27.1-15 2005-10-14 17:55:40 +00:00
Chris PeBenito
77f6e2cd27 partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00
Chris PeBenito
c2b18fa1f3 more apache work 2005-10-12 16:23:22 +00:00
Chris PeBenito
4483ee849c add apm and arpwatch. fix implementation error on fs_getattr_all_files,
splitting it up into correct interfaces.
2005-10-10 18:11:46 +00:00
Chris PeBenito
e02c61cfa4 rename context_template() to gen_context() 2005-10-06 19:33:06 +00:00
Chris PeBenito
a5ec7cb6c4 more pieces of ftp 2005-09-29 13:32:28 +00:00
Chris PeBenito
f0574fa9aa add mls privileges 2005-09-26 20:26:32 +00:00
Chris PeBenito
6d788d87d1 comment fix 2005-09-26 20:24:44 +00:00
Chris PeBenito
842859260c add kudzu 2005-09-23 19:38:34 +00:00
Chris PeBenito
0058418017 remove classes from gen_requires, and disable net_raw for now 2005-09-23 15:37:41 +00:00
Chris PeBenito
681c9a02e7 fixes from sediff 2005-09-22 21:59:50 +00:00
Chris PeBenito
25c6746156 loadable module compile fixes 2005-09-21 20:01:40 +00:00
Chris PeBenito
9210553ecb add cpucontrol 2005-09-20 18:15:35 +00:00
Chris PeBenito
a1fcff33f2 final updates from nsa cvs 2005-09-19 21:17:45 +00:00
Chris PeBenito
41c4800de4 a few module compile fixes 2005-09-19 14:18:48 +00:00
Chris PeBenito
cf6a7d8993 more upstream merging 2005-09-16 21:20:37 +00:00
Chris PeBenito
cff75c90ca more upstream merging 2005-09-16 19:36:10 +00:00
Chris PeBenito
ccc5978224 add snmp 2005-09-16 14:54:36 +00:00
Chris PeBenito
a0824843c2 more merging from nsa cvs 2005-09-16 13:36:26 +00:00
Chris PeBenito
98a8ead4c5 more updates 2005-09-15 21:03:29 +00:00
Chris PeBenito
605ba28540 more merging from nsa cvs 2005-09-15 15:34:31 +00:00
Chris PeBenito
84c92239d4 add samba 2005-09-14 18:33:53 +00:00
Chris PeBenito
71fe0fa4c5 fixes for module compiling 2005-09-14 00:30:10 +00:00
Chris PeBenito
0907bda1e0 more merging of NSA CVS policy 2005-09-13 13:06:07 +00:00
Chris PeBenito
2705f9a0f3 begin merging in upstream NSA CVS changes 2005-09-12 21:40:56 +00:00
Chris PeBenito
712566ee41 fixes to make base module compilable 2005-09-12 15:17:39 +00:00
Chris PeBenito
603f90ab9d misc fixes 2005-09-05 18:17:17 +00:00
Chris PeBenito
b11a75a5e3 add ntp 2005-09-05 16:47:19 +00:00
Chris PeBenito
fdae8e755e add hal 2005-09-02 20:29:52 +00:00
Chris PeBenito
0f707d52ab add squid 2005-09-02 19:11:07 +00:00
Chris PeBenito
9d3bdc25af fix bugs uncovered from sediff 2005-09-01 20:13:42 +00:00
Chris PeBenito
6af06cd8b6 fix typos 2005-08-31 16:54:19 +00:00
Chris PeBenito
6e61566dba add comsat. clean up kerberos and nscd interfaces 2005-08-31 15:25:12 +00:00
Chris PeBenito
246839f3d2 fix up most of mta attribute insanity 2005-08-30 20:47:41 +00:00
Chris PeBenito
d83fdad248 add bind 2005-08-23 17:26:19 +00:00
Chris PeBenito
f6e28abbab moved to selinux module 2005-08-19 20:05:02 +00:00
Chris PeBenito
fb0a3a98c6 initial support for compiling loadable modules 2005-08-18 21:27:20 +00:00
Chris PeBenito
2d803edc73 more debian cleanup 2005-08-17 14:09:29 +00:00
Chris PeBenito
5f38a65aab try to knock out more of the distro_debian bootloader stuff 2005-08-15 19:31:37 +00:00
Chris PeBenito
8843093607 more comments 2005-08-12 19:28:30 +00:00
Chris PeBenito
f0b1efa2a2 all dev nodes assoc to tmpfs, since most everyone is moving to udev 2005-08-12 19:28:15 +00:00
Chris PeBenito
35b494789d fix some udev naming 2005-08-12 18:13:03 +00:00
Chris PeBenito
f7ebea06e3 finalize desc -> summary xml change 2005-08-11 17:46:39 +00:00
Chris PeBenito
052c953ae5 add quota 2005-08-11 14:49:58 +00:00
Chris PeBenito
9489149ec0 add su 2005-08-08 21:03:23 +00:00
Chris PeBenito
dce68dc48d add updfstab 2005-08-08 15:51:15 +00:00
Chris PeBenito
e5590ea5ec work on user transition 2005-07-28 20:52:55 +00:00
Chris PeBenito
022f61c0e3 add connect interface on ports to handle name_connect tcp perm 2005-07-22 15:38:01 +00:00
Chris PeBenito
50527cf581 make network_interface able to support multiple interfaces having the same type 2005-07-22 14:00:38 +00:00
Chris PeBenito
ef424c14d4 name_connect only on tcp_sockets 2005-07-20 17:10:07 +00:00
Chris PeBenito
9496fd5119 unconfined can name_connect to all ports 2005-07-20 17:08:07 +00:00
Chris PeBenito
d250634311 reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface 2005-07-20 17:06:10 +00:00
Chris PeBenito
f82c6ac64c bah typo 2005-07-20 15:08:33 +00:00
Chris PeBenito
1e3f610b3b add missing dir and file perms for selinuxfs in unconfined 2005-07-20 14:57:13 +00:00
Chris PeBenito
2ec4c9d38f more cleanup 2005-07-19 18:40:31 +00:00
Chris PeBenito
a5f339f134 more cleanup in system 2005-07-18 18:31:49 +00:00
Chris PeBenito
50aca6d2f9 add raid (mdadm) 2005-07-15 20:45:26 +00:00
Chris PeBenito
d9fd8e7562 more pcmcia cleanup 2005-07-15 19:18:55 +00:00
Chris PeBenito
50f6503452 * break up files_getattr_all_files into correct interfaces
* move stuff out of pcmcia into the appropriate modules
2005-07-15 15:17:57 +00:00
Chris PeBenito
f136a944c5 reorder in alpha order of type, for sanity purposes 2005-07-15 14:30:19 +00:00
Chris PeBenito
11633bbaa8 add ipsec 2005-07-14 18:15:47 +00:00
Chris PeBenito
df00b2e235 * fix chroot exec interface
* more TODO cleanup
* move IPC out of generic domtrans interfaces
2005-07-13 18:29:08 +00:00
Chris PeBenito
b24f35d8a3 more cleanup of current TODOs 2005-07-12 20:34:24 +00:00
Chris PeBenito
4051d15b62 fix xml 2005-07-11 19:15:54 +00:00
Chris PeBenito
ae9e2716c3 fix more TODOs. fix selinux.te to selinuxutil.te in optionals 2005-07-11 19:02:50 +00:00
Chris PeBenito
a42ca7ebec another round of TODO cleanup 2005-07-08 20:44:57 +00:00
Chris PeBenito
1aa526281b missing rules uncovered by sediff 2005-07-07 15:20:24 +00:00
Chris PeBenito
c98340cfeb support for targeted policy 2005-07-06 20:28:29 +00:00
Chris PeBenito
9726b31857 add unconfined 2005-07-05 20:59:51 +00:00
Chris PeBenito
2745476e4a add required tags 2005-07-05 17:47:15 +00:00
Chris PeBenito
fd89e19f12 more work on current modules 2005-06-30 18:54:08 +00:00
Chris PeBenito
ebdc3b7902 clean up more todos 2005-06-29 20:53:53 +00:00
Chris PeBenito
d233bfce3f make layer summary required 2005-06-29 16:54:13 +00:00
Chris PeBenito
8fd3673225 another round of renaming, for consistency 2005-06-29 14:26:41 +00:00
Chris PeBenito
cbca03f513 add lost_found_t manage, rename fs_type attribute to filesystem_type and rename fs_make_fs to fs_type 2005-06-28 17:48:59 +00:00
Chris PeBenito
783b38347e more low hanging fruit cleanup 2005-06-28 17:32:57 +00:00
Chris PeBenito
58c3da55f3 add fstools, and more cleanup 2005-06-27 20:59:28 +00:00
Chris PeBenito
ab940a4cc1 autofs_t and ypbind cleanup 2005-06-27 16:30:55 +00:00
Chris PeBenito
62a7b02c5b add/update comments 2005-06-24 13:36:57 +00:00
Chris PeBenito
414e415198 update for new documentation method 2005-06-23 21:30:57 +00:00
Chris PeBenito
261e0e66ee shorten some xml tags 2005-06-23 16:00:05 +00:00
Chris PeBenito
2a3478cf15 fixes pointed out by steve, plus fixes revealed by the added assertions 2005-06-23 14:19:56 +00:00
Chris PeBenito
9ccd96dfc6 more work on ssh, plus import ssh-agent 2005-06-22 21:14:48 +00:00
Chris PeBenito
199895e201 move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00
Chris PeBenito
cbc9d6951a remove remaining _depend macros to prep for switchover to interface declaration macro 2005-06-22 16:07:14 +00:00
Chris PeBenito
0404a3903a initial commit of ssh. 2005-06-21 21:07:46 +00:00
Chris PeBenito
21871a5cf6 work on newrole policy 2005-06-21 17:01:45 +00:00
Chris PeBenito
e04b8e7832 initial commit 2005-06-20 18:43:14 +00:00
Chris PeBenito
57869a681e XML: encapsulate modules in layers, rather then layer being an attribute of
module tag
2005-06-20 18:40:44 +00:00
Chris PeBenito
7a2f20a315 more work to clean up and complete current modules 2005-06-20 17:41:29 +00:00
Chris PeBenito
2ba9a794db interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
2005-06-17 19:17:57 +00:00
Chris PeBenito
bc1fbab472 interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
2005-06-17 18:59:34 +00:00
Chris PeBenito
a7c3a1b920 eliminate _depend macros 2005-06-16 21:06:29 +00:00
Chris PeBenito
0e721690dc misc cleanup 2005-06-16 20:54:18 +00:00
Chris PeBenito
d35c621eb0 add a couple more nfs and cifs interfaces, to cover most of the
use_(nfs|cifs)_home_dirs tunable
2005-06-16 20:33:51 +00:00
Chris PeBenito
828e03f635 initial commit 2005-06-15 13:53:48 +00:00
Chris PeBenito
5e0da6a03e finish renaming system/selinux to system/selinuxutil 2005-06-14 20:48:34 +00:00
Chris PeBenito
ff7bc148e4 move security_t to selinux module 2005-06-14 20:40:09 +00:00
Chris PeBenito
8bd6789954 move constraints interfaces to domain module. move sysfs and usbfs to
devices module
2005-06-14 19:56:46 +00:00
Chris PeBenito
b57dd19400 stray renames in distro_redhat 2005-06-14 17:36:21 +00:00
Chris PeBenito
c24ac9c51c rename requires_block_template to gen_require 2005-06-13 20:51:09 +00:00
Chris PeBenito
fa7bea8feb rename requires_block_tempalte to gen_require 2005-06-13 20:47:04 +00:00
Chris PeBenito
5a45e70177 rename setattr removable_device_t 2005-06-13 20:00:36 +00:00
Karl MacMillan
8700497fb1 Updates to documentation. 2005-06-13 19:22:00 +00:00
Chris PeBenito
d9507b1874 fix xml 2005-06-13 17:40:51 +00:00
Chris PeBenito
c9428d33dc renaming insanity 2005-06-13 17:35:46 +00:00
Karl MacMillan
f0c985ca80 Devices rename. 2005-06-13 16:22:32 +00:00
Chris PeBenito
0fd9dc55cf renaming insanity 2005-06-10 01:01:13 +00:00
Chris PeBenito
a154cd45f3 reorder 2005-06-09 21:07:58 +00:00
Chris PeBenito
588ffaeb7f kernel.if renaming 2005-06-09 20:50:17 +00:00
Chris PeBenito
eda201efe8 more renaming and xml 2005-06-09 19:52:50 +00:00
Chris PeBenito
eca5b2dd79 rename 2005-06-09 19:22:27 +00:00
Chris PeBenito
cc41a97c99 aliases 2005-06-09 18:08:26 +00:00
Chris PeBenito
c6ebefd2f2 rename 2005-06-09 17:51:40 +00:00
Chris PeBenito
d90b274e40 for now, drop infoflow tags 2005-06-09 17:23:53 +00:00
Chris PeBenito
fe040c9777 renaming and xml 2005-06-09 15:20:31 +00:00
Chris PeBenito
f2e4ab3a99 make corenetwork generation explicit, rather then on-the-fly 2005-06-08 21:46:39 +00:00
Chris PeBenito
b29d23f315 initial commit 2005-06-08 20:49:16 +00:00
Chris PeBenito
c2c00bee05 add aliases 2005-06-08 20:28:45 +00:00
Chris PeBenito
9f72a2655f renaming 2005-06-08 18:40:30 +00:00
Chris PeBenito
0c5a288e98 interface renaming 2005-06-08 18:00:04 +00:00
Chris PeBenito
1694dee685 interface renaming 2005-06-08 16:18:08 +00:00
Chris PeBenito
763c441e3b start renaming filesystem interfaces 2005-06-08 13:12:00 +00:00
Chris PeBenito
b46609f09f fix missing _socket in class 2005-06-08 13:08:01 +00:00
Chris PeBenito
3865d6b95e add xml 2005-06-07 22:36:07 +00:00
Chris PeBenito
254bbc7bb3 start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00
Chris PeBenito
0c73cd2526 change over to some perm set macros. add indentation 2005-06-03 12:25:14 +00:00
Chris PeBenito
4196997813 add some indentation 2005-06-02 20:26:48 +00:00
Chris PeBenito
d115660e3b change network verb in corenetwork to sendrecv 2005-06-02 18:55:47 +00:00
Chris PeBenito
cabfa520aa move fs_use and isids to respective modules 2005-06-02 15:39:10 +00:00
Chris PeBenito
004db90d3f do dtd verification on xml. fix current xml to be valid 2005-06-01 18:34:34 +00:00
Chris PeBenito
aa40608fbe remove copyright until licensing issues are resolved 2005-06-01 17:34:13 +00:00
Chris PeBenito
f267dfbb8b fix module name in xml 2005-06-01 17:27:39 +00:00
Chris PeBenito
e32d52ba47 fix xml 2005-06-01 14:17:43 +00:00
Chris PeBenito
1293184998 last fixes for cab 2005-06-01 13:51:54 +00:00
Chris PeBenito
d115b24712 more cab work 2005-05-31 23:02:11 +00:00
Chris PeBenito
3b857eae09 add some file_t interfaces, and console write 2005-05-31 21:25:45 +00:00
Chris PeBenito
4bf4ed9e68 permission set macro changes, plus more cab related work 2005-05-31 19:52:57 +00:00
Chris PeBenito
08eb9d1a33 fix tmpfs assoc call 2005-05-31 13:45:37 +00:00
Chris PeBenito
f5c42bd80b many fixes from cab work 2005-05-30 21:17:20 +00:00
Chris PeBenito
32e53ac1b8 cleanup inspired by sediff 2005-05-27 21:56:01 +00:00
Chris PeBenito
c6fd1f85ba restructure users, and add signalling 2005-05-27 20:44:05 +00:00
Chris PeBenito
07da0af7bd tmpfs associate for redhat 2005-05-27 20:43:37 +00:00
Chris PeBenito
d490eb6b5c fixes from cab 2005-05-26 20:38:45 +00:00
Chris PeBenito
efd8ede34d many fixes from cab testing 2005-05-25 20:58:21 +00:00
Chris PeBenito
e7fcdc6d2f fix the object class in process transition interfaces 2005-05-24 20:45:27 +00:00
Chris PeBenito
c907b3e2c7 cleanup for corenetwork interface generation 2005-05-24 17:34:29 +00:00
Chris PeBenito
dc771ff40e another cleanup pass 2005-05-24 15:55:57 +00:00
Chris PeBenito
6276f10155 instead of using macros to drop out non-macro calls during corenetwork
interface generation, use grep to get the macro calls and feed to m4
2005-05-24 15:52:57 +00:00
Chris PeBenito
957e269eb2 fix tmpfs associate infoflow 2005-05-23 17:56:00 +00:00
Chris PeBenito
c4309768f1 add transitions 2005-05-23 15:47:13 +00:00
Chris PeBenito
e32c0d3b86 add mls sensitivity to genfscon, initial sids and fs_use 2005-05-20 20:43:18 +00:00
Chris PeBenito
0d0d2bafd6 add mls port support 2005-05-20 20:23:25 +00:00
Chris PeBenito
085faa06ff add xml comments to generated sections, and add mls support to interfaces
and nodes
2005-05-20 20:07:42 +00:00
Chris PeBenito
daa0e0b01f add xml comments to interfaces, convert over userdomain stuff 2005-05-19 21:06:06 +00:00
Chris PeBenito
bee546bfd4 add context template to support mls 2005-05-18 21:02:15 +00:00