selinux-policy

Author	SHA1	Message	Date
Dominick Grift	ef521e9919	Tunable, optional and if(n)def blocks go below. Tunable, optional and if(n)def blocks go below. Tunable, optional and if(n)def blocks go below. Tunable, optional and if(n)def blocks go below. Tunable, optional and if(n)def blocks go below.	2010-09-22 15:41:43 +02:00
Dominick Grift	68ac47d8c5	Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.	2010-09-22 15:41:42 +02:00
Dominick Grift	1dfc76f76b	Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.	2010-09-22 15:39:43 +02:00
Dan Walsh	0a394bf04f	Add vnstat policy allow logrotate to mail syslog files Allow chrom-sandbox to search nfs_t Allow libvirt to send audit messages Dontaudit leaked console to xauth	2010-09-16 17:46:06 -04:00
Dan Walsh	9461b60657	Add the ability to send audit messages to confined admin policies Remove permissive domain from cmirrord and dontaudit sys_tty_config Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser virt needs to be able to read processes to clearance for MLS	2010-09-15 11:31:20 -04:00
Dan Walsh	ee4b1e0aad	Allow crond to manage user_spool_cron_t link files Allow init to delete dbus message.pid Allow init and udev to create hugetlbfs directories	2010-09-08 17:54:31 -04:00
Dan Walsh	5dd0c28461	Cleanup warnings	2010-09-08 10:43:22 -04:00
Dan Walsh	a947daf6df	Update f14	2010-08-26 10:27:35 -04:00
Dan Walsh	3eaa993945	UPdate for f14 policy	2010-08-26 09:41:21 -04:00
Chris PeBenito	48f99a81c0	Whitespace change: drop unnecessary blank line at the start of .te files.	2010-06-10 08:16:35 -04:00
Chris PeBenito	ed3a1f559a	bump module versions for release.	2009-11-17 10:05:56 -05:00
Chris PeBenito	c61b35048a	cron patch from dan.	2009-09-09 09:28:04 -04:00
Chris PeBenito	2a77737d4e	Add missing rules to make unconfined_cronjob_t a valid cron job domain. Unconfined_cronjob_t is not a valid cron job domain because the cron module is lacking a transition from the crond to the unconfined_cronjob_t domain. This adds the transition and also a constraints exemption since part of the transition is also a seuser and role change typically.	2009-08-12 14:15:39 -04:00
Chris PeBenito	9570b28801	module version number bump for release 2.20090730 that was mistakenly omitted.	2009-08-05 10:59:21 -04:00
Chris PeBenito	3f67f722bb	trunk: whitespace fixes	2009-06-26 14:40:13 +00:00
Chris PeBenito	c1262146e0	trunk: Remove node definitions and change node usage to generic nodes.	2009-01-09 19:48:02 +00:00
Chris PeBenito	668b3093ff	trunk: change network interface access from all to generic network interfaces.	2009-01-06 20:24:10 +00:00
Chris PeBenito	296273a719	trunk: merge UBAC.	2008-11-05 16:10:46 +00:00
Chris PeBenito	2cca6b79b4	trunk: remove redundant shared lib calls.	2008-10-17 17:31:04 +00:00
Chris PeBenito	0bfccda4e8	trunk: massive whitespace cleanup from dominick grift.	2008-07-23 21:38:39 +00:00
Chris PeBenito	f7925f25f7	trunk: bump module versions for release.	2007-12-14 14:23:18 +00:00
Chris PeBenito	74d920c3b5	trunk: add setrlimit to debian cron.	2007-12-06 14:35:44 +00:00
Chris PeBenito	c0cf6e0a6e	trunk: clean up nsswitch usage, from dan.	2007-12-04 15:05:55 +00:00
Chris PeBenito	12e9ea1ae3	trunk: module version bumps for previous commit.	2007-10-02 17:15:07 +00:00
Chris PeBenito	350b6ab767	trunk: merge strict and targeted policies. merge shlib_t into lib_t.	2007-10-02 16:04:50 +00:00
Chris PeBenito	3480f3f239	trunk: bump version numbers for release.	2007-09-28 13:58:24 +00:00
Chris PeBenito	d46cfe45cd	trunk: add application module	2007-07-19 18:57:48 +00:00
Chris PeBenito	116c1da330	trunk: update module version numbers for release.	2007-06-29 14:48:13 +00:00
Chris PeBenito	1900668638	trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.	2007-06-27 15:23:21 +00:00
Chris PeBenito	762d2cb989	merge restorecon into setfiles	2007-05-11 17:10:43 +00:00
Chris PeBenito	0251df3e39	bump module versions for release	2007-04-17 13:28:09 +00:00
Chris PeBenito	56e1b3d207	- Move booleans and tunables to modules when it is only used in a single module. - Add support for tunables and booleans local to a module.	2007-03-26 18:41:45 +00:00
Chris PeBenito	8021cb4f63	Merge sbin_t and ls_exec_t into bin_t.	2007-03-23 23:24:59 +00:00
Chris PeBenito	a5f5eba459	Add dontaudits for init fds and console to init_daemon_domain().	2007-03-20 18:47:18 +00:00
Chris PeBenito	42c5c5f612	bump versions for release.	2006-12-12 21:22:47 +00:00
Chris PeBenito	c0868a7a3b	merge policy patterns to trunk	2006-12-12 20:08:08 +00:00
Chris PeBenito	d6d16b9796	patch from dan Wed, 29 Nov 2006 17:06:40 -0500	2006-12-04 20:10:56 +00:00
Chris PeBenito	d9845ae92a	patch from dan Tue, 24 Oct 2006 11:00:28 -0400	2006-10-31 21:01:48 +00:00
Chris PeBenito	a52b4d4f23	bump versions to release numbers	2006-10-18 19:25:27 +00:00
Chris PeBenito	14b1684aae	gentoo testing fixes.	2006-10-13 21:44:02 +00:00
Chris PeBenito	e070dd2df0	- Move range transitions to modules. - Make number of MLS sensitivities, and number of MLS and MCS categories configurable as build options.	2006-10-04 17:25:34 +00:00
Chris PeBenito	e2b84ef79a	patch from dan Mon, 25 Sep 2006 15:46:40 -0400	2006-09-28 14:37:29 +00:00
Chris PeBenito	693d4aedb5	patch from dan Fri, 22 Sep 2006 16:30:34 -0400	2006-09-25 18:53:06 +00:00
Chris PeBenito	9dfbd81493	forgot to bump policy vers	2006-09-13 18:42:49 +00:00
Chris PeBenito	73ca55d311	patches from erich Wed, 13 Sep 2006 16:18:18 +0200	2006-09-13 18:35:10 +00:00
Chris PeBenito	5dbda5558a	patch from dan Fri, 01 Sep 2006 15:45:24 -0400	2006-09-04 15:15:35 +00:00
Chris PeBenito	a5e2133bc8	patch from dan Wed, 23 Aug 2006 14:03:49 -0400	2006-08-29 02:41:00 +00:00
Chris PeBenito	3573908f1c	fix cron_system_entry() rules	2006-08-16 13:52:18 +00:00
Chris PeBenito	17de1b790b	remove extra level of directory	2006-07-12 20:32:27 +00:00

49 Commits