Chris PeBenito
8f0de5df68
Storage patch from Dan Walsh.
...
Add /dev/hwcdrom
2010-06-04 09:47:45 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Jeremy Solt
d86c09846b
squid patch from Dan Walsh
...
Edits:
- Added netport to corenetwork.te.in
2010-05-24 13:08:07 -04:00
Chris PeBenito
fb3fc9e4f0
Cyrus patch from Dan Walsh.
2010-05-03 15:14:50 -04:00
Chris PeBenito
03a6e03926
Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t.
2010-05-03 11:17:16 -04:00
Chris PeBenito
05a2e3e2d7
Lircd patch from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
4a8bd017aa
Module version bump and extra comments for 194d61f
.
2010-04-24 08:10:43 -04:00
Chris Richards
194d61fd3c
modutils patch for update-modules
...
update-modules on Gentoo throws errors when run because it sources /etc/init.d/functions.sh, which always scans /var/lib/init.d to set SOFTLEVEL environment var. This is never used by update-modules.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:08:15 -04:00
Jeremy Solt
e6e2a769ac
Remove excess white space from ntop.te
...
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt
4f7b413cdc
Ntop policy from Dan Walsh
...
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito
46e16a2d2a
Use port range notation in corenetwork where it makes sense.
2010-04-13 11:55:04 -04:00
Chris PeBenito
3829eecb12
Clean up output of generated corenetwork.te.
2010-04-13 11:52:09 -04:00
Chris PeBenito
85e71c86da
Fix network_port() in corenetwork to correctly handle port ranges.
2010-04-13 11:06:02 -04:00
Chris PeBenito
e399e3abea
Add devtmpfs labeling.
2010-04-07 08:55:33 -04:00
Chris PeBenito
60def66b13
Second part of Apache patch from Dan Walsh.
2010-04-05 10:57:52 -04:00
Chris PeBenito
0417386142
Kernel patch from Dan Walsh.
2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502
Domain patch from Dan Walsh.
2010-03-17 10:02:07 -04:00
Chris PeBenito
827060cb04
Style fixes and module version bumps for 38fc1bd
.
2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
e8871c2092
Add additional documentation to kernel_request_load_module().
2010-03-16 15:08:00 -04:00
Chris PeBenito
7af0e9bc95
Filesystem patch from Dan Walsh.
2010-03-12 11:40:59 -05:00
Chris PeBenito
bd063de6c4
Fix another corenetwork typo.
2010-03-08 11:04:40 -05:00
Chris PeBenito
4af2b3fb98
Add back missing s0 on network_port().
2010-03-08 07:59:56 -05:00
Chris PeBenito
9c709c46a1
Corenetwork patch from Dan Walsh.
2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b
Corecommands patch from Dan Walsh.
2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc
Devices patch from Dan Walsh.
2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba
Storage patch from Dan Walsh.
2010-03-04 14:23:44 -05:00
Chris PeBenito
eeb7616f5e
Corenetwork patch from Dan Walsh.
2010-03-04 13:50:46 -05:00
Chris PeBenito
4a4436a778
Add examples to documentation of common corenetwork interfaces.
2010-03-03 13:42:15 -05:00
Chris PeBenito
88daf126f2
Improve the documentation of domain interfaces:
...
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652
Improve the documentation of ubac_constrained().
2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e
Improve the documentation of devices interfaces:
...
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69
Improve filesystem interfaces:
...
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
7cf2858e4a
Improve the documentation of files interfaces:
...
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
42eb0f10a9
Improve the documentation of corenetwork interfaces
...
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
3a744d1275
Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
2010-02-26 08:58:32 -05:00
Chris PeBenito
7a0c0b4088
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4
Add additional documentation to files_type().
2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e
Rearrange files interfaces.
2010-02-25 08:32:22 -05:00
Chris PeBenito
fca4a96bae
Improve documentation on files_read_etc_files().
2010-02-24 15:20:03 -05:00
Chris Richards
68cda59844
Add MySQL Manager to MySQL policy module
...
Second submission to fix mistakes from first.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
2f84a77d22
Syslog fixes from Gentoo.
2010-02-17 20:33:53 -05:00
Chris PeBenito
8b8501991e
Clean up leaked portage file descriptors.
2010-02-17 20:33:31 -05:00
Chris PeBenito
a513794b4c
Chronyd from Miroslav Grepl.
2010-02-16 14:53:59 -05:00
Chris PeBenito
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
Chris PeBenito
21673b238a
Hal patch from Dan Walsh.
2010-02-11 08:42:00 -05:00
Chris PeBenito
3079cbceb1
Virt/svirt patch from Dan Walsh.
2010-02-09 10:28:17 -05:00
Chris PeBenito
27eab81f2f
Misc fixes for 1031ee6
.
2010-02-08 13:38:48 -05:00
Chris PeBenito
7d2f96783c
Module version number bump for 1031ee6
.
2010-02-08 13:37:42 -05:00
Dominick Grift
1031ee6f6a
Implement cobblerd policy.
...
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.
Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.
As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.
Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
Chris PeBenito
e526fca176
Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl.
2010-02-08 11:29:12 -05:00
Chris PeBenito
d2acef78f4
Inetd patch from Dan Walsh.
2010-01-08 10:36:49 -05:00
Chris PeBenito
32f27a7489
asterisk patch from Dan Walsh.
2009-12-18 10:37:52 -05:00
Chris PeBenito
b84d6ec491
smartmon patch from Dan Walsh.
2009-12-18 10:33:50 -05:00
Chris PeBenito
e21162e471
Kdump reads the kernel core.
2009-11-25 10:04:40 -05:00
Chris PeBenito
dccbb80cb0
Whitespace cleanup.
2009-11-24 11:11:38 -05:00
Chris PeBenito
910b1d8ecb
Files patch from Dan Walsh.
2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020
Corecommands patch from Dan Walsh.
2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00
Filesystem patch from Dan Walsh.
2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557
Add terminal patch from Dan Walsh.
2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42
Add devices patch from Dan Walsh.
2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0
Add kernel patch from Dan Walsh
2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785
Add storage patch, from Dan Walsh.
2009-11-19 09:03:36 -05:00
Chris PeBenito
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50
additional cleanup for e877913
.
2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf
adding puppet configuration management system
...
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
808341bb9b
revise MCS constraints to use only MCS-specific attributes.
2009-10-07 11:48:14 -04:00
Chris PeBenito
f67bc918d4
term_write_all_terms() patch from Stefan Schulze Frielinghaus
2009-09-08 10:06:38 -04:00
Chris PeBenito
aa83007d5a
add hddtemp from dan.
2009-09-01 08:34:04 -04:00
Chris PeBenito
e27827b86c
split dev_create_cardmgr_dev() into a create and a filetrans interface.
2009-08-25 09:56:56 -04:00
Chris PeBenito
69347451fd
split dev_manage_dri_dev() into a manage and a filetrans interface.
2009-08-25 09:43:38 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
78a9c2815d
add bin_t labeling for gentoo dhcpcd-run-hooks location
2009-07-30 09:34:00 -04:00
Chris PeBenito
105e85ac8e
/dev/fuse should be s0 not mls_high
...
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device. Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs. It will also make it unusable I
believe on an MLS machine. Mostly I have seen fusefs used for remote
access to data. sshfs for example.
2009-07-29 11:08:50 -04:00
Chris PeBenito
9de7c1706d
hal patch from dan.
2009-07-27 10:18:50 -04:00
Chris PeBenito
06625d302c
mozilla patch from dan.
2009-07-27 09:11:12 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
5271dd30bc
module version bump for 9b1907b217
2009-07-21 10:07:10 -04:00
Chris PeBenito
9b1907b217
add pulseaudio from dan.
2009-07-21 10:05:38 -04:00
Chris PeBenito
edb7b90d89
add kismet and pulseaudio ports. fix sorting of ports.
2009-07-20 11:17:31 -04:00
Chris PeBenito
ce6fee6575
5 patches from dan
2009-07-14 10:30:22 -04:00
Chris PeBenito
45b975db5b
trunk: add missing varnish port.
2009-06-30 17:48:15 +00:00
Chris PeBenito
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
Chris PeBenito
a65fd90a50
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
Chris PeBenito
731008ad85
trunk: 2 patches from dan.
2009-06-08 17:18:26 +00:00
Chris PeBenito
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe
trunk: add gpsd from miroslav grepl
2009-06-02 14:28:40 +00:00
Chris PeBenito
80348b73a0
trunk: 4 patches from dan.
2009-05-14 14:41:50 +00:00
Chris PeBenito
3392356f36
trunk: 5 patches from dan.
2009-05-06 14:26:20 +00:00
Chris PeBenito
a5ef553c2d
trunk: 5 modules from dan.
2009-04-20 19:03:15 +00:00
Chris PeBenito
8f800d48df
trunk: 14 patches from dan.
2009-03-23 14:56:43 +00:00
Chris PeBenito
11c944faf1
trunk: fix typo in devices file contexts.
2009-03-05 17:46:22 +00:00
Chris PeBenito
2c664e7fb8
trunk: storage patch from dan.
2009-03-05 15:49:41 +00:00
Chris PeBenito
7b76207e37
trunk: devices patch from dan.
2009-03-05 15:36:41 +00:00
Chris PeBenito
be5aaebfd6
trunk: corecommands patch from dan.
2009-03-05 14:43:03 +00:00
Chris PeBenito
c45fdad85b
trunk: filesystem patch from dan.
2009-03-04 15:53:07 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385
trunk: Drop write permission from fs_read_rpc_sockets().
2009-02-24 20:00:15 +00:00
Chris PeBenito
f3fcadfe04
trunk: Patch for RadSec port from Glen Turner.
2009-02-23 13:41:28 +00:00
Chris PeBenito
7722c29e88
trunk: Enable network_peer_controls policy capability from Paul Moore.
2009-02-03 15:45:30 +00:00