Commit Graph

282 Commits

Author SHA1 Message Date
Chris PeBenito
85e71c86da Fix network_port() in corenetwork to correctly handle port ranges. 2010-04-13 11:06:02 -04:00
KaiGai Kohei
ec8d32c8e9 [BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)
I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.

In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.

And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.
2010-04-12 10:37:21 -04:00
Chris PeBenito
ee2d2dda24 Add usbmuxd from Dan Walsh. 2010-03-29 13:29:18 -04:00
Chris PeBenito
6d4dbd20ae Vhostmd from Dan Walsh. 2010-03-29 11:25:06 -04:00
Chris PeBenito
827060cb04 Style fixes and module version bumps for 38fc1bd. 2010-03-17 09:28:18 -04:00
Chris PeBenito
29b580ce8f Add sectoolm by Miroslav Grepl. 2010-02-19 09:39:06 -05:00
Chris PeBenito
a513794b4c Chronyd from Miroslav Grepl. 2010-02-16 14:53:59 -05:00
Chris PeBenito
12dc618bff Add changelog entry for 1031ee6. 2010-02-08 14:52:02 -05:00
Chris PeBenito
e526fca176 Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl. 2010-02-08 11:29:12 -05:00
Chris PeBenito
4ebfec7303 Add pyicqt from Stefan Schulze Frielinghaus. 2010-02-08 10:58:16 -05:00
Chris PeBenito
22a2874dbf Add dbadm, from KaiGai Kohei. 2010-02-08 10:34:08 -05:00
Chris PeBenito
7fc72a02d9 Changelog and version bump for X object manager changes. 2009-12-03 10:40:42 -05:00
Chris PeBenito
a404bc39a7 update VERSION and Changelog for release. 2009-11-17 10:17:43 -05:00
Chris PeBenito
e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Chris PeBenito
222d5b5987 clean up 0bca409 and add changelog entry. 2009-11-03 09:25:37 -05:00
Chris PeBenito
b04669aaea add tuned from miroslav grepl. 2009-10-26 09:42:11 -04:00
Chris PeBenito
c5967300e2 add changelog entry for e4928c5f79 2009-10-22 09:22:14 -04:00
Chris PeBenito
4be8dd10b9 add seunshare from dan. 2009-09-28 15:40:06 -04:00
Chris PeBenito
5a6b1fe2b4 add dkim from stefan schulze frielinghaus. 2009-09-17 09:12:33 -04:00
Chris PeBenito
21b1d1096f add gnomeclock from dan. 2009-09-16 08:38:58 -04:00
Chris PeBenito
ed70158a39 add rtkit from dan. 2009-09-15 09:53:24 -04:00
Chris PeBenito
1d3b9e384c clean up xscreensaver. 2009-09-15 09:41:42 -04:00
Chris PeBenito
c141d835f1 add modemmanager from dan. 2009-09-14 09:48:13 -04:00
Chris PeBenito
e3a90e358a add abrt from dan. 2009-09-14 09:22:24 -04:00
Chris PeBenito
81bca10b28 nslcd policy from dan. 2009-09-08 10:31:19 -04:00
Chris PeBenito
dbed95369c add gitosis from miroslav grepl. 2009-09-03 09:52:08 -04:00
Chris PeBenito
625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito
71965a1fc5 add kdump from dan. 2009-09-02 08:33:25 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr.
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
2009-08-18 09:49:31 -04:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t.
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
4254cec711 Add missing x_device rules for XI2 functions, from Eamon Walsh.
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy.  You can now create one or more
> "master devices" (mouse cursor and keyboard focus).  The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device.  Create/destroy controls the ability to create new master
> devices.
2009-08-14 13:18:16 -04:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain.
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
2009-08-12 14:15:39 -04:00
Chris PeBenito
0f5e26b620 Add btrfs and ext4 to labeling targets. 2009-08-11 09:01:58 -04:00
Chris PeBenito
90286f4292 Fix infrastructure to expand macros in initrc_context when installing.
The initrc_context file uses the mls_systemhigh macro and needs to be properly
expanded based on the build.conf settings.  Add makefile support to do this.
2009-08-10 14:00:34 -04:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types.
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
Chris PeBenito
915dfa68b6 release 2.20090730 2009-07-30 14:35:47 -04:00
Chris PeBenito
64c7061e1a changelog entry for the previous gentoo fixes 2009-07-30 10:41:17 -04:00
Chris PeBenito
20c3ccee1a add fprintd module from dan. 2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea add devicekit module from dan. 2009-07-29 10:02:06 -04:00
Chris PeBenito
c7ae9ae1c8 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-07-28 08:00:03 -04:00
Chris PeBenito
5f6c30f8bd wm policy from dan 2009-07-27 15:11:22 -04:00
Chris PeBenito
f4962ab15b add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
dc0ab0f0c3 changelog for previous commit 2009-07-20 11:16:22 -04:00
Chris PeBenito
50824a99ca trunk: pads from dan. 2009-06-30 15:03:20 +00:00