Dominick Grift
03b86663f0
apps: domain { allowed to transition, allowed access, to not audit }.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 08:20:59 -04:00
Chris PeBenito
a7ee7f819a
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 09:20:22 -04:00
Chris PeBenito
a72e42f485
Interface documentation standardization patch from Dan Walsh.
2010-08-02 09:22:09 -04:00
Chris PeBenito
4b76ea5f51
Module version bump for fa1847f
.
2010-07-12 14:02:18 -04:00
Dominick Grift
fa1847f4a2
Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-09 09:43:04 -04:00
Chris PeBenito
f7ffe6c2a9
Add missing ubac constraints on pulseaudio.
2010-07-09 09:14:35 -04:00
Chris PeBenito
072857c425
VMWare patch from Dan Walsh.
2010-07-08 13:43:50 -04:00
Chris PeBenito
f1618ffc6f
Whitespace fix in userhelper.
2010-07-08 10:56:15 -04:00
Chris PeBenito
b841dffda1
Add livecd from Dan Walsh.
2010-07-07 10:28:25 -04:00
Chris PeBenito
08690c84ad
Remove ethereal module since the application was renamed to wireshark due to trademark issues.
2010-07-07 09:31:57 -04:00
Chris PeBenito
bca0cdb86e
Remove duplicate/redundant rules, from Russell Coker.
2010-07-07 08:41:20 -04:00
Chris PeBenito
1db1836ab9
Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role().
2010-07-06 13:17:05 -04:00
Chris PeBenito
a3b0dc5b3c
GPG patch from Dan Walsh.
2010-07-06 10:58:40 -04:00
Chris PeBenito
caf1666dc1
Module version bump for 5f04c91
.
2010-06-29 11:26:16 -04:00
Jeremy Solt
5f04c91f30
gitosis patch from Dan Walsh
2010-06-29 11:25:37 -04:00
Chris PeBenito
0cec649be7
WM patch from Dan Walsh.
...
Window manager policy changes needed for MLS policy.
2010-06-25 09:00:19 -04:00
Chris PeBenito
eab2cc89b4
Slocate patch from Dan Walsh.
...
Locate attempts to look at network sate and does getattr on all blk/chr
and noxattr symlinks.
2010-06-22 09:58:14 -04:00
Chris PeBenito
2c207dfa49
Qemu patch from Dan Walsh.
...
Fix qemu labeling.
Additional qemu interfaces
Allow qemu to read/write removable devices
2010-06-22 09:32:35 -04:00
Chris PeBenito
1fd3a8070f
Pulseaudio patch from Dan Walsh.
...
Dontaudit attempts to exec pulseaudio. qemu does this and it causes
other avc's even though qemu can not use pulseaudio.
Allow other domains to use pulseiaudio
2010-06-22 09:13:17 -04:00
Chris PeBenito
1ff703fc4a
Podsleuth patch from Dan Walsh.
...
podsleuth asks the kernel to load modules
Reads/write removable blk device.
Reads user_tmpfs
2010-06-22 09:01:38 -04:00
Chris PeBenito
8a24097bff
Mplayer patch from Dominick Grift through Dan Walsh.
2010-06-21 09:52:33 -04:00
Chris PeBenito
3c1e8ff6bb
Mozilla patch from Dan Walsh.
...
Various old fixes for mozilla.
2010-06-21 09:36:39 -04:00
Chris PeBenito
ae1b7dedd7
Cpufreqselector patch from Dan Walsh.
...
Needs to read localization
2010-06-21 09:03:11 -04:00
Chris PeBenito
a99f69fd0e
Loadkeys patch from Dan Walsh.
...
Dontaudit leaked sockets
2010-06-18 15:12:33 -04:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Chris PeBenito
2e4e39d26a
Loadkeys patch from Dan Walsh.
2010-05-14 11:40:26 -04:00
Chris PeBenito
84940a0995
Java patch from Dan Walsh.
...
Additional java context
unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled
We want unconfined java apps to transition to rpm when they execute rpm_exec_t. To maintain proper labeling.
2010-05-14 10:40:59 -04:00
Chris PeBenito
857d37e84a
GPG patch from Dan Walsh.
2010-04-30 15:24:19 -04:00
Chris PeBenito
bf54d5be44
Module version bumps for c586c1b
, dcbb332
, 4c05dff
, 84ce9c3
, 2b012ba
, and 1868383
.
2010-03-29 09:21:59 -04:00
Chris PeBenito
ad0071bbe4
Tweaks on pulseaudio 1868383
, ksmtuned d279dd6
, and smokeping f3c346c
.
2010-03-29 09:19:40 -04:00
Jeremy Solt
18683835fd
pulseaudio patch from Dan Walsh
...
Fixed template where it should have been interface
Replaced read_home and manage_home interfaces with read_home_files, manage_home_files and reduced access
Removed admin_dir reference
Replaced rtkit_daemon_system_domain with rtkit_scheduled
Fixed style / spacing issues
2010-03-29 08:41:45 -04:00
Chris PeBenito
df29613c72
Module version bump for 75c8a69
.
2010-03-22 13:51:35 -04:00
Jeremy Solt
75c8a691ee
gitosis read/manage lib interfaces from Dan Walsh
...
Only giving manage_files_pattern for gitosis_manage_lib_files
2010-03-22 13:48:39 -04:00
Chris PeBenito
ce693cbbec
Module version bump for ae07c9e
.
2010-03-16 14:33:43 -04:00
Jeremy Solt
ae07c9e2e8
Screen needs to setattr on user_ttydevice_t from Dan Walsh
2010-03-16 13:36:45 -04:00
Chris PeBenito
ba1c45337b
Module version bump for 3137148
.
2010-03-16 13:10:14 -04:00
Jeremy Solt
31371480b0
Run interface for ptchown from Dan Walsh
2010-03-16 11:34:58 -04:00
Chris PeBenito
5dac50953f
Module version bump for cf3da95
.
2010-03-08 10:02:34 -05:00
Jeremy Solt
cf3da95084
Allow cdrecord_t to execute bin_t from Dan Walsh
...
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito
4fd0889171
Java patch from Dan Walsh.
2010-02-19 11:21:38 -05:00
Chris PeBenito
1e0f483a18
Mono patch from Dan Walsh.
2010-02-19 10:42:43 -05:00
Chris PeBenito
a777957b49
Rename qemu_unconfined_t to unconfined_qemu_t.
2010-02-19 10:27:09 -05:00
Chris PeBenito
8a1c9c505f
Rearrage qemu.if.
2010-02-19 10:16:28 -05:00
Chris PeBenito
72295e93e1
Qemu patch from Dan Walsh.
2010-02-19 10:15:19 -05:00
Chris PeBenito
4796d07ee0
Wine patch from Dan Walsh.
2010-02-19 09:17:51 -05:00
Chris PeBenito
6f30d7e770
Pulseaudio patch from Dan Walsh.
2010-02-16 15:13:08 -05:00
Chris PeBenito
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
Chris PeBenito
46b03739ac
Seunshare patch from Dan Walsh.
2009-12-01 10:31:28 -05:00
Chris PeBenito
d7776f58c2
Screen patch from Dan Walsh.
2009-12-01 10:31:17 -05:00
Chris PeBenito
6394ea6143
Podsleuth patch from Dan Walsh.
2009-12-01 10:30:50 -05:00
Chris PeBenito
b77daab0ed
Mozilla patch from Dan Walsh.
2009-12-01 10:30:30 -05:00
Chris PeBenito
36ded4bd36
GPG patch from Dan Walsh.
2009-12-01 10:30:07 -05:00
Chris PeBenito
962d6fb9b0
Calamaris patch from Dan Walsh.
2009-12-01 10:29:51 -05:00
Chris PeBenito
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
Chris PeBenito
a1a45de06e
reorganize a92ee50
2009-10-22 10:35:45 -04:00
Dominick Grift
a92ee50126
Implement screen-locking feature.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-22 10:33:05 -04:00
Chris PeBenito
4be8dd10b9
add seunshare from dan.
2009-09-28 15:40:06 -04:00
Chris PeBenito
1d3b9e384c
clean up xscreensaver.
2009-09-15 09:41:42 -04:00
corentin.labbe
31f9c109c1
SELinux xscreensaver policy support
...
Hello
This a patch for adding xscreensaver policy.
I think it need a specific policy because of the auth_domtrans_chk_passwd.
cordially
Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
2009-09-15 08:46:28 -04:00
Chris PeBenito
dbed95369c
add gitosis from miroslav grepl.
2009-09-03 09:52:08 -04:00
Chris PeBenito
634a13c21f
cpufreqselector patch from dan.
2009-09-03 09:15:17 -04:00
Chris PeBenito
f6137171f3
add an additional vmware host program.
2009-09-03 08:56:58 -04:00
Chris PeBenito
6fdef06522
screen patch from dan.
2009-09-03 08:49:26 -04:00
Chris PeBenito
72b834ccb0
remove stale screen_dir_t references
...
The screen_dir_t was made an alias of the screen_var_run_t type.
Remove the remaining references to this type.
2009-09-03 08:39:42 -04:00
Chris PeBenito
ca7fa520e7
gpg patch from dan.
...
gpg sends sigstop and signull
Reads usb devices
Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
2009-09-03 08:23:18 -04:00
Chris PeBenito
93be4ba581
Webalizer does not list inotify, this was caused by leaked file descriptors in either dbus or cron. Both of which have been cleaned up.
2009-09-02 09:10:30 -04:00
Chris PeBenito
a4b6385b9d
cdrecord patch from dan.
2009-09-01 09:22:40 -04:00
Chris PeBenito
1a79193449
awstats patch from dan.
2009-09-01 08:59:24 -04:00
Chris PeBenito
aac56b12b7
add ptchown policy from dan.
2009-08-31 10:21:01 -04:00
Chris PeBenito
a3dd1499ef
pulseaudio patch from dan.
2009-08-31 10:07:57 -04:00
Chris PeBenito
aaff2fcfcd
module version number bump for tun patches
2009-08-31 09:17:31 -04:00
Paul Moore
9dc3cd1635
refpol: Policy for the new TUN driver access controls
...
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices. The policy rules for creating and attaching to a device are as
shown below:
# create a new device
allow domain_t self:tun_socket { create };
# attach to a persistent device (created by tunlbl_t)
allow domain_t tunlbl_t:tun_socket { relabelfrom };
allow domain_t self:tun_socket { relabelto };
Further discussion can be found on this thread:
* http://marc.info/?t=125080850900002&r=1&w=2
Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
4279891d1f
patch from Eamon Walsh to remove useage of deprecated xserver interfaces.
2009-08-28 13:40:29 -04:00
Chris PeBenito
b2648249d9
Fix unconfined_r use of unconfined_java_t.
...
The unconfined role is running java in the unconfined_java_t. The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r. Add a run interface and change the unconfined module
to use this new interface.
2009-08-17 13:19:26 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
0c89174f7f
pull most of fedora changes to samba.
2009-07-29 14:40:34 -04:00
Chris PeBenito
91550027de
vmware patch from dan.
2009-07-28 11:37:34 -04:00
Chris PeBenito
c7ae9ae1c8
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-07-28 08:00:03 -04:00
Chris PeBenito
5f6c30f8bd
wm policy from dan
2009-07-27 15:11:22 -04:00
Chris PeBenito
06625d302c
mozilla patch from dan.
2009-07-27 09:11:12 -04:00
Chris PeBenito
f4962ab15b
add cpufreqselector from dan
2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
5bb5ec1d40
podsleuth patch from dan.
2009-07-21 10:11:16 -04:00
Chris PeBenito
e4f73afb8e
gpg patch from dan
2009-07-21 10:07:38 -04:00
Chris PeBenito
9b1907b217
add pulseaudio from dan.
2009-07-21 10:05:38 -04:00
Chris PeBenito
ce6fee6575
5 patches from dan
2009-07-14 10:30:22 -04:00
Chris PeBenito
10b03f376b
three debian patches from manoj
2009-07-14 09:05:59 -04:00
Chris PeBenito
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
Chris PeBenito
63f0a71c8a
trunk: 9 patches from dan.
2009-06-01 16:03:42 +00:00
Chris PeBenito
c90440a7cd
trunk: 4 patches from dan.
2009-03-11 13:32:23 +00:00
Chris PeBenito
f79314234a
trunk: 6 patches from dan.
2009-02-11 19:28:30 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
ff8f0a63f4
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
Chris PeBenito
6073ea1e13
trunk: whitespace fix changing multiple spaces into tabs.
2008-12-03 18:33:19 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00