selinux-policy/policy/modules/apps
Dominick Grift 623e4f0885 1/1] Make the ability to mmap zero conditional where this is fapplicable.
Retry: forgot to include attribute mmap_low_domain_type attribute to domain_mmap_low()	:

Inspired by similar implementation in Fedora.
Wine and vbetool do not always actually need the ability to mmap a low area of the address space.
In some cases this can be silently denied.

Therefore introduce an interface that facilitates "mmap low" conditionally, and the corresponding boolean.
Also implement booleans for wine and vbetool that enables the ability to not audit attempts by wine and vbetool to mmap a low area of the address space.

Rename domain_mmap_low interface to domain_mmap_low_uncond.

Change call to domain_mmap_low to domain_mmap_low_uncond for xserver_t. Also move this call to distro redhat ifndef block because Redhat does not need this ability.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-01 09:41:56 -04:00
..
ada.fc trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
ada.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
ada.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
authbind.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
authbind.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
authbind.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
awstats.fc trunk: add awstats from Stefan Schulze Frielinghaus. 2007-09-17 17:25:40 +00:00
awstats.if trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
awstats.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
calamaris.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
calamaris.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
calamaris.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
cdrecord.fc three debian patches from manoj 2009-07-14 09:05:59 -04:00
cdrecord.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
cdrecord.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
cpufreqselector.fc add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
cpufreqselector.if add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
cpufreqselector.te Cpufreqselector patch from Dan Walsh. 2010-06-21 09:03:11 -04:00
evolution.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
evolution.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
evolution.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
games.fc trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate. 2007-08-27 17:57:36 +00:00
games.if trunk: 4 patches from dan. 2009-03-11 13:32:23 +00:00
games.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
gift.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gift.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gift.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
gitosis.fc gitosis patch from Dan Walsh 2010-06-29 11:25:37 -04:00
gitosis.if gitosis patch from Dan Walsh 2010-06-29 11:25:37 -04:00
gitosis.te Module version bump for 5f04c91. 2010-06-29 11:26:16 -04:00
gnome.fc Part of gnome patch from Dan Walsh. 2010-08-12 09:21:36 -04:00
gnome.if Part of gnome patch from Dan Walsh. 2010-08-12 09:21:36 -04:00
gnome.te Part of gnome patch from Dan Walsh. 2010-08-12 09:21:36 -04:00
gpg.fc gpg patch from dan 2009-07-21 10:07:38 -04:00
gpg.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
gpg.te GPG patch from Dan Walsh. 2010-07-06 10:58:40 -04:00
irc.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
irc.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
irc.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
java.fc Java patch from Dan Walsh. 2010-05-14 10:40:59 -04:00
java.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
java.te Remove duplicate/redundant rules, from Russell Coker. 2010-07-07 08:41:20 -04:00
kdumpgui.fc Additional kdumpgui cleanup. 2010-08-10 09:21:01 -04:00
kdumpgui.if Policy for system-config-kdump gui from Dan Walsh 2010-08-10 09:05:43 -04:00
kdumpgui.te Additional kdumpgui cleanup. 2010-08-10 09:21:01 -04:00
livecd.fc Add livecd from Dan Walsh. 2010-07-07 10:28:25 -04:00
livecd.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
livecd.te Add livecd from Dan Walsh. 2010-07-07 10:28:25 -04:00
loadkeys.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
loadkeys.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
loadkeys.te Loadkeys patch from Dan Walsh. 2010-06-18 15:12:33 -04:00
lockdev.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
lockdev.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
lockdev.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
metadata.xml remove extra level of directory 2006-07-12 20:32:27 +00:00
mono.fc Mono patch from Dan Walsh. 2010-02-19 10:42:43 -05:00
mono.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
mono.te Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
mozilla.fc Mozilla patch from Dan Walsh. 2010-06-21 09:36:39 -04:00
mozilla.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
mozilla.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
mplayer.fc trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
mplayer.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
mplayer.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
podsleuth.fc podsleuth patch from dan. 2009-07-21 10:11:16 -04:00
podsleuth.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
podsleuth.te Podsleuth patch from Dan Walsh. 2010-06-22 09:01:38 -04:00
ptchown.fc add ptchown policy from dan. 2009-08-31 10:21:01 -04:00
ptchown.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
ptchown.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
pulseaudio.fc Tweaks on pulseaudio 1868383, ksmtuned d279dd6, and smokeping f3c346c. 2010-03-29 09:19:40 -04:00
pulseaudio.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
pulseaudio.te Add missing ubac constraints on pulseaudio. 2010-07-09 09:14:35 -04:00
qemu.fc Qemu patch from Dan Walsh. 2010-06-22 09:32:35 -04:00
qemu.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
qemu.te Qemu patch from Dan Walsh. 2010-06-22 09:32:35 -04:00
rssh.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
rssh.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
rssh.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
sambagui.fc system-config-samba dbus service policy from Dan Walsh 2010-08-09 09:37:29 -04:00
sambagui.if system-config-samba dbus service policy from Dan Walsh 2010-08-09 09:37:29 -04:00
sambagui.te system-config-samba dbus service policy from Dan Walsh 2010-08-09 09:37:29 -04:00
screen.fc trunk: 9 patches from dan. 2009-06-01 16:03:42 +00:00
screen.if Screen needs to setattr on user_ttydevice_t from Dan Walsh 2010-03-16 13:36:45 -04:00
screen.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
seunshare.fc add seunshare from dan. 2009-09-28 15:40:06 -04:00
seunshare.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
seunshare.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
slocate.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
slocate.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
slocate.te Slocate patch from Dan Walsh. 2010-06-22 09:58:14 -04:00
thunderbird.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
thunderbird.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
thunderbird.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
tvtime.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
tvtime.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
tvtime.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
uml.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
uml.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
uml.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
userhelper.fc patch to fix escaping of . in file contexts from james athey 2006-07-24 15:43:57 +00:00
userhelper.if Interface documentation standardization patch from Dan Walsh. 2010-08-02 09:22:09 -04:00
userhelper.te Remove ethereal module since the application was renamed to wireshark due to trademark issues. 2010-07-07 09:31:57 -04:00
usernetctl.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
usernetctl.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
usernetctl.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
vmware.fc VMWare patch from Dan Walsh. 2010-07-08 13:43:50 -04:00
vmware.if VMWare patch from Dan Walsh. 2010-07-08 13:43:50 -04:00
vmware.te VMWare patch from Dan Walsh. 2010-07-08 13:43:50 -04:00
webalizer.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
webalizer.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
webalizer.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
wine.fc Wine patch from Dan Walsh. 2010-02-19 09:17:51 -05:00
wine.if 1/1] Make the ability to mmap zero conditional where this is fapplicable. 2010-09-01 09:41:56 -04:00
wine.te 1/1] Make the ability to mmap zero conditional where this is fapplicable. 2010-09-01 09:41:56 -04:00
wireshark.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
wireshark.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
wireshark.te Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
wm.fc wm policy from dan 2009-07-27 15:11:22 -04:00
wm.if Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
wm.te Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
xscreensaver.fc clean up xscreensaver. 2009-09-15 09:41:42 -04:00
xscreensaver.if clean up xscreensaver. 2009-09-15 09:41:42 -04:00
xscreensaver.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
yam.fc patch to fix escaping of . in file contexts from james athey 2006-07-24 15:43:57 +00:00
yam.if apps: domain { allowed to transition, allowed access, to not audit }. 2010-08-05 08:20:59 -04:00
yam.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00