b9a562446d
Move all ulogd networking into the mysql and postgres optionals.
2010-11-19 11:39:36 -05:00
a00839dcc1
ulogd patch from Dan Walsh
...
"communicates with mysql and postgres via the network"
2010-11-18 13:26:19 -05:00
8d4ee022e6
Module version bump for usbmuxd.
2010-11-17 11:00:12 -05:00
e6b13f9e1e
usbmuxd patch from Dan Walsh
...
"Lots of stuff labeled var_run_t"
2010-11-17 11:00:12 -05:00
289f1d3c32
Module version bump for uucp.
2010-11-17 10:21:17 -05:00
e7d6384c07
uucp patch from Dan Walsh
...
"Executes ssh to setup connection"
2010-11-17 10:21:17 -05:00
00ea7bbb84
Module version bump for varnishd.
2010-11-17 10:05:36 -05:00
2e2f2cbe04
varnishd patch from Dan Walsh
...
"Kills it self
+ varnishd_read_lib_files(services_munin_plugin_t)"
2010-11-17 10:02:11 -05:00
f920903264
Module version bump for hostname.
2010-11-17 09:30:44 -05:00
8b61886e56
Module version bump for miscfiles.
2010-11-17 09:30:44 -05:00
a2e8969d04
Additional miscfiles tweaks.
2010-11-17 09:30:44 -05:00
d19a291e4e
system_miscfiles patch from Dan Walsh
...
"move cobbler, Allow policy to define certs."
2010-11-17 09:30:44 -05:00
7121e45e00
hostname patch from Dan Walsh
...
"Hostname access Seems to attract leaks."
Edits:
- No dontaudit_leaks in refpolicy, dropped those interface calls, leaving only nis_use_ypbind
2010-11-17 09:30:44 -05:00
9711c7bdb5
Add tun_socket ubac constraint and add tun_socket to socket_class_set.
2010-11-11 09:48:43 -05:00
52f38d23c9
Module version bump for Chris Richards' mount patchset.
2010-11-11 09:48:01 -05:00
66ef236c90
Minor fixes for Chris Richards' mount patchset.
2010-11-11 09:47:37 -05:00
a861c7c6fd
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:20 -05:00
4b825e21d4
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:12 -05:00
55d8395f49
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:05 -05:00
7644a58c1f
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:14:57 -05:00
3e99a17663
dontaudit mount writes to newly mounted filesystems
...
As of util-linux-n 2.18, the mount utility now attempts to write to the root
of newly mounted filesystems. It does this in an attempt to ensure that the
r/w status of a filesystem as shown in mtab is correct. To detect whether
a filesystem is r/w, mount calls access() with the W_OK argument. This
results in an AVC denial with current policy. As a fallback, mount also
attempts to modify the access time of the directory being mounted on if
the call to access() fails. As mount already possesses the necessary
privileges, the modification of the access time succeeds (at least on systems
with the futimens() function, which has existed in linux since kernel 2.6.22
and glibc since version 2.6, or about July 2007).
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:14:48 -05:00
239e8e214e
AIDE can be configured to log to syslog
2010-11-05 13:13:42 -04:00
bc5a858a4e
Change /dev/log fc to MLS system high.
...
When the syslog recreates this sock_file on startup, it gets this sensitivity anyway.
This will prevent incorrect relabeling if /dev is relabeled.
2010-11-05 13:13:21 -04:00
47ecd96afa
Fix deprecated interface usage in vlock.
2010-11-02 09:17:16 -04:00
65ac69dd0e
Whitespace fix in secadm.te and auditadm.te.
2010-11-02 09:09:05 -04:00
20cce006fa
Make auditadm & secadm able to use vlock
...
Make the auditadm and secadm able to use the vlock program.
Also bump their module versions.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2010-11-02 09:06:13 -04:00
6df9de4947
Module version bump for vlock. Changelog entry.
2010-11-01 11:22:25 -04:00
7f9f5bce63
Rename vlock interfaces.
2010-11-01 11:22:07 -04:00
b058561a14
Rearrange rules in vlock.
2010-11-01 11:21:02 -04:00
d35e2ee03b
Adding support for the vlock program.
...
Both the system administrator and the unprivileged user could use vlock
to lock the current console when logging in either from the serial console
or by ssh.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2010-11-01 10:43:33 -04:00
ff827d6cc3
Git man page from Dominick Grift.
2010-10-28 14:35:29 -04:00
a31679b43f
FTPd man page patch from Dan Walsh.
2010-10-28 14:34:10 -04:00
220915dcad
Add mounting interfaces for selinuxfs.
2010-10-28 14:32:24 -04:00
c1229a8232
Module version bump for oident. Additional comments for kernel loading.
2010-10-27 15:36:01 -04:00
306d488a52
oident patch from Dan Walsh
2010-10-27 15:17:12 -04:00
7ff21090c1
Additional rearrangement in tor and module version bump.
2010-10-27 15:06:13 -04:00
2925b799f6
tor patch from Dan Walsh
...
Added additional access for dns server (bind on the port shouldn't be enough)
2010-10-27 15:06:13 -04:00
98f8408519
Additional rearrangement in corecommands, along with module version bump.
2010-10-27 14:09:00 -04:00
c60f75ad0f
corecommands patch from Dan Walsh: "Lots of bin_t files"
2010-10-27 13:33:29 -04:00
2341eb2d45
Sosreport changelog entry.
2010-10-26 15:24:02 -04:00
06dbd3bad1
Move sosreport to admin layer.
2010-10-26 15:23:20 -04:00
a0a4752856
Minor sosreport cleanup.
2010-10-26 15:22:24 -04:00
698289ff36
sosreport policy from Dan Walsh
...
- A couple style fixes
2010-10-22 11:16:05 -04:00
00de01dab2
Move kdump to admin layer.
2010-10-21 10:45:20 -04:00
1ec6fe6eef
Module version bump for kdump.
2010-10-21 10:20:24 -04:00
bd0bb4ea7c
Module version bump for setrans.
2010-10-21 10:20:24 -04:00
1b0ce6c984
setrans patch from Dan Walsh
...
Edits:
- Leaving out the mls_trusted_object(setrans_t) for now
2010-10-21 10:20:24 -04:00
d8572a6f5f
kdump patch from Dan Walsh
2010-10-21 10:20:24 -04:00
f1b2add393
Module version bump for asterisk.
2010-10-21 09:56:49 -04:00
c152763d6e
asterisk patch from Dan Walsh
2010-10-21 09:56:49 -04:00
Chris PeBenito
Jeremy Solt
Chris Richards
Harry Ciao