Guido Trentalancia
02b4ee1f81
locallogin: fix the sulogin submodule (emergency shell!)
...
This patch fixes the policy for sulogin. It is very important
because without this patch, sulogin cannot work properly and
it should be considered that it is used as an emergency shell
when there are serious consistency errors in the system, so it
constitutes the only way to recover the system in such
circumstances.
Nowadays, sulogin never uses PAM (at least not the official one
from util-linux), so obsolete, confusing and buggy policy has
been removed.
Extensive testing carried out while creating this patch indicates
that there aren't other permissions needed to successfully run
sulogin.
This second version should apply cleanly to the latest git tree.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
2017-04-26 06:15:02 -04:00
Chris PeBenito
73d8b3026c
Systemd-related changes from Russell Coker.
2017-04-06 17:37:50 -04:00
Chris PeBenito
4d028498d8
Module version bumps for fixes from cgzones.
2017-03-05 10:48:42 -05:00
cgzones
d2702a4224
corecmd_read_bin_symlinks(): remove deprecated and redundant calls
2017-03-03 12:00:07 +01:00
Chris PeBenito
ca04cdb14b
Module version bump for patches from cgzones.
2017-02-26 12:23:19 -05:00
cgzones
a5658b85a0
locallogin: adjustments
...
* do not grant permissions by negativ matching
* separate dbus from consolekit block for systemd
2017-02-18 19:36:44 +01:00
Chris PeBenito
1720e109a3
Sort capabilities permissions from Russell Coker.
2017-02-15 18:47:33 -05:00
Chris PeBenito
2e7553db63
Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.
2017-02-04 15:19:35 -05:00
Chris PeBenito
69ede859e8
Bump module versions for release.
2017-02-04 13:30:53 -05:00
Chris PeBenito
67c435f1fc
Module version bump for fc updates from Nicolas Iooss.
2016-12-28 14:38:05 -05:00
Chris PeBenito
c23353bcd8
Bump module versions for release.
2015-12-08 09:53:02 -05:00
Chris PeBenito
17694adc7b
Module version bump for systemd additions.
2015-10-23 14:53:14 -04:00
Chris PeBenito
579849912d
Add supporting rules for domains tightly-coupled with systemd.
2015-10-23 10:17:46 -04:00
Chris PeBenito
10ff4d0fa3
Bump module versions for release.
2014-03-11 08:16:57 -04:00
Chris PeBenito
58db129761
Update modules for file_t merge into unlabeled_t.
2014-01-16 11:24:25 -05:00
Chris PeBenito
d174521a64
Bump module versions for release.
2013-04-24 16:14:52 -04:00
Chris PeBenito
be2e70be8d
Module version bump for fixes from Dominick Grift.
2013-01-03 10:53:34 -05:00
Dominick Grift
79e1e4efb9
NSCD related changes in various policy modules
...
Use nscd_use instead of nscd_socket_use. This conditionally allows
nscd_shm_use
Remove the nscd_socket_use from ssh_keygen since it was redundant
already allowed by auth_use_nsswitch
Had to make some ssh_keysign_t rules unconditional else
nscd_use(ssh_keysign_t) would not build (nested booleans) but that does
not matter, the only actual domain transition to ssh_keysign_t is
conditional so the other unconditional ssh_keygen_t rules are
conditional in practice
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-01-03 10:43:10 -05:00
Chris PeBenito
aa4dad379b
Module version bump for release.
2011-07-26 08:11:01 -04:00
Chris PeBenito
127d617b31
Pull in some changes from Fedora policy system layer.
2011-04-14 11:36:56 -04:00
Chris PeBenito
8d46bd3017
Module version bump and changelog for /dev/console login from Harry Ciao.
2011-01-14 14:41:15 -05:00
Chris PeBenito
dedbfa4f97
Rename allow_console tunable to console_login.
2011-01-14 11:44:42 -05:00
Harry Ciao
fc1ef4ac3b
Enable login from /dev/console.
...
Add the support to login and use the system from /dev/console.
1. Make gettty_t able to use the /dev/console;
2. Make local_login_t able to relabel /dev/console to user tty types;
3. Provide the type_change rule for relabeling /dev/console.
All above supports are controlled by the allow_console tunable.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2011-01-14 11:23:19 -05:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
8cd1306e5b
fix ordering of interface calls in locallogin.
2009-08-05 10:06:04 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
Chris PeBenito
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
Chris PeBenito
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
2b592aa495
trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus
2008-07-18 13:25:31 +00:00
Chris PeBenito
cfcf5004e5
trunk: bump versions for release.
2008-07-02 14:07:57 +00:00
Chris PeBenito
e9c6cda7da
trunk: Move user roles into individual modules.
2008-04-29 13:58:34 +00:00
Chris PeBenito
12cf805e1c
trunk: add basic ubuntu support
2008-02-05 18:24:43 +00:00
Chris PeBenito
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
Chris PeBenito
bd973e3e68
trunk: remove unused types from dbus.
2007-10-26 18:04:38 +00:00
Chris PeBenito
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
Chris PeBenito
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
134a799c75
trunk: 3 patches from dan.
2007-09-11 19:24:32 +00:00
Chris PeBenito
d46cfe45cd
trunk: add application module
2007-07-19 18:57:48 +00:00
Chris PeBenito
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
Chris PeBenito
d9845ae92a
patch from dan Tue, 24 Oct 2006 11:00:28 -0400
2006-10-31 21:01:48 +00:00