04d51e18c8
Switch pipe reading on domtrans to inherited only
...
Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
2020-04-20 15:46:38 -04:00
410a682138
Fix mismatches between object class and permission macro.
...
In many cases, this won't result in a change in the actual policy generated, but if the definitions of macros are changed going forward, the mismatches could cause issues.
Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
2020-04-20 15:46:33 -04:00
10388e1319
auth: Move optional out of auth_use_pam_systemd() to callers.
2017-02-26 12:08:02 -05:00
ba0e51c5b0
su: some adjustments
...
* systemd fixes
* remove unused attribute su_domain_type
* remove hide_broken_symptoms sections
* dontaudit init_t proc files access
* dontaudit net_admin capability due to setsockopt
2017-02-18 21:50:45 +01:00
1720e109a3
Sort capabilities permissions from Russell Coker.
2017-02-15 18:47:33 -05:00
1cfba86fc0
Update su for libselinux-2.5 changes.
...
su is linked against libselinux via pam_unix.so. Use the selinuxutil
interface so future libselinux changes are pulled in.
2016-03-25 10:24:59 -04:00
6624f9cf7a
Drop RHEL4 and RHEL5 support.
2014-09-24 13:10:37 -04:00
e2fa4f2e8c
Add user application, tmp and tmpfs file interfaces.
2011-10-28 08:48:10 -04:00
8d387b3228
Rename init_search_script_key() to init_search_script_keys().
2010-10-11 09:36:31 -04:00
b21846594d
su: wants to read inits script keyring.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-10-11 09:30:54 -04:00
a576078738
su: redundant, init_dontaudit_use_script_ptys($1_su_t)
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-10-11 09:30:48 -04:00
6e293ffd2c
Revert su default_t rule.
2010-10-08 09:15:17 -04:00
bd7d571195
su: search parent.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-10-08 08:47:03 -04:00
00a1438d82
su: wants to search callers keyring.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-10-08 08:47:03 -04:00
6a05763d51
su: do not audit attempts to search /root.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-10-08 08:47:02 -04:00
f7e3410aed
Su patch from Dan Walsh.
...
dontaudit leaked sockets
2010-06-18 14:32:42 -04:00
91cbcc6602
Fix deprecated interface usage in rhel4 block in su.if.
2010-05-24 15:09:18 -04:00
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
c7dc1c7222
trunk: Allow unix_update to change the security attributes associate with files so
...
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
9e7a338509
trunk: su fixes from clip.
2009-01-13 19:44:23 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
b4beb0a0fb
missed piece of clip patch
2007-04-30 14:32:31 +00:00
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
d9845ae92a
patch from dan Tue, 24 Oct 2006 11:00:28 -0400
2006-10-31 21:01:48 +00:00
8708d9bef2
patch from dan Wed, 20 Sep 2006 12:12:49 -0400
2006-09-22 17:14:35 +00:00
bbcd3c97dd
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
3ef029db7c
add nscd_socket_use() to auth_use_nsswitch() since it caches nss lookups.
2006-08-22 19:37:56 +00:00
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00
Daniel Burgener
Chris PeBenito
cgzones
Chris PeBenito
Dominick Grift
Chris PeBenito