1c5c70d4ab
init: Move interface and whitespace change.
2017-02-25 08:39:58 -05:00
5acda8076f
init: Rename init_search_pid_dirs() to init_search_pids().
2017-02-25 08:38:16 -05:00
35bd01104a
new init interfaces for systemd
...
These are needed by several patches I'm about to send.
Description: some new interfaces for init/systemd
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-02-24
2017-02-25 08:19:39 -05:00
7cc502dfe5
mailman: Fixes from Russell Coker.
2017-02-23 20:59:14 -05:00
d504e1ef1b
rw_inherited_file_perms
...
This patch defines rw_inherited_file_perms. It's needed by a few patches
I'm going to send soon so I need to get it in before they go in.
Also it's generally a good thing to have. We should reconsider some of the
other policy for whether it should use this.
2017-02-23 20:52:04 -05:00
c12d16435b
Xen fixes from Russell Coker.
2017-02-23 20:32:17 -05:00
c3c767bae2
Module version bump for CI fixes.
2017-02-23 20:32:10 -05:00
65e60689d4
Fix CI errors.
2017-02-23 20:16:40 -05:00
2087bde934
Systemd fixes from Russell Coker.
2017-02-23 20:03:23 -05:00
485929b762
Module version bump for ntp fixes from cgzones.
2017-02-22 19:01:20 -05:00
389e3c954f
Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy
2017-02-22 18:37:29 -05:00
17753638ca
add init_daemon_lock_file()
...
needed for ntp
2017-02-21 15:07:47 +01:00
14cc33cba9
alsa, vnstat: Updates from cgzones.
2017-02-20 12:14:23 -05:00
498fb3c6e8
Module version bump for cgroups systemd fix from cgzones.
2017-02-20 11:21:00 -05:00
e72556c6dd
Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy
2017-02-20 11:13:07 -05:00
132db642bd
Module version bump for selinuxutil and systmd changes from cgzones.
2017-02-20 10:57:50 -05:00
34cfce5410
Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy
2017-02-20 10:53:56 -05:00
e52b701f59
Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy
2017-02-20 10:43:18 -05:00
3b1909d1d1
fetchmail, mysql, tor: Misc fixes from Russell Coker.
2017-02-20 10:33:23 -05:00
b5497053e9
monit: Fix build error.
...
Uncovered by Travis-CI.
2017-02-20 08:43:12 -05:00
ede0dadc05
Monit policy from Russell Coker and cgzones.
2017-02-19 16:39:35 -05:00
53fb3a3ba4
dpkg: Updates from Russell Coker.
2017-02-19 16:13:14 -05:00
2fcce0a88f
Merge branch 'master' of github.com:TresysTechnology/refpolicy
2017-02-18 14:02:36 -05:00
4c16ca2d66
Only display the WERROR notice if there actually are errors.
2017-02-18 13:59:33 -05:00
14566f96a9
Module version bump for hostname fix from cgzones.
2017-02-18 13:58:29 -05:00
36fa3d8916
Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy
2017-02-18 13:32:23 -05:00
8266424bcb
systemd_cgroups_t: fix denials
2017-02-18 18:41:45 +01:00
7d9a3be9f0
Merge pull request #98 from cgzones/admin_process_pattern
...
add admin_process_pattern macro
2017-02-18 12:38:23 -05:00
3726cd58f6
Module version bump for changes from cgzones.
2017-02-18 12:28:38 -05:00
abe9e18f73
Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy
2017-02-18 11:54:16 -05:00
e96c357b79
Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy
2017-02-18 11:51:40 -05:00
8b6525e992
Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy
2017-02-18 11:39:05 -05:00
959f78de99
Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy
2017-02-18 11:34:23 -05:00
74d6a63ff9
mon: Fix deprecated interface usage.
2017-02-18 11:21:34 -05:00
c784507bce
Travis-CI: Terminate build immediately on error.
...
See travis-ci/travis-ci#1066 .
2017-02-18 10:37:35 -05:00
1af24ad32b
Fix Travis-CI WERROR support.
2017-02-18 10:25:48 -05:00
dd03d589e2
Implement WERROR build option to treat warnings as errors.
...
Add this to all Travis-CI builds.
2017-02-18 10:20:20 -05:00
cb35cd587f
Little misc patches from Russell Coker.
2017-02-18 09:39:01 -05:00
dd4cfd8a77
add admin_process_pattern macro
...
useful for MODULE_admin interfaces
2017-02-17 16:26:22 +01:00
7ff92a886a
files: no default types for /run and /var/lock
...
encourage private types for /run and /var/lock by not providing default contexts anymore
2017-02-16 17:14:38 +01:00
da1ea093cb
corecommands: label some binaries as bin_t
2017-02-16 17:05:26 +01:00
61b72e0796
selinuxutil: adjustments
...
* no negative permission matching for newrole_t:process
* do not label /usr/lib/selinux as policy_src_t, otherwise semodule can not run /usr/lib/selinux/hll/pp
* reorder label for /run/restorecond.pid
* fix systemd related denials
2017-02-16 16:53:06 +01:00
d9fcbdfbb3
hostname: small adjustments
...
* reorder process - capabilities statements
* remove unsighted debian block
2017-02-16 16:39:50 +01:00
60983561be
sysadm: fix denials
...
allow to read kmesg and the selinux policy
2017-02-16 16:00:14 +01:00
7539f65bc2
setfiles: allow getattr to kernel pseudo fs
...
userdomains should not alter labels of kernel pseudo filesystems, but allowing setfiles/restorecon(d) to check the contexts helps spotting incorrect labels
2017-02-16 15:26:29 +01:00
d9980666a4
Update contrib.
2017-02-15 19:08:32 -05:00
5a6251efc6
tiny mon patch
...
When you merged the mon patch you removed the ability for mon_t to execute
lib_t files.
The following patch re-enables the ability to execute alert scripts.
2017-02-15 18:51:39 -05:00
1720e109a3
Sort capabilities permissions from Russell Coker.
2017-02-15 18:47:33 -05:00
629b8af1e1
Update contrib.
2017-02-13 20:00:52 -05:00
69215f0664
inherited file and fifo perms
...
The following patch defines new macros rw_inherited_fifo_file_perms and
rw_inherited_term_perms for the obvious reason.
I've had this in Debian for a while and some Debian policy relies on it.
I think it's appropriate to include this before including any policy that
relies on it because it's an obvious foundation for writing good policy.
We could have inherited perms macros for other object types, but terminals
and fifos are the main ones that get inherited. The next best candidate
for such a macro is a sock_file, and that's largely due to systemd setting
programs stdout/stderr to unix domain sockets.
2017-02-12 13:55:25 -05:00
Chris PeBenito
Russell Coker
cgzones