RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,387 Commits 3 Branches 49 Tags 19 MiB
Commit Graph

2566 Commits

Author SHA1 Message Date
Chris PeBenito 43f197494a dontaudit net_admin for SO_SNDBUFFORCE 
The following patch adds dontaudit rules for where the net_admin capability
is requested due to SO_SNDBUFFORCE.  This forces the caller to use SO_SNDBUF
which gives the same result but possibly a smaller buffer.

From Russell Coker
 2017-03-25 12:32:01 -04:00
Chris PeBenito dad2917f39 Module version bump for fixes from cgzones. 2017-03-18 09:14:51 -04:00
Chris PeBenito 63a6a44b3d Module version bump for fixes from cgzones. 2017-03-12 16:36:49 -04:00
cgzones d62ce5b4e8 lvm: small adjustments 
* align file contexts
* fix lvm_admin()
* call user_use_inherited_user_terminals and remove useless dontaudit call
 2017-03-12 10:32:02 +01:00
Chris PeBenito 4d028498d8 Module version bumps for fixes from cgzones. 2017-03-05 10:48:42 -05:00
Chris PeBenito 919a478e47 Merge branch 'fix_usr_bin_merge' of git://github.com/cgzones/refpolicy 2017-03-05 09:43:50 -05:00
Chris PeBenito 05fef195bc Merge branch 'modutils_module' of git://github.com/cgzones/refpolicy 2017-03-05 09:11:54 -05:00
cgzones 4b79a54b41 modutils: adopt callers to new interfaces 2017-03-03 12:28:17 +01:00
cgzones d2702a4224 corecmd_read_bin_symlinks(): remove deprecated and redundant calls 2017-03-03 12:00:07 +01:00
cgzones cef1f7bb29 corecommands: fix corecmd_*_bin() for usr merged systems 2017-03-03 11:53:35 +01:00
Chris PeBenito cdbca94133 Module version bump for getty patch from cgzones. 2017-03-02 20:25:04 -05:00
Chris PeBenito e77bd0b18b Merge branch 'getty_module' of git://github.com/cgzones/refpolicy 2017-03-02 19:23:42 -05:00
Jason Zaman ef653c810a authlogin: put interface properly inside optional 2017-02-28 19:55:27 -05:00
Chris PeBenito 2f3691e4c8 Merge pull request #103 from fishilico/validate_modular_fc 
Make "validate" target verify file contexts
 2017-02-28 19:49:33 -05:00
Chris PeBenito 40ef165744 Module version bump for misc fixes from cgzones. 2017-02-28 19:42:24 -05:00
Chris PeBenito aa0665cfac Merge branch 'monit_depend' of git://github.com/cgzones/refpolicy 2017-02-28 19:31:33 -05:00
Chris PeBenito e36f5a4ce9 Module version bump for user terminal improvments from cgzones. 2017-02-28 19:14:29 -05:00
Nicolas Iooss 2e2088b401
devices: fix Debian file contexts 
When using setfiles to validate file contexts of Debian modular policy
(with DISTRO=debian and MONOLITHIC=n), it fails with:

    tmp/all_mods.fc:  line 527 is missing fields
    tmp/all_mods.fc:  line 527 is missing fields
    tmp/all_mods.fc: Invalid argument

Here is the content of tmp/all_mods.fc around line 527:

    # this is a static /dev dir "backup mount"
    # if you want to disable udev, youll have to boot permissive and relabel!
    /dev/\.static           -d      system_u:object_r:device_t
    /dev/\.static/dev       -d      system_u:object_r:device_t
    /dev/\.static/dev/(.*)?         <<none>>
    '

The quote of "you'll" has been eaten by m4 and there is a spurious quote
on the last line, which is reported by setfiles. Fix this by removing
the quote in the comment.

Here is an example of a failed build on Travis-CI:
https://travis-ci.org/fishilico/selinux-refpolicy-patched/jobs/205951446
 2017-02-27 22:24:02 +01:00
cgzones 4d0d7cfc6f systemd-tmpfiles: refactor runtime configs 
handle runtime configuration files under /run/tmpfiles.d as 3rd party content, like /run or /var/lib
 2017-02-27 19:32:20 +01:00
cgzones 94311b1c20 modutils: adjust interfaces after recent binaries merge 2017-02-27 19:27:03 +01:00
cgzones 7d1a81a006 modutils: format filecontexts 2017-02-27 19:27:03 +01:00
cgzones 3c7cec58a2 getty: overlook module 
* reorder file contexts
* rename getty_var_run_t into getty_runtime_t and getty_etc_t into getty_conf_t
* remove unneeded and confusing init permissions
* delete access on generic pids
* remove invalid etc filetrans: getty has no create permissions for its config files
* restrict logfile access
 2017-02-27 19:21:39 +01:00
cgzones 1f1e2474d8 improve documentation for user_user_(inherited_)?user_terminals 2017-02-27 18:17:10 +01:00
Chris PeBenito ca04cdb14b Module version bump for patches from cgzones. 2017-02-26 12:23:19 -05:00
Chris PeBenito f727615595 Merge branch 'locallogin_module' of git://github.com/cgzones/refpolicy 2017-02-26 12:09:11 -05:00
Chris PeBenito 10388e1319 auth: Move optional out of auth_use_pam_systemd() to callers. 2017-02-26 12:08:02 -05:00
Chris PeBenito 15f0cc4fe1 Merge branch 'newrole_fixes' of git://github.com/cgzones/refpolicy 2017-02-26 11:58:43 -05:00
Chris PeBenito 2170c65ad9 Merge branch 'su_module' of git://github.com/cgzones/refpolicy 2017-02-26 11:48:37 -05:00
Chris PeBenito 1fc4753443 devices: Fix docs for dev_write_generic_sock_files(). 2017-02-25 11:50:31 -05:00
Chris PeBenito 74bf84a79e apache: Fix CI error. 2017-02-25 11:50:11 -05:00
Chris PeBenito 9f99cfb771 Network daemon patches from Russell Coker. 2017-02-25 11:20:19 -05:00
Chris PeBenito e527ebaadf systemd: Further revisions from Russell Coker. 2017-02-25 09:35:10 -05:00
Chris PeBenito 1c5c70d4ab init: Move interface and whitespace change. 2017-02-25 08:39:58 -05:00
Chris PeBenito 5acda8076f init: Rename init_search_pid_dirs() to init_search_pids(). 2017-02-25 08:38:16 -05:00
Russell Coker 35bd01104a new init interfaces for systemd 
These are needed by several patches I'm about to send.

Description: some new interfaces for init/systemd
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-02-24
 2017-02-25 08:19:39 -05:00
Chris PeBenito 7cc502dfe5 mailman: Fixes from Russell Coker. 2017-02-23 20:59:14 -05:00
Chris PeBenito c12d16435b Xen fixes from Russell Coker. 2017-02-23 20:32:17 -05:00
Chris PeBenito c3c767bae2 Module version bump for CI fixes. 2017-02-23 20:32:10 -05:00
Chris PeBenito 65e60689d4 Fix CI errors. 2017-02-23 20:16:40 -05:00
Chris PeBenito 2087bde934 Systemd fixes from Russell Coker. 2017-02-23 20:03:23 -05:00
Chris PeBenito 485929b762 Module version bump for ntp fixes from cgzones. 2017-02-22 19:01:20 -05:00
cgzones 17753638ca add init_daemon_lock_file() 
needed for ntp
 2017-02-21 15:07:47 +01:00
Chris PeBenito 14cc33cba9 alsa, vnstat: Updates from cgzones. 2017-02-20 12:14:23 -05:00
Chris PeBenito 498fb3c6e8 Module version bump for cgroups systemd fix from cgzones. 2017-02-20 11:21:00 -05:00
Chris PeBenito e72556c6dd Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy 2017-02-20 11:13:07 -05:00
Chris PeBenito 132db642bd Module version bump for selinuxutil and systmd changes from cgzones. 2017-02-20 10:57:50 -05:00
Chris PeBenito 34cfce5410 Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy 2017-02-20 10:53:56 -05:00
Chris PeBenito e52b701f59 Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy 2017-02-20 10:43:18 -05:00
Chris PeBenito 3b1909d1d1 fetchmail, mysql, tor: Misc fixes from Russell Coker. 2017-02-20 10:33:23 -05:00
Chris PeBenito b5497053e9 monit: Fix build error. 
Uncovered by Travis-CI.
 2017-02-20 08:43:12 -05:00