c3c767bae2
Module version bump for CI fixes.
2017-02-23 20:32:10 -05:00
65e60689d4
Fix CI errors.
2017-02-23 20:16:40 -05:00
2087bde934
Systemd fixes from Russell Coker.
2017-02-23 20:03:23 -05:00
485929b762
Module version bump for ntp fixes from cgzones.
2017-02-22 19:01:20 -05:00
389e3c954f
Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy
2017-02-22 18:37:29 -05:00
17753638ca
add init_daemon_lock_file()
...
needed for ntp
2017-02-21 15:07:47 +01:00
14cc33cba9
alsa, vnstat: Updates from cgzones.
2017-02-20 12:14:23 -05:00
498fb3c6e8
Module version bump for cgroups systemd fix from cgzones.
2017-02-20 11:21:00 -05:00
e72556c6dd
Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy
2017-02-20 11:13:07 -05:00
132db642bd
Module version bump for selinuxutil and systmd changes from cgzones.
2017-02-20 10:57:50 -05:00
34cfce5410
Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy
2017-02-20 10:53:56 -05:00
e52b701f59
Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy
2017-02-20 10:43:18 -05:00
3b1909d1d1
fetchmail, mysql, tor: Misc fixes from Russell Coker.
2017-02-20 10:33:23 -05:00
b5497053e9
monit: Fix build error.
...
Uncovered by Travis-CI.
2017-02-20 08:43:12 -05:00
5770a8ee7c
update init_ACTION_all_units
...
When with systemd a program does not ship a systemd unit file but only a init script, systemd creates a pseudo service on the fly.
To be able to act on this service, add the target attribute init_script_file_type to the init_ACTION_all_units interfaces.
Useful for monit.
2017-02-20 14:24:56 +01:00
e4f3940729
add fs_getattr_dos_dirs()
...
useful
2017-02-20 14:20:33 +01:00
c753c066d1
add corecmd_check_exec_bin_files()
...
useful for monit
2017-02-20 14:20:33 +01:00
9b5d89fcf6
newrole: fix denials
...
dontaudit net_admin access due to setsockopt
allow communication with systemd-logind
2017-02-20 14:10:17 +01:00
ede0dadc05
Monit policy from Russell Coker and cgzones.
2017-02-19 16:39:35 -05:00
53fb3a3ba4
dpkg: Updates from Russell Coker.
2017-02-19 16:13:14 -05:00
ba0e51c5b0
su: some adjustments
...
* systemd fixes
* remove unused attribute su_domain_type
* remove hide_broken_symptoms sections
* dontaudit init_t proc files access
* dontaudit net_admin capability due to setsockopt
2017-02-18 21:50:45 +01:00
4d413fd0cb
authlogin: introduce auth_use_pam_systemd
...
add special interface for pam_systemd module permissions
2017-02-18 21:50:45 +01:00
2fcce0a88f
Merge branch 'master' of github.com:TresysTechnology/refpolicy
2017-02-18 14:02:36 -05:00
4c16ca2d66
Only display the WERROR notice if there actually are errors.
2017-02-18 13:59:33 -05:00
14566f96a9
Module version bump for hostname fix from cgzones.
2017-02-18 13:58:29 -05:00
a5658b85a0
locallogin: adjustments
...
* do not grant permissions by negativ matching
* separate dbus from consolekit block for systemd
2017-02-18 19:36:44 +01:00
36fa3d8916
Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy
2017-02-18 13:32:23 -05:00
8266424bcb
systemd_cgroups_t: fix denials
2017-02-18 18:41:45 +01:00
7d9a3be9f0
Merge pull request #98 from cgzones/admin_process_pattern
...
add admin_process_pattern macro
2017-02-18 12:38:23 -05:00
3726cd58f6
Module version bump for changes from cgzones.
2017-02-18 12:28:38 -05:00
abe9e18f73
Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy
2017-02-18 11:54:16 -05:00
e96c357b79
Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy
2017-02-18 11:51:40 -05:00
8b6525e992
Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy
2017-02-18 11:39:05 -05:00
959f78de99
Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy
2017-02-18 11:34:23 -05:00
74d6a63ff9
mon: Fix deprecated interface usage.
2017-02-18 11:21:34 -05:00
c784507bce
Travis-CI: Terminate build immediately on error.
...
See travis-ci/travis-ci#1066 .
2017-02-18 10:37:35 -05:00
1af24ad32b
Fix Travis-CI WERROR support.
2017-02-18 10:25:48 -05:00
dd03d589e2
Implement WERROR build option to treat warnings as errors.
...
Add this to all Travis-CI builds.
2017-02-18 10:20:20 -05:00
cb35cd587f
Little misc patches from Russell Coker.
2017-02-18 09:39:01 -05:00
dd4cfd8a77
add admin_process_pattern macro
...
useful for MODULE_admin interfaces
2017-02-17 16:26:22 +01:00
7ff92a886a
files: no default types for /run and /var/lock
...
encourage private types for /run and /var/lock by not providing default contexts anymore
2017-02-16 17:14:38 +01:00
da1ea093cb
corecommands: label some binaries as bin_t
2017-02-16 17:05:26 +01:00
61b72e0796
selinuxutil: adjustments
...
* no negative permission matching for newrole_t:process
* do not label /usr/lib/selinux as policy_src_t, otherwise semodule can not run /usr/lib/selinux/hll/pp
* reorder label for /run/restorecond.pid
* fix systemd related denials
2017-02-16 16:53:06 +01:00
d9fcbdfbb3
hostname: small adjustments
...
* reorder process - capabilities statements
* remove unsighted debian block
2017-02-16 16:39:50 +01:00
60983561be
sysadm: fix denials
...
allow to read kmesg and the selinux policy
2017-02-16 16:00:14 +01:00
7539f65bc2
setfiles: allow getattr to kernel pseudo fs
...
userdomains should not alter labels of kernel pseudo filesystems, but allowing setfiles/restorecon(d) to check the contexts helps spotting incorrect labels
2017-02-16 15:26:29 +01:00
d9980666a4
Update contrib.
2017-02-15 19:08:32 -05:00
5a6251efc6
tiny mon patch
...
When you merged the mon patch you removed the ability for mon_t to execute
lib_t files.
The following patch re-enables the ability to execute alert scripts.
2017-02-15 18:51:39 -05:00
1720e109a3
Sort capabilities permissions from Russell Coker.
2017-02-15 18:47:33 -05:00
629b8af1e1
Update contrib.
2017-02-13 20:00:52 -05:00
Chris PeBenito
cgzones
Russell Coker