selinux-refpolicy

Commit Graph

Author	SHA1	Message	Date
Chris PeBenito	485929b762	Module version bump for ntp fixes from cgzones.	2017-02-22 19:01:20 -05:00
cgzones	17753638ca	add init_daemon_lock_file() needed for ntp	2017-02-21 15:07:47 +01:00
Chris PeBenito	498fb3c6e8	Module version bump for cgroups systemd fix from cgzones.	2017-02-20 11:21:00 -05:00
Chris PeBenito	e72556c6dd	Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy	2017-02-20 11:13:07 -05:00
Chris PeBenito	132db642bd	Module version bump for selinuxutil and systmd changes from cgzones.	2017-02-20 10:57:50 -05:00
Chris PeBenito	34cfce5410	Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy	2017-02-20 10:53:56 -05:00
Chris PeBenito	e52b701f59	Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy	2017-02-20 10:43:18 -05:00
Chris PeBenito	53fb3a3ba4	dpkg: Updates from Russell Coker.	2017-02-19 16:13:14 -05:00
Chris PeBenito	14566f96a9	Module version bump for hostname fix from cgzones.	2017-02-18 13:58:29 -05:00
Chris PeBenito	36fa3d8916	Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy	2017-02-18 13:32:23 -05:00
cgzones	8266424bcb	systemd_cgroups_t: fix denials	2017-02-18 18:41:45 +01:00
Chris PeBenito	3726cd58f6	Module version bump for changes from cgzones.	2017-02-18 12:28:38 -05:00
Chris PeBenito	959f78de99	Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy	2017-02-18 11:34:23 -05:00
Chris PeBenito	cb35cd587f	Little misc patches from Russell Coker.	2017-02-18 09:39:01 -05:00
cgzones	61b72e0796	selinuxutil: adjustments * no negative permission matching for newrole_t:process * do not label /usr/lib/selinux as policy_src_t, otherwise semodule can not run /usr/lib/selinux/hll/pp * reorder label for /run/restorecond.pid * fix systemd related denials	2017-02-16 16:53:06 +01:00
cgzones	d9fcbdfbb3	hostname: small adjustments * reorder process - capabilities statements * remove unsighted debian block	2017-02-16 16:39:50 +01:00
cgzones	7539f65bc2	setfiles: allow getattr to kernel pseudo fs userdomains should not alter labels of kernel pseudo filesystems, but allowing setfiles/restorecon(d) to check the contexts helps spotting incorrect labels	2017-02-16 15:26:29 +01:00
Chris PeBenito	1720e109a3	Sort capabilities permissions from Russell Coker.	2017-02-15 18:47:33 -05:00
Chris PeBenito	aeea0d9f3f	mon policy from Russell Coker.	2017-02-08 16:56:09 -05:00
Chris PeBenito	7aafe9d8b7	Systemd tmpfiles fix for kmod.conf from Russell Coker.	2017-02-07 19:03:59 -05:00
Chris PeBenito	69da46ae18	usrmerge FC fixes from Russell Coker.	2017-02-07 18:51:58 -05:00
Chris PeBenito	2e7553db63	Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.	2017-02-04 15:19:35 -05:00
Chris PeBenito	69ede859e8	Bump module versions for release.	2017-02-04 13:30:53 -05:00
Chris PeBenito	a848a0d465	Module version bump for cups patch from Guido Trentalancia.	2017-01-23 18:50:53 -05:00
Guido Trentalancia	3254ed2759	udev: execute HPLIP applications in their own domain Execute HP Linux Imaging and Printing (HPLIP) applications launched by udev in their own domain. Signed-off-by: Guido Trentalancia <guido@trentalancia.net>	2017-01-23 18:49:31 -05:00
Chris PeBenito	0fe21742cd	Module version bumps for patches from cgzones.	2017-01-09 20:34:15 -05:00
Chris PeBenito	a00d401c1b	Merge branch 'auditd_fixes' of git://github.com/cgzones/refpolicy	2017-01-09 18:19:35 -05:00
Chris PeBenito	694e85cc6f	Merge branch 'unconfined_module' of git://github.com/cgzones/refpolicy	2017-01-09 18:13:47 -05:00
cgzones	2526c96a2c	update mount module * rename mount_var_run_t to mount_runtime_t * delete kernel_read_unlabeled_files(mount_t) * add selinux_getattr_fs(mount_t)	2017-01-08 14:59:08 +01:00
cgzones	b59dc99d56	update unconfined module * grant capability2:wake_alarm * remove deprecated interfaces	2017-01-06 15:01:45 +01:00
cgzones	e83058d205	auditd / auditctl: fix audits	2017-01-05 11:53:06 +01:00
cgzones	739fd6054d	systemd: label /run/systemd/transient as systemd_unit_t	2017-01-05 11:37:05 +01:00
Chris PeBenito	a67c2a819d	Module version bump for patches from Guido Trentalancia.	2017-01-03 19:35:56 -05:00
Guido Trentalancia	b66c2f2ad0	init: support sysvinit Add a permission needed for the correct functioning of sysvinit on systems using the initramfs. Without the selinux_get_fs_mount() interface call, the call to libselinux:is_selinux_enabled() fails and sysvinit tries to do the initial policy load again. Signed-off-by: Guido Trentalancia <guido@trentalancia.net>	2017-01-03 19:33:54 -05:00
Chris PeBenito	67c435f1fc	Module version bump for fc updates from Nicolas Iooss.	2016-12-28 14:38:05 -05:00
Chris PeBenito	b6b7173fb1	Merge branch 'usr-fc' of git://github.com/fishilico/selinux-refpolicy-patched	2016-12-28 14:30:19 -05:00
Nicolas Iooss	85d678bd2f	Add file contexts in /usr for /bin, /usr/sbin and /usr/lib Some policy modules define file contexts in /bin, /sbin and /lib without defining similar file contexts in the same directory under /usr. Add these missing file contexts when there are outside ifdef blocks.	2016-12-27 17:06:54 +01:00
Chris PeBenito	e378390e8d	Module version bump for systemd patch from Nicolas Iooss.	2016-12-27 10:56:39 -05:00
Chris PeBenito	9fa51f58c3	Merge branch '2016-12-27_systemd' of git://github.com/fishilico/selinux-refpolicy-patched	2016-12-27 10:54:31 -05:00
Chris PeBenito	19c3addb99	Module version bump for patches from Guido Trentalancia.	2016-12-27 10:51:56 -05:00
Guido Trentalancia	b7b5611720	base: use new genhomedircon template for username Use the new genhomedircon templates for username-dependant file contexts (requires libsemanage >= 2.6). This is the base policy part (1/2).	2016-12-27 10:34:04 -05:00
Guido Trentalancia	732234f8b6	modutils: update to run in confined mode Update the modutils module so that it can run in confined mode instead of unconfined mode. Signed-off-by: Guido Trentalancia <guido@trentalancia.net>	2016-12-27 10:23:58 -05:00
Nicolas Iooss	da59af22f4	systemd: add systemd-binfmt policy This systemd service registers in /proc/sys/fs/binfmt_misc binary formats for executables. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>	2016-12-27 15:01:40 +01:00
Nicolas Iooss	938fc23ce5	systemd: add systemd-backlight policy The documentation page of this service describes well which access are needed (https://www.freedesktop.org/software/systemd/man/systemd-backlight@.service.html). systemd-backlight: - is a systemd service - manages /var/lib/systemd/backlight/ - reads udev device properties to find ID_BACKLIGHT_CLAMP Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>	2016-12-27 15:01:40 +01:00
Chris PeBenito	f850ec37df	Module version bumps for /run fc changes from cgzones.	2016-12-22 15:54:46 -05:00
Chris PeBenito	94f7104c22	Merge branch 'run_transition' of git://github.com/cgzones/refpolicy	2016-12-22 15:18:32 -05:00
Chris PeBenito	5d7ed4937d	Module version bump for patches from Guido Trentalancia.	2016-12-18 17:56:17 -05:00
Guido Trentalancia	3c6530cbdd	udev: always enable kernel module loading The udev daemon should be able to load kernel modules not only on systems using systemd but also on systems using former versions of the udev daemon. Signed-off-by: Guido Trentalancia <guido@trentalancia.net>	2016-12-18 17:39:52 -05:00
Guido Trentalancia	89c838db66	udev: manage tmpfs files and directories Update the udev module so that the udev domain can manage tmpfs files and directories. Thanks to Christian Göttsche for pointing out that this only applies to systems not using systemd (v2). Signed-off-by: Guido Trentalancia <guido@trentalancia.net>	2016-12-18 17:39:33 -05:00
cgzones	7d376d7e4d	transition file contexts to /run Remove file context aliases and update file context paths to use the /run filesystem path. Add backward compatibility file context alias for /var/run using applications like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783321 Lock files are still seated at /var/lock	2016-12-17 18:32:39 +01:00

1 2 3 4 5 ...

955 Commits