Commit Graph

1682 Commits

Author SHA1 Message Date
Chris PeBenito 4d91cc95c7 Module version bump and Changelog for asterisk admin updates from Sven Vermeulen. 2011-10-25 09:43:13 -04:00
Sven Vermeulen ecf83667ab Allow sysadm to interact with asterisk
When administering asterisk, one often ran command is "asterisk -r"
which yields the asterisk CLI (when the asterisk server is running). To
be able to run this, you need asterisk_stream_connect privileges.

Assign these privileges to the sysadm_r

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-10-25 09:40:12 -04:00
Chris PeBenito 6b63ed7481 Remove deprecated permission sets.
These were deprecated on or around October 9, 2007.
2011-10-14 10:24:18 -04:00
Chris PeBenito dd49083624 Remove deprecated send_audit_msgs_pattern().
This was deprecated June 12, 2007.
2011-10-14 10:23:05 -04:00
Chris PeBenito b928020970 Remove deprecated optional_policy usage.
This was deprecated July 25, 2006.
2011-10-14 10:22:16 -04:00
Chris PeBenito d1af485661 Remove rolemap and per-role template support.
This support was deprecated and unused in Reference Policy November 5 2008.
2011-10-14 08:52:21 -04:00
Chris PeBenito 332c3a5fc4 Fix corenetwork port declaration to choose either reserved or unreserved.
This changes the port declarations for cases where a type is used for
ports above and below 1024.  The old code would give both the reserved
and unreserved port attribute.  This new code only gives the reserved
port attribute.
2011-10-04 15:31:08 -04:00
Chris PeBenito 7b98e4f436 Clean up stale TODOs. 2011-09-26 11:51:47 -04:00
Chris PeBenito 8e94109c52 Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions. 2011-09-26 10:44:27 -04:00
Chris PeBenito aecd12c7b0 Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
Chris PeBenito 7d6b1e5889 Module version bump and changelog for role attributes usage. 2011-09-21 09:16:34 -04:00
Chris PeBenito af1f9606c3 Add role attributes to usermanage. 2011-09-21 08:30:54 -04:00
Chris PeBenito 26761b31cd Add role attributes to bootloader. 2011-09-21 08:27:40 -04:00
Chris PeBenito f9145eae44 Add role attributes to dhcpc. 2011-09-21 08:27:37 -04:00
Chris PeBenito 08cf443ff6 Add role attributes in newrole and run_init. 2011-09-21 08:27:34 -04:00
Chris PeBenito e6453fa567 Add role attributes to mount. 2011-09-21 08:27:32 -04:00
Chris PeBenito d3cca4f927 Add role attributes to update_modules in modutils. 2011-09-21 08:27:28 -04:00
Chris PeBenito a858f08e5b Add role attributes in iptables. 2011-09-21 08:27:24 -04:00
Chris PeBenito e3a043d18d Convert selinuxutil over to role attributes for semanage. 2011-09-21 08:26:58 -04:00
Chris PeBenito dfec2ce3a9 Opendkim self signal patch from Paul Howarth. 2011-09-20 10:17:22 -04:00
Chris PeBenito bf8592ee42 Module version bump and changelog for milter ports patch from Paul Howarth. 2011-09-20 09:49:48 -04:00
Paul Howarth d27a504b0e Add milter_port_t
Add a milter_port_t for use with inet sockets for communication
between milters and MTAs.

There are no defined ports with this type: admins are expected
to use semanage to specify the ports being used for milters.
2011-09-20 09:24:58 -04:00
Chris PeBenito 99a34d527e eparate portage fetch rules out of portage_run() and portage_domtrans() from Sven Vermeulen. 2011-09-14 12:48:13 -04:00
Chris PeBenito 370081cc60 Remove stray "A" from unconfined. 2011-09-14 12:46:56 -04:00
Sven Vermeulen 017b505110 Allow unconfined users to call portage features
The unconfined user is currently not allowed to call portage-related
functions. However, in a targeted system (with unconfined domains
enabled), users (including administrators) should be allowed to
transition to the portage domain.

We position the portage-related calls outside the "ifdef(distro_gentoo)"
as other distributions support Portage as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-14 12:33:11 -04:00
Sven Vermeulen c94b5e3d18 Allow sysadm_t to call all portage related services
The system administrator (in sysadm_t) is the only "user" domain that is
allowed to call portage-related services. So it also gains the privilege
to execute portage tree management functions (and as such transition to
portage_fetch_t).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-14 12:33:07 -04:00
Chris PeBenito a108d9db60 Enhance corenetwork network_port() macro to support ports that do not have a well defined port number, such as stunnel. 2011-09-14 12:17:22 -04:00
Chris PeBenito eb6591ff84 Opendkim support in dkim module from Paul Howarth. 2011-09-14 10:06:32 -04:00
Chris PeBenito 82ee50ac21 Wireshark updates from Sven Vermeulen. 2011-09-14 09:00:39 -04:00
Chris PeBenito 1c5dacd2c0 Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod.
Based on a patch from Dan Walsh.
2011-09-13 14:45:14 -04:00
Chris PeBenito f718181930 Module version bump for semanage permissive mode feature support. 2011-09-13 12:43:37 -04:00
Sven Vermeulen f12ebf31e2 Support semanage permissive mode
The semanage application supports a "semanage permissive" feature,
allowing certain domains to be marked for running permissive (rather
than the entire system).

To support this feature, we introduce a semanage_var_lib_t type for the
location where semanage will keep its permissive_<domain>.* files, and
allow semanage_t to work with fifo_files (needed for the command to
work).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-13 12:36:48 -04:00
Chris PeBenito b7e70f900f Add contrib submodule. 2011-09-09 10:26:58 -04:00
Chris PeBenito 09248fa0db Move modules to contrib submodule. 2011-09-09 10:10:03 -04:00
Chris PeBenito f07bc3f973 Module version and changelog for openrc and portage updates from Sven Vermeulen. 2011-09-06 14:02:12 -04:00
Chris PeBenito 6cd8334d12 Whitespace fixes in portage and init. 2011-09-06 14:00:58 -04:00
Chris PeBenito ad3ed86a72 Rearrange lines in portage.te. 2011-09-06 13:59:36 -04:00
Chris PeBenito ca4d39d31c Rename init_rc_exec() to init_exec_rc(). 2011-09-06 13:58:04 -04:00
Sven Vermeulen 9bcb813b57 Allow cron to execute portage commands
Many users use portage from within cron (for instance to update the
portage tree or even automatically update their system). As such, we
allow to run portage from the (system) cronjob domains.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:23:14 -04:00
Sven Vermeulen 49f1631fc0 Allow portage to call gpg
We allow portage to call gpg. However, this requires that the location
where the trustdb is stored is marked as a read/write type. The default
location used within Gentoo is /etc/portage/gpg, which would lead to
portage_conf_t. However, this type should remain a read-only type.

As such, we introduce a type called portage_gpg_t for this location and
grant portage_fetch_t the necessary rights on this type.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:23:07 -04:00
Sven Vermeulen 3274da931e Introduce gpg_exec interface
Some applications might want to execute gpg without requiring a
transition. A possible use case is to allow applications to validate
signatures (made by GnuPG). As long as the application doesn't need to
generate signatures itself and its trustdb is not marked as
gpg_secret_t, it suffices to grant it gpg_exec().

Note that it does require the application to have read/write rights in
the directory where the trustdb is stored (as gpg tries to generate lock
files where the trustdb file is located).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:59 -04:00
Sven Vermeulen 356c704f4d Introduce portage_fetch_t as an application domain
Enhance portage_fetch_t from an application type to a domain. Introduce
the proper portage_fetch_exec_t and add the necessary privileges to the
domain definition to allow portage_fetch_t to be used by Portage
management utilities like layman and emerge-webrsync.

We enhance portage_domtrans() to include portage_fetch_t support.
Providing a different interface (portage_fetch_domtrans) is possible
too, but since every application and role that needs to deal with
portage needs to deal with the fetching as well, and vice versa, we keep
this in portage_domtrans.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:52 -04:00
Sven Vermeulen 706d503e5b Allow the sysadm domain to execute rc
The /sbin/rc binary is used by the system administrator to manage
runlevels (add/delete), check runlevel state, etc. all which do not
require a transition to occur. Hence the /sbin/rc (now labeled
rc_exec_t) is allowed to be executed without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:44 -04:00
Sven Vermeulen c5cbefb892 Gentoo integrated run_init support re-executes rc
When an init script is launched, Gentoo's integrated run_init support
will re-execute /sbin/rc (an all-in-one binary) for various functions.
The run_init_t domain here should not be allowed to transition yet, so
we allow it to execute /sbin/rc without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:37 -04:00
Sven Vermeulen 032b62f2ed Allow gcc-config to execute rc
The gcc-config application uses some functions (from
/etc/init.d/functions.sh) which are simple wrappers on top of
/sbin/rc. Since this script is sourced and the functions executed
from within gcc_config_t, we allow gcc-config to execute /sbin/rc
without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:31 -04:00
Sven Vermeulen bce639cff4 Introduce rc_exec_t as file entry for initrc_t
Within Gentoo, the init system (openrc) uses a single binary (/sbin/rc)
for all its functions, be it executing init scripts, managing runlevels,
checking state, etc. This binary is not allowed to be labeled
initrc_exec_t as that would trigger domain transitions where this isn't
necessary (or even allowed).

A suggested solution is to use a separate type declaration for /sbin/rc
(rc_exec_t) which transitions where necessary.

This patch includes support for the /sbin/rc rc_exec_t type and declares
the init_rc_exec() interface which allows domains to execute the binary
without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:22 -04:00
Chris PeBenito 8ee51235f6 Allow user and role changes on dynamic transitions with the same constraints as regular transitions. 2011-09-02 09:59:26 -04:00
Chris PeBenito 74aaedde68 Whitespace fixes in rsync, samba, and mount. 2011-09-02 09:55:50 -04:00
Chris PeBenito c7c9e0e04d Whitespace fix in unprivuser. 2011-09-02 09:20:54 -04:00
Chris PeBenito 102f084d96 New git service features from Dominick Grift.
* git user sessions
* repositories on CIFS/NFS
* inetd service
2011-09-02 09:20:23 -04:00