a8a360c178
devicekit, mount, xserver, and selinuxutil from Russell Coker
...
Allow devicekit_power_t to chat to xdm via dbus and log via syslog.
Allow mount_t to do more with it's runtime files and stat more filesystem
types.
Allow xauth to send sigchld to xdm.
Allow semanage to search policy_src_t dirs and read /dev/urandom.
2017-04-18 21:28:16 -04:00
132cc4b2d5
bootloader from Russell Coker.
...
This patch adds a lot of policy that is needed to setup an initramfs and grub
on Debian nowadays.
Also changed a comment about ia64 to correctly mention EFI.
2017-04-18 20:56:59 -04:00
1720e109a3
Sort capabilities permissions from Russell Coker.
2017-02-15 18:47:33 -05:00
2e7553db63
Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.
2017-02-04 15:19:35 -05:00
69ede859e8
Bump module versions for release.
2017-02-04 13:30:53 -05:00
0fe21742cd
Module version bumps for patches from cgzones.
2017-01-09 20:34:15 -05:00
2526c96a2c
update mount module
...
* rename mount_var_run_t to mount_runtime_t
* delete kernel_read_unlabeled_files(mount_t)
* add selinux_getattr_fs(mount_t)
2017-01-08 14:59:08 +01:00
67c435f1fc
Module version bump for fc updates from Nicolas Iooss.
2016-12-28 14:38:05 -05:00
f850ec37df
Module version bumps for /run fc changes from cgzones.
2016-12-22 15:54:46 -05:00
468185f5f7
Bump module versions for release.
2014-12-03 13:37:38 -05:00
4451a6c497
Module version bump for FUSE fix for mount from Luis Ressel.
2014-08-21 09:53:51 -04:00
6c9f445e55
Grant mount permission to access /dev/fuse
...
This is needed for mounting FUSE-based filesystems like ntfs-3g.
2014-08-21 08:27:02 -04:00
617466b2bd
Module version bump for losetup fixes from Luis Ressel.
2014-08-19 08:45:38 -04:00
10ff4d0fa3
Bump module versions for release.
2014-03-11 08:16:57 -04:00
3501307078
Fix read loopback file interface.
2014-02-08 11:35:57 -05:00
92cd2e251c
Module version bump for loopback file mounting fixes from Luis Ressel.
2014-02-08 10:50:34 -05:00
acf1229dad
Rename mount_read_mount_loopback() to mount_read_loopback_file().
...
Also make kernel block optional since the calls are to a higher layer.
2014-02-08 10:49:47 -05:00
24be4c0096
Allow mount_t usage of /dev/loop-control
...
If loopback devices are not pregenerated (kernel option
CONFIG_BLK_DEV_LOOP_MIN_COUNT=0), mount needs to write to
/dev/loop-control do create them dynamically when needed.
2014-02-08 10:32:45 -05:00
09370605a3
system/mount.if: Add mount_read_mount_loopback interface
2014-02-08 10:32:44 -05:00
3ffc91fff4
Module version bump for ZFS tools fc entries from Matthew Thode.
2014-01-21 08:55:37 -05:00
58db129761
Update modules for file_t merge into unlabeled_t.
2014-01-16 11:24:25 -05:00
e9efb9297f
Module version bump for patch from Laurent Bigonville.
2013-12-20 15:02:24 -05:00
1a01976fc4
Module version bump for first batch of patches from Dominick Grift.
2013-12-02 14:22:29 -05:00
76e595794b
mount: fs_list_auto_mountpoint() is now redundant because autofs_t is covered by files_list_all_mountpoints()
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-12-02 08:27:53 -05:00
57f00181ee
Module version bump for mount updates from Dominick Grift.
2013-09-27 16:54:54 -04:00
85016ae811
mount: sets kernel thread priority mount: mount reads /lib/modules/3.10-2-amd64/modules.dep mount: mount lists all mount points
...
In debian mount was trying to list / on a tmpfs (/run/lock). Since
var_lock_t is a mountpoint type, and so is mnt_t, i decided to implement
a files_list_all_mountpoints() and call that for mount because it makes
sense
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-27 16:50:38 -04:00
d174521a64
Bump module versions for release.
2013-04-24 16:14:52 -04:00
fd569471c3
Module version bump for Debian updates from Laurent Bigonville.
2013-01-23 07:23:52 -05:00
693532ae68
Add mount_var_run_t type and allow mount_t domain to manage the files and directories
...
In Debian, mount store some information (a utab file) under
/var/run/mount directory.
This is inspired by the fedora policy.
2013-01-23 07:11:17 -05:00
140cd7bb6d
Module version bump for various changes from Sven Vermeulen.
2012-09-17 10:00:10 -04:00
9176e86474
Puppet uses mount output for verification
...
Puppet calls mount to obtain the list of mounted file systems, redirecting its
output to a temporary file (labeled puppet_tmp_t). This allows the mount domain
to write to this resource.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-09-17 09:31:32 -04:00
3516535aa6
Bump module versions for release.
2012-07-25 14:33:06 -04:00
b72101a116
Module version bump and changelog for non-auth file attribute to eliminate set expressions, from James Carter.
2012-05-04 09:14:00 -04:00
624e73955d
Changed non-contrib policy to use the new non_auth_file_type interfaces
...
Replaced calls to interfaces allowing access to all files except
auth_file_type files with calls to interfaces allowing access to
non_auth_file_type files.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2012-05-04 08:47:49 -04:00
9e56720a39
Module version bump and changelog for various dontaudits from Sven Vermenulen.
2012-04-20 16:06:54 -04:00
fbac862b89
Adding dontaudits for mount
...
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-04-20 15:44:05 -04:00
f65edd8280
Bump module versions for release.
2012-02-15 14:32:45 -05:00
7d6b1e5889
Module version bump and changelog for role attributes usage.
2011-09-21 09:16:34 -04:00
e6453fa567
Add role attributes to mount.
2011-09-21 08:27:32 -04:00
74aaedde68
Whitespace fixes in rsync, samba, and mount.
2011-09-02 09:55:50 -04:00
aa4dad379b
Module version bump for release.
2011-07-26 08:11:01 -04:00
a29c7b86e1
Module version bump and Changelog for auth file patches from Matthew Ife.
2011-07-18 13:48:05 -04:00
4ff4e1c505
Replace deprecated *_except_shadow macro calls with *_except_auth_files calls.
2011-07-18 13:40:38 -04:00
17910a2a8c
Module version bump and changelog for mount fixes from Harry Ciao.
2011-01-10 10:23:04 -05:00
a2307ca2b9
Move module request line in mount.
2011-01-10 10:22:05 -05:00
4d8e9ffcb3
Make mount_t able to request loading kernel module.
...
Make the mount domain able to request kernel to load a kernel module.
Otherwise the binfmt_misc kernel module won't be properly loaded
during system booting up.
type=1400 audit(1292850971.104:4): avc: denied { module_request } for pid=87 comm="mount" kmod="devtmpfs" scontext=system_u:system_r:mount_t:s0-s15:c0.c1023 tcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=system
type=1400 audit(1292851024.844:13): avc: denied { module_request } for pid=409 comm="mount" kmod="binfmt_misc" scontext=system_u:system_r:mount_t:s0-s15:c0.c1023 tcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=system
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2011-01-10 10:20:21 -05:00
826d014241
Bump module versions for release.
2010-12-13 09:12:22 -05:00
52f38d23c9
Module version bump for Chris Richards' mount patchset.
2010-11-11 09:48:01 -05:00
66ef236c90
Minor fixes for Chris Richards' mount patchset.
2010-11-11 09:47:37 -05:00
a861c7c6fd
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:20 -05:00
Chris PeBenito
cgzones
Chris PeBenito
Luis Ressel
Chris PeBenito
Dominick Grift
Laurent Bigonville
Sven Vermeulen
James Carter
Matthew Ife
Harry Ciao
Chris Richards