efa32d9b56
Remove deprecated interfaces older than one year old.
...
Additionally one deprecated attribute removed.
2017-08-06 17:03:17 -04:00
10388e1319
auth: Move optional out of auth_use_pam_systemd() to callers.
2017-02-26 12:08:02 -05:00
2170c65ad9
Merge branch 'su_module' of git://github.com/cgzones/refpolicy
2017-02-26 11:48:37 -05:00
2087bde934
Systemd fixes from Russell Coker.
2017-02-23 20:03:23 -05:00
4d413fd0cb
authlogin: introduce auth_use_pam_systemd
...
add special interface for pam_systemd module permissions
2017-02-18 21:50:45 +01:00
edf4f0a313
authlogin: indentation/whitespace fix
...
Indentation/whitespace fix for one authlogin interface.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
2016-12-15 19:19:17 -05:00
3639880cf6
Implement core systemd policy.
...
Significant contributions from the Tresys CLIP team.
Other changes from Laurent Bigonville.
2015-10-23 10:16:59 -04:00
f0ebf14176
Add auth_pid_filetrans_pam_var_run
2014-12-02 09:16:05 -05:00
98fbab18f1
authlogin.if: Add auth_create_pam_console_data_dirs and auth_pid_filetrans_pam_var_console interfaces
...
On Debian /var/run/console directory might be created by consolekit, we
need these new interfaces to achieve this.
2012-12-07 00:27:38 -05:00
0805dd800c
Changes to various policy modules
...
pcscd_read_pub_files is deprecated use pcscd_read_pid_files instead
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2012-10-19 08:59:22 -04:00
330b13a4a2
nss_domain attribute patch 1, Miroslav Grepl
2012-07-10 08:43:31 -04:00
8959338324
Change interfaces in authlogin.if to use new interfaces in files.if
...
Changed all interfaces that used auth_file_type to call the new
corresponding interface in files.if.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2012-05-04 08:47:42 -04:00
a4912ae653
Whitespace fix in authlogin.if.
2011-07-18 13:46:18 -04:00
61fb2009ad
Create a new attribute for auth_file types. Add shadow as an auth_file type. Add new interfaces to manage auth_file types Deprecate *_except_shadow macros in favour of *_except_auth_files
2011-07-18 13:40:37 -04:00
1bc5de22c0
Start pulling in pieces of Fedora policy in system layer.
2011-03-31 13:29:59 -04:00
9262d3c958
Whitespace fixes in authlogin.
2011-02-28 09:22:26 -05:00
8340621920
Implement miscfiles_cert_type().
...
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.
Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-10 11:05:46 -04:00
a0546c9d1c
System layer xml fixes.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:55 -04:00
153ed8751a
Authlogin patch from Dan Walsh.
2010-03-18 08:59:25 -04:00
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
d24a7df15c
Improve the documentation of auth_use_nsswitch().
2010-03-03 10:37:37 -05:00
03dd57fe7b
Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
aadcb968f9
Move netlink route sockets from nsswitch to DNS name resolve.
2010-02-17 20:28:59 -05:00
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
30425aa876
trunk: 1 patch from dan.
2009-06-12 15:30:15 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
932c3536f8
trunk: additional open fixes.
2008-11-04 14:37:05 +00:00
82d2775c92
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
7cbfeb97cf
trunk: uncomment set loginuid for functional login programs under strict.
2008-01-03 18:30:45 +00:00
6138d3da0e
trunk: test fix for newrole.
2007-11-28 18:39:47 +00:00
7d4161cdc9
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
d46cfe45cd
trunk: add application module
2007-07-19 18:57:48 +00:00
d5b81a81ff
trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern().
2007-06-12 18:46:14 +00:00
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
d9845ae92a
patch from dan Tue, 24 Oct 2006 11:00:28 -0400
2006-10-31 21:01:48 +00:00
e070dd2df0
- Move range transitions to modules.
...
- Make number of MLS sensitivities, and number of MLS and MCS
categories configurable as build options.
2006-10-04 17:25:34 +00:00
bbcd3c97dd
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
98de871cee
more strict testing fixes
2006-08-23 19:36:04 +00:00
3ef029db7c
add nscd_socket_use() to auth_use_nsswitch() since it caches nss lookups.
2006-08-22 19:37:56 +00:00
ba1a545fb3
cleanup in authlogin
2006-08-17 15:35:14 +00:00
4b3b46d7ef
add authlogin interface to abstract common login program perms
2006-07-31 22:26:59 +00:00
da9bbc655a
fix up audit message perms now that audit_write denials are being audited by the kernel.
2006-07-13 17:22:08 +00:00
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00
Chris PeBenito
cgzones
Guido Trentalancia
Chris PeBenito
Sven Vermeulen
Laurent Bigonville
Dominick Grift
James Carter
Matthew Ife
Dominick Grift
Chris PeBenito