Commit Graph

346 Commits

Author SHA1 Message Date
Chris PeBenito 8e94109c52 Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions. 2011-09-26 10:44:27 -04:00
Chris PeBenito aecd12c7b0 Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
Chris PeBenito bf8592ee42 Module version bump and changelog for milter ports patch from Paul Howarth. 2011-09-20 09:49:48 -04:00
Paul Howarth d27a504b0e Add milter_port_t
Add a milter_port_t for use with inet sockets for communication
between milters and MTAs.

There are no defined ports with this type: admins are expected
to use semanage to specify the ports being used for milters.
2011-09-20 09:24:58 -04:00
Chris PeBenito a108d9db60 Enhance corenetwork network_port() macro to support ports that do not have a well defined port number, such as stunnel. 2011-09-14 12:17:22 -04:00
Chris PeBenito 1c5dacd2c0 Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod.
Based on a patch from Dan Walsh.
2011-09-13 14:45:14 -04:00
Chris PeBenito ec70a331ff Corenetwork policy size optimization from Dan Walsh. 2011-08-26 09:03:25 -04:00
Chris PeBenito 5802e169eb Module version bump for xfce bin file contexts patch from Sven Vermeulen. 2011-08-24 09:08:16 -04:00
Chris PeBenito a83b53041e Rearrange xfce corecommands fc entries. 2011-08-24 09:07:34 -04:00
Sven Vermeulen 7901eb059b Update file contexts for xfce4 helper applications
Many XFCE4 helper applications are located in /usr/lib locations. This patch
marks those helpers as bin_t.

Recursively marking the directories bin_t does not work properly as these
locations also contain actual libraries.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-08-24 08:56:47 -04:00
Chris PeBenito f7a845fcca Module version bump for udp_socket listen dontaudit for all domains. 2011-08-23 08:29:03 -04:00
Chris PeBenito ec280b3209 Silence spurious udp_socket listen denials. 2011-08-23 08:21:40 -04:00
Chris PeBenito aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito 6e742c4c63 Module version bump for NFS over TCP patchset. 2011-07-22 07:18:13 -04:00
Sven Vermeulen bdc0c3985b Allow kernel to access NFS/RPC TCP
Allow kernel_t to access the nfsd_t' tcp_sockets.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-07-22 07:03:51 -04:00
Chris PeBenito b594647caf Fix missing requires in /var/run and /var/lock symlink patch. 2011-07-18 14:12:07 -04:00
Chris PeBenito a29c7b86e1 Module version bump and Changelog for auth file patches from Matthew Ife. 2011-07-18 13:48:05 -04:00
Matthew Ife 4ff4e1c505 Replace deprecated *_except_shadow macro calls with *_except_auth_files calls. 2011-07-18 13:40:38 -04:00
Chris PeBenito edfe67fd15 Relocated /var/run and /var/lock from Martin Orr.
Add read_lnk_file_perms to all interfaces giving access to var_run_t and
var_lock_t.

This is needed as on Debian /var/run and /var/lock are now symlinks to
/run and /run/lock.
2011-07-18 13:33:22 -04:00
Chris PeBenito ccf8bdea90 Add agent support to zabbix from Sven Vermeulen. 2011-06-15 14:11:14 -04:00
Sven Vermeulen 80b95df00a Zabbix agent binds on its own port, connects to zabbix server
The zabbix agent has its own dedicated port (10050) on which it needs to
bind/listen.

Also, the agent connects to the server so we add the zabbix_tcp_connect
interface (shamelessly copied from mysql_tcp_connect) and use it for the
zabbix_agent_t domain.

Update: structure interface calls more closely to styleguide

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-06-15 13:41:03 -04:00
Sven Vermeulen 5b17d3e7d6 Define zabbix port and allow server to listen/bind on it
The zabbix server uses a dedicated port (10051). We define it and allow the
zabbix server to bind/listen on it.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-06-15 13:40:54 -04:00
Chris PeBenito 003dbe0c66 Cyrus file context update for Gentoo from Corentin Labbe. 2011-06-08 08:51:55 -04:00
Chris PeBenito 8c3e30f913 Module version bump and changelog for Fedora modules. 2011-05-24 09:12:43 -04:00
Chris PeBenito af82a77675 Add zarafa from Fedora. 2011-05-24 09:11:56 -04:00
Chris PeBenito d2defd81e3 Add telepathy from Fedora. 2011-05-20 10:16:09 -04:00
Chris PeBenito 8630e36c5c Add mpd from Fedora. 2011-05-19 09:56:59 -04:00
Chris PeBenito d90a1aab54 Add aiccu from Fedora. 2011-05-19 09:09:09 -04:00
Chris PeBenito 9ec9808df5 Pull in cgroup changes from Fedora policy, in particular to handle systemd usage. 2011-04-29 13:22:47 -04:00
Chris PeBenito cca4b7e619 Fix ring buffer rules capability2 usage. 2011-04-18 13:06:31 -04:00
Chris PeBenito 5e8cdeab27 Rearrange and whitespace fix filesystem.fc. 2011-04-14 10:17:18 -04:00
Chris PeBenito e541d13ae5 Pull in additional kernel layer Fedora policy changes. 2011-04-14 10:05:56 -04:00
Chris PeBenito ed17ee5394 Pull in additional changes in kernel layer from Fedora. 2011-03-31 09:49:01 -04:00
Chris PeBenito 22633ec985 Whitespace fix in filesystem. 2011-03-31 08:55:05 -04:00
Chris PeBenito f940ca9db6 Remove eventpollfs_t.
Eventpollfs was changed to task SID in 2006.  Remove the dead type.
2011-03-31 08:52:07 -04:00
Chris PeBenito 0de0ea5c9e Start pulling in kernel layer pieces from Fedora. 2011-03-29 10:33:43 -04:00
Chris PeBenito e6394e5f0e Pull in devices changes from Fedora. 2011-03-07 10:47:09 -05:00
Chris PeBenito dba659b832 Remove unnecessary etc_runtime_t labeling. 2011-03-04 09:00:25 -05:00
Guido Trentalancia 1f93f1fa8c patch to fix a typo in the files module
This patch fixes a typo in the description of kernel files
interfaces.
2011-02-22 11:07:03 -05:00
Chris PeBenito 3139988506 Module version bump and changelog for Xen refinement patch from Stephen Smalley. 2011-02-15 13:48:04 -05:00
Stephen Smalley 14d23ee979 Refine xen policy
Various changes to the Xen userspace policy, including:
- Add gntdev and gntalloc device node labeling.
- Create separate domains for blktap and qemu-dm rather than leaving them in xend_t.
- No need to allow xen userspace to create its own device nodes anymore;
this is handled automatically by the kernel/udev.
- No need to allow xen userspace access to generic raw storage; even if
using dedicated partitions/LVs for disk images, you can just label them
with xen_image_t.

The blktap and qemu-dm domains are stubs and will likely need to be
further expanded, but they should definitely not be left in xend_t.  Not
sure if I should try to use qemu_domain_template() instead for qemu-dm,
but I don't see any current users of that template (qemu_t uses
virt_domain_template instead), and qemu-dm has specific interactions
with Xen.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
2011-02-15 12:59:13 -05:00
Stephen Smalley 5319bbf1c3 Add TSS Core Services (TCS) daemon (tcsd) policy
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2011-02-07 08:36:43 -05:00
Chris PeBenito 640df09275 Add syslog capability. 2011-01-19 14:11:00 -05:00
Chris PeBenito 8d46bd3017 Module version bump and changelog for /dev/console login from Harry Ciao. 2011-01-14 14:41:15 -05:00
Chris PeBenito dedbfa4f97 Rename allow_console tunable to console_login. 2011-01-14 11:44:42 -05:00
Harry Ciao fc1ef4ac3b Enable login from /dev/console.
Add the support to login and use the system from /dev/console.

 1. Make gettty_t able to use the /dev/console;
 2. Make local_login_t able to relabel /dev/console to user tty types;
 3. Provide the type_change rule for relabeling /dev/console.

All above supports are controlled by the allow_console tunable.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2011-01-14 11:23:19 -05:00
Chris PeBenito 54e9d3ca75 Module version bump and changelog for KaiGai's database object classes patch. 2011-01-14 10:35:52 -05:00
KaiGai Kohei 82c32d5cf4 New database object classes
The attached patch adds a few database object classes, as follows:

* db_schema
------------
A schema object performs as a namespace in database; similar to
directories in filesystem.
It seems some of (but not all) database objects are stored within
a certain schema logically. We can qualify these objects using
schema name. For example, a table: "my_tbl" within a schema: "my_scm"
is identified by "my_scm.my_tbl". This table is completely different
from "your_scm.my_tbl" that it a table within a schema: "your_scm".
Its characteristics is similar to a directory in filesystem, so
it has similar permissions.
The 'search' controls to resolve object name within a schema.
The 'add_name' and 'remove_name' controls to add/remove an object
to/from a schema.
See also,
  http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html

In the past discussion, a rubix folks concerned about no object
class definition for schema and catalog which is an upper level
namespace. Since I'm not certain whether we have a disadvantage
when 'db_schema' class is applied on catalog class, I don't add
this definition yet.

Default security context of 'db_table' and 'db_procedure' classes
get being computed using type_transition with 'db_schema' class,
instead of 'db_database' class. It reflects logical hierarchy of
database object more correctly.

* db_view
----------
A view object performs as a virtual table. We can run SELECT
statement on views, although it has no physical entities.
The definition of views are expanded in run-time, so it allows
us to describe complex queries with keeping readability.
This object class uniquely provides 'expand' permission that
controls whether user can expand this view, or not.
The default security context shall be computed by type transition
rule with a schema object that owning the view.

See also,
  http://developer.postgresql.org/pgdocs/postgres/sql-createview.html

* db_sequence
--------------
A sequence object is a sequential number generator.
This object class uniquely provides 'get_value', 'next_value' and
'set_value' permissions. The 'get_value' controls to reference the
sequence object. The 'next_value' controls to fetch and increment
the value of sequence object. The 'set_value' controls to set
an arbitrary value.
The default security context shall be computed by type transition
rule with a schema object that owning the sequence.

See also,
  http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html

* db_language
--------------
A language object is an installed engine to execute procedures.
PostgreSQL supports to define SQL procedures using regular script
languages; such as Perl, Tcl, not only SQL or binary modules.
In addition, v9.0 or later supports DO statement. It allows us to
execute a script statement on server side without defining a SQL
procedure. It requires to control whether user can execute DO
statement on this language, or not.
This object class uniquely provides 'implement' and 'execute'
permissions. The 'implement' controls whether a procedure can
be implemented with this language, or not. So, it takes security
context of the procedure as subject. The 'execute' controls to
execute code block using DO statement.
The default security context shall be computed by type transition
rule with a database object, because it is not owned by a certain
schema.

In the default policy, we provide two types: 'sepgsql_lang_t' and
'sepgsql_safe_lang_t' that allows unpriv users to execute DO
statement. The default is 'sepgsql_leng_t'.
We assume newly installed language may be harm, so DBA has to relabel
it explicitly, if he want user defined procedures using the language.

See also,
  http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html
  http://developer.postgresql.org/pgdocs/postgres/sql-do.html

P.S)
I found a bug in MCS. It didn't constraint 'relabelfrom' permission
of 'db_procedure' class. IIRC, I fixed it before, but it might be
only MLS side. Sorry.

Thanks,
--
KaiGai Kohei <kaigai@ak.jp.nec.com>

 policy/flask/access_vectors           |   29 ++++++++
 policy/flask/security_classes         |    6 ++
 policy/mcs                            |   16 ++++-
 policy/mls                            |   58 ++++++++++++++-
 policy/modules/kernel/kernel.if       |    8 ++
 policy/modules/services/postgresql.if |  125 +++++++++++++++++++++++++++++++--
 policy/modules/services/postgresql.te |  116 +++++++++++++++++++++++++++++-
 7 files changed, 342 insertions(+), 16 deletions(-)
2011-01-14 10:02:50 -05:00
Chris PeBenito 4f6f347d4c Module version bump and changelog for hadoop ipsec patch from Paul Nuzzi. 2011-01-13 13:50:47 -05:00
Chris PeBenito 530ad6fc6a Whitespace fixes in corenetwork and ipsec. 2011-01-13 13:37:04 -05:00