Commit Graph

45 Commits

Author SHA1 Message Date
Chris PeBenito 160d08f3ae systemd-resolvd, sessions, and tmpfiles take2
I believe that I have addressed all the issues Chris raised, so here's a newer
version of the patch which applies to today's git version.

Description: systemd-resolved, sessions, and tmpfiles patches
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-03-26
2017-03-28 18:51:35 -04:00
cgzones d2702a4224 corecmd_read_bin_symlinks(): remove deprecated and redundant calls 2017-03-03 12:00:07 +01:00
Chris PeBenito 2087bde934 Systemd fixes from Russell Coker. 2017-02-23 20:03:23 -05:00
Chris PeBenito 1720e109a3 Sort capabilities permissions from Russell Coker. 2017-02-15 18:47:33 -05:00
cgzones d8cb498284 remove trailing whitespaces 2016-12-06 13:45:13 +01:00
Chris PeBenito f7286189b3 Add systemd units for core refpolicy services.
Only for services that already have a named init script.

Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
2015-10-23 10:17:46 -04:00
Chris PeBenito 3639880cf6 Implement core systemd policy.
Significant contributions from the Tresys CLIP team.

Other changes from Laurent Bigonville.
2015-10-23 10:16:59 -04:00
Jason Zaman a324fab096 logging: use init_startstop_service in _admin interface
The logging_admin interfaces had rules for RedHat sysvinit. This
replaces them with the interface init_startstop_service which can
easily be changed for other init systems.
2015-05-27 14:37:40 -04:00
Chris PeBenito 47fa454784 /dev/log symlinks are not labeled devlog_t.
Drop rule; if /dev/log is a symlink, it should be device_t.
2014-09-12 14:25:01 -04:00
Nicolas Iooss ae4d07c8a8 Support logging with /run/systemd/journal/dev-log
In June 2014 systemd moved the socket used by journald to /run.  This
requires two new directory search access for every domain sending syslog
messages:

* /run/systemd/ (handled by init_search_run)
* /run/systemd/journal/ (labeled syslogd_var_run_t)

systemd commit:
http://cgit.freedesktop.org/systemd/systemd/commit/units/systemd-journald-dev-log.socket?id=03ee5c38cb0da193dd08733fb4c0c2809cee6a99
2014-09-12 09:50:48 -04:00
Chris PeBenito d29f5d4e72 Rename logging_search_all_log_dirs to logging_search_all_logs 2012-10-30 13:27:10 -04:00
Sven Vermeulen c239a20504 Introduce logging_search_all_log_dirs interface
Support the logging_search_all_log_dirs interface for applications such as
fail2ban-client, who scan through log directories.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-10-30 13:25:23 -04:00
Sven Vermeulen 48e8c08717 Introduce logging_getattr_all_logs interface
Support the logging_getattr_all_logs interface, which will be used by
applications responsible for reviewing the state of log files (without needing
to read them), such as the fail2ban-client application.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-10-30 13:25:07 -04:00
Chris PeBenito 4f24b1841c Add optional name for kernel and system filetrans interfaces. 2012-05-10 09:53:45 -04:00
Chris PeBenito 127d617b31 Pull in some changes from Fedora policy system layer. 2011-04-14 11:36:56 -04:00
Dominick Grift a0546c9d1c System layer xml fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:55 -04:00
Chris PeBenito a7ee7f819a Docs standardizing on the role portion of run interfaces. Additional docs cleanup. 2010-08-03 09:20:22 -04:00
Chris PeBenito 7a8807b627 Logging patch from Dan Walsh. 2010-03-17 14:40:06 -04:00
Chris PeBenito 5fb5bf2686 Additional docs for logging_log_filetrans(). 2010-03-01 10:38:24 -05:00
Chris PeBenito 45185c0783 Improve the documentation of logging_log_file() and logging_log_filetrans(). 2010-02-26 09:34:41 -05:00
Chris PeBenito 6e48775f75 Improve documentation on logging_send_syslog_msg(). 2010-02-24 15:56:05 -05:00
Chris PeBenito 2f84a77d22 Syslog fixes from Gentoo. 2010-02-17 20:33:53 -05:00
Chris PeBenito fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Chris PeBenito 3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito ff8f0a63f4 trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
Chris PeBenito 7a4c282536 trunk: fix logging admin interfaces. 2008-11-14 13:53:21 +00:00
Chris PeBenito 296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito 0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito 06099da657 trunk: 3 patches from dan. 2008-10-09 18:06:24 +00:00
Chris PeBenito cfafe4a7a8 trunk: logging update from dan. 2008-09-18 13:20:57 +00:00
Chris PeBenito 96851b1d63 trunk: fix bad require. 2008-09-03 15:37:24 +00:00
Chris PeBenito e40fa634b2 trunk: Logrotate and Bind updates from Vaclav Ovsik. 2008-09-03 14:12:56 +00:00
Chris PeBenito c11057f7ae trunk: fedora update cherry picked by david hardeman. 2008-08-22 15:17:01 +00:00
Chris PeBenito 8f3a0a95e0 trunk: a pile of misc fixes, mainly sync xml docs with interface implementation. 2008-05-15 13:10:34 +00:00
Chris PeBenito 1abafe3707 trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. 2007-12-12 16:18:50 +00:00
Chris PeBenito eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito 14add30d03 trunk: 3 patches from dan. 2007-09-12 14:53:39 +00:00
Chris PeBenito 0a0b8078ca trunk: 5 patches from dan. 2007-09-04 18:57:58 +00:00
Chris PeBenito d5b81a81ff trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). 2007-06-12 18:46:14 +00:00
Chris PeBenito 8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito bbcd3c97dd add main part of role-o-matic 2006-09-06 22:07:25 +00:00
Chris PeBenito a5e2133bc8 patch from dan Wed, 23 Aug 2006 14:03:49 -0400 2006-08-29 02:41:00 +00:00
Chris PeBenito 46551033aa patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00
Chris PeBenito 17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00