RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,964 Commits 3 Branches 49 Tags 18 MiB
Commit Graph

47 Commits

Author SHA1 Message Date
Chris PeBenito a38c3be208 Module version bump for updated netlink sockets from Stephen Smalley 2015-05-22 08:38:53 -04:00
Stephen Smalley 58b3029576 Update netlink socket classes. 
Define new netlink socket security classes introduced by kernel commit
223ae516404a7a65f09e79a1c0291521c233336e.

Note that this does not remove the long-since obsolete
netlink_firewall_socket and netlink_ip6_fw_socket classes
from refpolicy in case they are still needed for legacy
distribution policies.

Add the new socket classes to socket_class_set.
Update ubac and mls constraints for the new socket classes.
Add allow rules for a few specific known cases (netutils, iptables,
netlabel, ifconfig, udev) in core policy that require access.
Further refinement for the contrib tree will be needed.  Any allow
rule previously written on :netlink_socket may need to be rewritten or
duplicated for one of the more specific classes.  For now, we retain the
existing :netlink_socket rules for compatibility on older kernels.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2015-05-22 08:29:03 -04:00
Chris PeBenito 10ff4d0fa3 Bump module versions for release. 2014-03-11 08:16:57 -04:00
Chris PeBenito b339b85001 Module version bump for patches from Dominick Grift. 2013-12-06 09:49:41 -05:00
Dominick Grift e784e78825 iptables: calls to firewalld interfaces from Fedora. The firewalld_dontaudit_rw_tmp_files(iptables_t) was confirmed on Debian. 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2013-12-06 08:16:49 -05:00
Chris PeBenito d174521a64 Bump module versions for release. 2013-04-24 16:14:52 -04:00
Chris PeBenito f1aa23dc47 Add conntrack fc entry. 
This tool is for maintaining the netfilter connection tracking.
 2013-04-05 09:45:04 -04:00
Chris PeBenito f11752ff60 Module version bump for iptables fc entry from Sven Vermeulen and inn log from Dominick Grift. 2012-11-27 08:53:57 -05:00
Chris PeBenito f65edd8280 Bump module versions for release. 2012-02-15 14:32:45 -05:00
Chris PeBenito 7d6b1e5889 Module version bump and changelog for role attributes usage. 2011-09-21 09:16:34 -04:00
Chris PeBenito a858f08e5b Add role attributes in iptables. 2011-09-21 08:27:24 -04:00
Chris PeBenito 003361c264 Module version bump for xtables-multi patch from Sven Vermeulen. 2011-08-24 08:55:00 -04:00
Chris PeBenito aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito 127d617b31 Pull in some changes from Fedora policy system layer. 2011-04-14 11:36:56 -04:00
Chris PeBenito 1ca577db8c Shorewall patch from Miroslav Grepl. 2011-03-21 09:42:12 -04:00
Chris PeBenito 48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito 29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito 4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito 7491a9ed62 Iptables and modutils patches from Dan Walsh. 2009-12-01 09:23:11 -05:00
Chris PeBenito ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito 625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito 9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito 3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito 09125ae411 trunk: module version bump for previous commit. 2009-04-03 14:15:53 +00:00
Chris PeBenito d6605bc48b trunk: 3 patches from dan. 2009-04-03 14:14:43 +00:00
Chris PeBenito 17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito 296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito 2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito 5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito 770c015f88 trunk: 2 patches from dan. 2008-08-14 15:10:41 +00:00
Chris PeBenito 9acf481bd0 trunk: fix from fedora policy, cherry picked from David Hardeman. 2008-08-12 19:52:29 +00:00
Chris PeBenito f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito 12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito 350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito 3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito 8d2c34195e trunk: updates from dan on 9 modules 2007-08-22 20:02:41 +00:00
Chris PeBenito f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito 116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito 6649aec9d0 trunk: 3 patches from dan 2007-06-11 15:43:37 +00:00
Chris PeBenito 0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito 9e8f65c83e six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed 2007-03-26 20:47:29 +00:00
Chris PeBenito 6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito 42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito 17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00