RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,347 Commits 3 Branches 49 Tags 19 MiB
Commit Graph

278 Commits

Author SHA1 Message Date
Chris PeBenito 7491a9ed62 Iptables and modutils patches from Dan Walsh. 2009-12-01 09:23:11 -05:00
Chris PeBenito 0cad9a734e RAID patch from Dan Walsh. 2009-11-25 11:17:19 -05:00
Chris PeBenito 77c71b54e5 Fstools and Xen patches from Dan Walsh. 2009-11-25 10:27:31 -05:00
Chris PeBenito e21162e471 Kdump reads the kernel core. 2009-11-25 10:04:40 -05:00
Chris PeBenito 837163cfe7 UDEV patch from Dan Walsh. 2009-11-25 09:44:14 -05:00
Chris PeBenito 832c1be4ca IPSEC patch from Dan Walsh. 2009-11-24 14:09:10 -05:00
Chris PeBenito 5ed061769e Application patch from Dan Walsh. 2009-11-24 11:48:39 -05:00
Chris PeBenito dccbb80cb0 Whitespace cleanup. 2009-11-24 11:11:38 -05:00
Chris PeBenito 0f982dada2 ISCSI patch from Dan Walsh. 2009-11-24 11:08:22 -05:00
Chris PeBenito 0a119a0142 Setrans patch from Dan Walsh. 2009-11-24 09:41:03 -05:00
Chris PeBenito bd34ef71df LVM patch from Dan Walsh. 2009-11-24 09:19:45 -05:00
Chris PeBenito 9dfdd48fec Miscfiles patch from Dan Walsh. 2009-11-24 09:04:48 -05:00
Chris PeBenito ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Craig Grube e8779130bf adding puppet configuration management system 
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2009-11-11 08:37:16 -05:00
Chris PeBenito 625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito 71965a1fc5 add kdump from dan. 2009-09-02 08:33:25 -04:00
Chris PeBenito a9e9678fc7 kismet patch from dan. 2009-08-31 09:38:47 -04:00
Chris PeBenito aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Chris PeBenito 0be901ba40 rename admin_tun_type to admindomain. 2009-08-31 09:03:51 -04:00
Chris PeBenito bd75703c7d reorganize tun patch changes. 2009-08-31 08:49:57 -04:00
Paul Moore 9dc3cd1635 refpol: Policy for the new TUN driver access controls 
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
 2009-08-31 08:36:06 -04:00
Chris PeBenito 4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito 93c49bdb04 deprecate userdom_xwindows_client_template 
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
 2009-08-28 13:29:36 -04:00
Chris PeBenito fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Chris PeBenito e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito b2648249d9 Fix unconfined_r use of unconfined_java_t. 
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
 2009-08-17 13:19:26 -04:00
Chris PeBenito 97e42114db remove redundant xen_append_log() call in hostname. 2009-08-11 14:19:38 -04:00
Chris PeBenito e51390dfcb fix refpolicy ticket #48. 2009-08-10 11:14:03 -04:00
Chris PeBenito 9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito d69616c625 fix ordering in sysnetwork. 2009-08-05 10:23:50 -04:00
Chris PeBenito 48bf6397fc fix ordering in raid. 2009-08-05 10:19:28 -04:00
Chris PeBenito 4b218bd646 fix ordering in pcmcia. 2009-08-05 10:18:31 -04:00
Chris PeBenito f0e959b4d2 fix ordering in mount. 2009-08-05 10:16:41 -04:00
Chris PeBenito 54327d48ee fix ordering in modutils. 2009-08-05 10:15:45 -04:00
Chris PeBenito 568efbe895 fix ordering of interface calls in lvm. 2009-08-05 10:07:35 -04:00
Chris PeBenito 8cd1306e5b fix ordering of interface calls in locallogin. 2009-08-05 10:06:04 -04:00
Chris PeBenito e6985f91ab fix ordering of interface calls in iptables. 2009-08-05 10:04:13 -04:00
Chris PeBenito 464ffa57fd fix ordering of interface calls in init. 2009-08-05 10:01:06 -04:00
Chris PeBenito 14d282253f fix ordering of interface calls in hostname. 2009-08-05 09:57:14 -04:00
Chris PeBenito 5b5300c823 fix ordering of interface calls in getty. 2009-08-05 09:55:58 -04:00
Chris PeBenito 79ca728b5f fix ordering of interface calls in fstools. 2009-08-05 09:54:52 -04:00
Chris PeBenito 08638af216 fix ordering of interface calls in clock. 2009-08-05 09:52:34 -04:00
Chris PeBenito 2acba7bbdb fix ordering of interface calls in authlogin. 2009-08-05 09:51:47 -04:00
Chris PeBenito 4c92f08f75 openrc unfortunately mounts a tmpfs at /lib/rc 2009-07-30 08:57:15 -04:00
Chris PeBenito cfdbf366cb gentoo init script system uses tmpfs for state data 2009-07-30 08:33:43 -04:00
Chris PeBenito efa0acccea gentoo init script system sends audit messages. 2009-07-29 21:50:32 -04:00
Chris PeBenito 33322290f2 automount patch from dan. 2009-07-29 08:59:26 -04:00
Chris PeBenito 4083191c4b add missing userdom interfaces 2009-07-28 09:35:46 -04:00
Chris PeBenito 09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00