a673712d8a
systemd: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-02-02 13:50:45 -05:00
ab0367b4b6
machined
...
This patch is for systemd-machined. Some of it will probably need
discussion but some is obviously good, so Chris maybe you could take
the bits you like for this release?
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-02-02 13:46:42 -05:00
eae12d8418
apt, bootloader: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-02-02 13:32:42 -05:00
8b4f1e3384
misc apps and admin patches
...
Send again without the section Dominick didn't like. I think it's ready for inclusion.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-02-02 13:29:48 -05:00
cfb48c28d0
screen: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-02-02 08:47:55 -05:00
460cd1a4b1
Merge pull request #346 from jpds/tmux-xdg-config
2021-02-02 08:47:31 -05:00
aa35a710a5
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-02-02 08:47:00 -05:00
9e195ea6ae
dpkg, aptcatcher, milter, mysql, systemd: Rename interfaces.
...
Rename interfaces from a7f3fdabad
2021-02-02 08:46:41 -05:00
a7f3fdabad
new version of filetrans patch
...
Name changes suggested by Dominick and some more additions.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-02-02 08:31:14 -05:00
9ec80c1b2f
apps/screen.te: Allow screen to search xdg directories.
...
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
2021-02-01 21:42:12 +00:00
e7065e2442
certbot: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-02-01 15:56:31 -05:00
3ce27e68d9
certbot: add support for acme.sh
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-02-01 15:29:24 -05:00
2bdfc5c742
apps/screen.fc: Added fcontext for tmux xdg directory.
...
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
2021-01-29 14:56:29 +00:00
072c0a9458
userdomain, gpg: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-29 08:35:12 -05:00
09bd4af708
Work with xdg module disabled
...
These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block
Signed-off-by: Dave Sugar <dsugar@tresys.com>
2021-01-28 18:13:33 -05:00
3d8e755d85
pacemaker: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 15:28:06 -05:00
9a40ead091
Merge pull request #341 from dsugar100/master
2021-01-28 15:27:53 -05:00
bc746ff391
sudo, spamassassin: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 15:27:03 -05:00
2e6d7b8cb9
Merge pull request #339 from 0xC0ncord/feature/sudodomain_http_connect_boolean
2021-01-28 15:24:38 -05:00
733e8519cc
Merge pull request #336 from 0xC0ncord/feature/rspamd_extra_rules
2021-01-28 15:24:34 -05:00
f6987e9d82
pcs_snmpd_agent_t fix denials to allow it to read needed queues
...
Jan 27 18:16:51 audispd: node=virtual type=AVC msg=audit(1611771411.553:9337): avc: denied { search } for pid=13880 comm="cibadmin" name="qb-6671-13880-13-bRhDEX" dev="tmpfs" ino=88809 scontext=system_u:system_r:pcs_snmp_agent_t:s0 tcontext=system_u:object_r:pacemaker_tmpfs_t:s0 tclass=dir permissive=0
Jan 27 19:53:46 audispd: node=virtual type=AVC msg=audit(1611777226.144:25975): avc: denied { getattr } for pid=29489 comm="systemctl" name="/" dev="tmpfs" ino=14072 scontext=system_u:system_r:pcs_snmp_agent_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
Signed-off-by: Dave Sugar <dsugar@tresys.com>
2021-01-28 15:20:20 -05:00
95dd9ebf61
sudo: add tunable for HTTP connections
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-28 15:11:19 -05:00
98681ea89e
samba: Fix lint error.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:57:19 -05:00
a404dc677e
aptcacher: Drop broken config interfaces.
...
The aptcacher_etc_t type does not exist in the policy. The block in cron
will never be enabled because of this, so drop that too.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:57:08 -05:00
920ecf48ce
apache: Really fix lint error.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:34:02 -05:00
cf91901018
apache: Fix lint error.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:29:26 -05:00
744290159e
apache, fail2ban, stunnel: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:26:31 -05:00
981e741a51
Merge pull request #337 from 0xC0ncord/bugfix/fail2ban_journald_map
2021-01-28 13:54:16 -05:00
7bf7abd525
Merge pull request #340 from 0xC0ncord/feature/apache_list_dirs_interface
2021-01-28 13:51:17 -05:00
63b25831a4
Merge pull request #338 from 0xC0ncord/feature/stunnel_logging_type
2021-01-28 13:50:46 -05:00
a3e13450e2
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:39:49 -05:00
09fd2a29cf
samba: Add missing userspace class requirements in unit interfaces.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:39:34 -05:00
94e424aa9b
sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba block.
...
This moves the existing samba_manage_config(dhcpc_t) that is not tunable
into the tunable block.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:30:40 -05:00
5d29c35b89
samba: Move service interface definitions.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:27:54 -05:00
ac5b8737fd
misc network patches with Dominick's changes*2
...
I think this one is good for merging now.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-28 11:22:07 -05:00
621baf7752
samba: Fix samba_runtime_t alias use.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:55:54 -05:00
882633aa13
cron: Make backup call for system_cronjob_t optional.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:55:35 -05:00
9f8164d35d
devicekit, jabber, samba: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:55:09 -05:00
982cb068c2
apache, mysql, postgrey, samba, squid: Apply new mmap_manage_files_pattern().
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:53:04 -05:00
55c3c1dcaa
misc services patches with changes Dominick and Chris wanted
...
I think this one is ready to merge.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-28 10:06:16 -05:00
4e15f5dfe4
apache: add interface for list dir perms on httpd content
...
This is needed by some webservers such as nginx when autoindexing is
enabled.
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-27 15:41:16 -05:00
c8f723b96e
spamassassin: add rspamd support and tunable
...
Additional rules are required to enable rspamd support. This commit adds
file contexts for rspamd's files and adds a tunable that enables the
additional rules needed for rspamd to function.
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-26 20:10:54 -05:00
8fc4aa59a9
fail2ban: allow reading systemd journal
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-26 18:19:20 -05:00
e34e339b96
stunnel: add log type and rules
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-26 18:05:56 -05:00
c521270688
memlockd: Fix lint issue.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 10:29:42 -05:00
87ffc9472a
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 09:48:59 -05:00
9f98b92ee5
memlockd: Whitespace fixes.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 09:46:20 -05:00
157b7edcbb
memlockd: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 09:46:04 -05:00
88c8189207
latest memlockd patch
...
Includes the ifndef(`distro_debian' section that was requested. Should be
ready for merging now.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-25 09:39:26 -05:00
da9b6306ea
more Chrome stuff
...
Patches for some more Chrome stuff
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-25 09:36:56 -05:00
Chris PeBenito
Russell Coker
Jonathan Davies
Kenton Groombridge
Dave Sugar