d387e79989
Bump module versions for release.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-08-18 09:09:10 -04:00
613708cad6
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-07-04 09:30:45 -04:00
0992763548
Update callers for "pid" to "runtime" interface rename.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-06-28 16:03:45 -04:00
309f655fdc
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-06-10 15:02:27 -04:00
1d8333d7a7
Remove unlabeled packet access
...
When SECMARK or Netlabel packet labeling is used, it's useful to
forbid receiving and sending unlabeled packets. If packet labeling is
not active, there's no effect.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-06-03 23:16:19 +03:00
b2f72e833b
Bump module versions for release.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-02-29 16:54:39 -05:00
7af9eb3e91
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-01-15 10:42:45 -05:00
161bda392e
access_vectors: Remove unused permissions
...
Remove unused permission definitions from SELinux.
Many of these were only ever used in pre-mainline
versions of SELinux, prior to Linux 2.6.0. Some of them
were used in the legacy network or compat_net=1 checks
that were disabled by default in Linux 2.6.18 and
fully removed in Linux 2.6.30.
The corresponding classmap declarations were removed from the
mainline kernel in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42a9699a9fa179c0054ea3cf5ad3cc67104a6162
Permissions never used in mainline Linux:
file swapon
filesystem transition
tcp_socket { connectto newconn acceptfrom }
node enforce_dest
unix_stream_socket { newconn acceptfrom }
Legacy network checks, removed in 2.6.30:
socket { recv_msg send_msg }
node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-14 13:41:50 -05:00
291f68a119
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:39:31 -04:00
d6c7154f1c
Reorder declarations based on *_runtime_t renaming.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:02:43 -04:00
69a403cd97
Rename *_var_run_t types to *_runtime_t.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:02:43 -04:00
a5dab43a85
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-11 06:52:32 -04:00
10cd3fb258
bitlbee: allow using GetDynamicUser on Debian
...
On Debian 10, starting bitlbee daemon leads to:
type=AVC msg=audit(1567941717.044:14204): avc: denied { search }
for pid=5704 comm="bitlbee" name="dbus" dev="tmpfs" ino=13798
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:system_dbusd_var_run_t tclass=dir
permissive=0
type=AVC msg=audit(1567941717.044:14205): avc: denied { read } for
pid=5704 comm="bitlbee" name="direct:64707" dev="tmpfs" ino=16529
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:init_var_run_t tclass=lnk_file
permissive=0
type=AVC msg=audit(1567941756.020:14208): avc: denied { search }
for pid=6363 comm="bitlbee" name="dbus" dev="tmpfs" ino=13798
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:system_dbusd_var_run_t tclass=dir
permissive=0
type=AVC msg=audit(1567941756.020:14209): avc: denied { read } for
pid=6363 comm="bitlbee" name="direct:64707" dev="tmpfs" ino=16529
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:init_var_run_t tclass=lnk_file
permissive=0
type=USER_AVC msg=audit(1567941770.492:14215): pid=432 uid=106
auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
msg='avc: denied { send_msg } for msgtype=method_call
interface=org.freedesktop.systemd1.Manager member=GetDynamicUsers
dest=org.freedesktop.systemd1 spid=6694 tpid=1
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:system_r:init_t tclass=dbus permissive=0
exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?'
All these denials are related to getting dynamic users through a D-Bus
call to GetDynamicUsers() of interface org.freedesktop.systemd1.Manager.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-08 23:07:15 +02:00
3ab07a0e1e
Move all files out of the old contrib directory.
2018-06-23 10:38:58 -04:00
09248fa0db
Move modules to contrib submodule.
2011-09-09 10:10:03 -04:00
826d014241
Bump module versions for release.
2010-12-13 09:12:22 -05:00
1e75e83f2c
Module version bump for bitlbee.
2010-10-18 09:51:21 -04:00
05ca5f7b59
bitlbee patch from Dan Walsh
2010-10-18 09:51:20 -04:00
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
a7d606860b
Bitlbee patch from Dan Walsh.
2009-12-18 10:38:30 -05:00
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
20272c2b27
trunk: 7 patches from dan.
2009-06-26 13:22:39 +00:00
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
e87221cefe
trunk: 21 patches from dan.
2008-10-08 15:50:03 +00:00
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00
Chris PeBenito
Topi Miettinen
Stephen Smalley
Nicolas Iooss
Chris PeBenito
Jeremy Solt