Chris PeBenito
d387e79989
Bump module versions for release.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-08-18 09:09:10 -04:00
Chris PeBenito
613708cad6
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-07-04 09:30:45 -04:00
Chris PeBenito
0992763548
Update callers for "pid" to "runtime" interface rename.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-06-28 16:03:45 -04:00
Chris PeBenito
309f655fdc
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-06-10 15:02:27 -04:00
Topi Miettinen
1d8333d7a7
Remove unlabeled packet access
...
When SECMARK or Netlabel packet labeling is used, it's useful to
forbid receiving and sending unlabeled packets. If packet labeling is
not active, there's no effect.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-06-03 23:16:19 +03:00
Chris PeBenito
b2f72e833b
Bump module versions for release.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-02-29 16:54:39 -05:00
Chris PeBenito
7af9eb3e91
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-01-15 10:42:45 -05:00
Stephen Smalley
161bda392e
access_vectors: Remove unused permissions
...
Remove unused permission definitions from SELinux.
Many of these were only ever used in pre-mainline
versions of SELinux, prior to Linux 2.6.0. Some of them
were used in the legacy network or compat_net=1 checks
that were disabled by default in Linux 2.6.18 and
fully removed in Linux 2.6.30.
The corresponding classmap declarations were removed from the
mainline kernel in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42a9699a9fa179c0054ea3cf5ad3cc67104a6162
Permissions never used in mainline Linux:
file swapon
filesystem transition
tcp_socket { connectto newconn acceptfrom }
node enforce_dest
unix_stream_socket { newconn acceptfrom }
Legacy network checks, removed in 2.6.30:
socket { recv_msg send_msg }
node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-14 13:41:50 -05:00
Chris PeBenito
291f68a119
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:39:31 -04:00
Chris PeBenito
d6c7154f1c
Reorder declarations based on *_runtime_t renaming.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:02:43 -04:00
Chris PeBenito
69a403cd97
Rename *_var_run_t types to *_runtime_t.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:02:43 -04:00
Chris PeBenito
a5dab43a85
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-11 06:52:32 -04:00
Nicolas Iooss
10cd3fb258
bitlbee: allow using GetDynamicUser on Debian
...
On Debian 10, starting bitlbee daemon leads to:
type=AVC msg=audit(1567941717.044:14204): avc: denied { search }
for pid=5704 comm="bitlbee" name="dbus" dev="tmpfs" ino=13798
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:system_dbusd_var_run_t tclass=dir
permissive=0
type=AVC msg=audit(1567941717.044:14205): avc: denied { read } for
pid=5704 comm="bitlbee" name="direct:64707" dev="tmpfs" ino=16529
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:init_var_run_t tclass=lnk_file
permissive=0
type=AVC msg=audit(1567941756.020:14208): avc: denied { search }
for pid=6363 comm="bitlbee" name="dbus" dev="tmpfs" ino=13798
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:system_dbusd_var_run_t tclass=dir
permissive=0
type=AVC msg=audit(1567941756.020:14209): avc: denied { read } for
pid=6363 comm="bitlbee" name="direct:64707" dev="tmpfs" ino=16529
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:object_r:init_var_run_t tclass=lnk_file
permissive=0
type=USER_AVC msg=audit(1567941770.492:14215): pid=432 uid=106
auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
msg='avc: denied { send_msg } for msgtype=method_call
interface=org.freedesktop.systemd1.Manager member=GetDynamicUsers
dest=org.freedesktop.systemd1 spid=6694 tpid=1
scontext=system_u:system_r:bitlbee_t
tcontext=system_u:system_r:init_t tclass=dbus permissive=0
exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?'
All these denials are related to getting dynamic users through a D-Bus
call to GetDynamicUsers() of interface org.freedesktop.systemd1.Manager.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-08 23:07:15 +02:00
Chris PeBenito
3ab07a0e1e
Move all files out of the old contrib directory.
2018-06-23 10:38:58 -04:00
Chris PeBenito
09248fa0db
Move modules to contrib submodule.
2011-09-09 10:10:03 -04:00
Chris PeBenito
826d014241
Bump module versions for release.
2010-12-13 09:12:22 -05:00
Chris PeBenito
1e75e83f2c
Module version bump for bitlbee.
2010-10-18 09:51:21 -04:00
Jeremy Solt
05ca5f7b59
bitlbee patch from Dan Walsh
2010-10-18 09:51:20 -04:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Chris PeBenito
a7d606860b
Bitlbee patch from Dan Walsh.
2009-12-18 10:38:30 -05:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
20272c2b27
trunk: 7 patches from dan.
2009-06-26 13:22:39 +00:00
Chris PeBenito
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
Chris PeBenito
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
Chris PeBenito
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
Chris PeBenito
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
Chris PeBenito
e87221cefe
trunk: 21 patches from dan.
2008-10-08 15:50:03 +00:00
Chris PeBenito
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00