Chris PeBenito
aa0eecf3e3
Bump module versions for release.
2017-08-05 12:59:42 -04:00
Chris PeBenito
5ab11a8454
Module version bump for patches from cgzones.
2017-06-08 18:53:51 -04:00
Chris PeBenito
a599f28196
Module version bump for /usr/bin fc fixes from Nicolas Iooss.
2017-05-04 08:27:46 -04:00
Chris PeBenito
8527b86621
Further strict systemd fixes from Russell Coker.
2017-04-20 20:00:34 -04:00
Chris PeBenito
73d8b3026c
Systemd-related changes from Russell Coker.
2017-04-06 17:37:50 -04:00
Chris PeBenito
43f197494a
dontaudit net_admin for SO_SNDBUFFORCE
...
The following patch adds dontaudit rules for where the net_admin capability
is requested due to SO_SNDBUFFORCE. This forces the caller to use SO_SNDBUF
which gives the same result but possibly a smaller buffer.
From Russell Coker
2017-03-25 12:32:01 -04:00
Chris PeBenito
4d028498d8
Module version bumps for fixes from cgzones.
2017-03-05 10:48:42 -05:00
Chris PeBenito
1720e109a3
Sort capabilities permissions from Russell Coker.
2017-02-15 18:47:33 -05:00
Chris PeBenito
69ede859e8
Bump module versions for release.
2017-02-04 13:30:53 -05:00
Chris PeBenito
f850ec37df
Module version bumps for /run fc changes from cgzones.
2016-12-22 15:54:46 -05:00
cgzones
901a905cbb
update policy/support macros
...
- add systemd service macro sets
- add some documentation
- add some recursion to some macro sets (ipv perm, object class sets)
- deprecate domain_trans and domain_auto_trans
- remove unpriv_socket_class_set
2016-12-01 19:38:14 +01:00
Chris PeBenito
34055cae87
Bump module versions for release.
2016-10-23 16:58:59 -04:00
Chris PeBenito
994f605a2c
Module version bump for Xorg and SSH patches from Nicolas Iooss.
2016-01-05 13:38:19 -05:00
Nicolas Iooss
ce2982bf50
Label OpenSSH systemd unit files
...
On Arch Linux, OpenSSH unit files are:
/usr/lib/systemd/system/sshdgenkeys.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd@.service
/usr/lib/systemd/system/sshd.socket
On Debian jessie, the unit files are:
/lib/systemd/system/ssh.service
/lib/systemd/system/ssh@.service
/lib/systemd/system/ssh.socket
On Fedora 22, the unit files are:
/usr/lib/systemd/system/sshd-keygen.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd@.service
/usr/lib/systemd/system/sshd.socket
Use a pattern which matches every sshd unit and introduce an other type
for ssh-keygen units.
2016-01-05 13:22:52 -05:00
Chris PeBenito
c23353bcd8
Bump module versions for release.
2015-12-08 09:53:02 -05:00
Chris PeBenito
17694adc7b
Module version bump for systemd additions.
2015-10-23 14:53:14 -04:00
Chris PeBenito
579849912d
Add supporting rules for domains tightly-coupled with systemd.
2015-10-23 10:17:46 -04:00
Chris PeBenito
c8c2b8b0c8
Module version bump for ssh-agent -k fix from Luis Ressel.
2015-07-20 10:01:52 -04:00
Chris PeBenito
468185f5f7
Bump module versions for release.
2014-12-03 13:37:38 -05:00
Chris PeBenito
491683b3e2
Module version bump for init_daemon_pid_file from Sven Vermeulen.
2014-06-30 14:34:51 -04:00
Sven Vermeulen
4a94489be7
Use init_daemon_pid_file instead of init_daemon_run_dir
...
Update non-contrib modules to use init_daemon_pid_file instead of
init_daemon_run_dir.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-06-26 08:34:27 -04:00
Chris PeBenito
10ff4d0fa3
Bump module versions for release.
2014-03-11 08:16:57 -04:00
Chris PeBenito
22d7dac75b
Module version bump for ssh use of gpg-agent from Luis Ressel.
2014-02-08 08:41:05 -05:00
Chris PeBenito
7e71b34b09
Rearrange gpg agent calls.
2014-02-08 08:40:37 -05:00
Chris PeBenito
4ef4e0674d
Rename gpg_agent_connect to gpg_stream_connect_agent.
2014-02-08 08:24:41 -05:00
Luis Ressel
bda6528039
Conditionally allow ssh to use gpg-agent
...
gpg-agent also offers an ssh-compatible interface. This is useful e.g.
for smartcard authentication.
2014-02-08 08:10:16 -05:00
Chris PeBenito
b244f47319
Module version bump for pid file directory from Russell Coker/Laurent Bigonville.
2014-02-06 09:14:31 -05:00
Laurent Bigonville
d6751cb2f4
Move the ifdef at the end of the declaration block
2014-02-06 09:14:31 -05:00
Chris PeBenito
1a01976fc4
Module version bump for first batch of patches from Dominick Grift.
2013-12-02 14:22:29 -05:00
Dominick Grift
4113f7b0d4
sshd/setrans: make respective init scripts create pid dirs with proper contexts
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-12-02 08:43:33 -05:00
Chris PeBenito
be570944e5
Module version bump for ssh server caps for Debian from Dominick Grift.
2013-09-27 16:25:56 -04:00
Dominick Grift
fc8bbe630a
ssh: Debian sshd is configured to use capabilities
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-27 16:25:15 -04:00
Chris PeBenito
36e088fa43
Module version bump for kerberos keytab changes for ssh from Dominick Grift.
2013-09-23 14:28:00 -04:00
Dominick Grift
22f71be4e3
The kerberos_keytab_template() template is deprecated: Breaks monolithic built (out-of-scope)
...
This keytab functionality should be re-evaluated because it does not
make sense in its current implementation
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-23 14:15:46 -04:00
Chris PeBenito
d174521a64
Bump module versions for release.
2013-04-24 16:14:52 -04:00
Chris PeBenito
be2e70be8d
Module version bump for fixes from Dominick Grift.
2013-01-03 10:53:34 -05:00
Dominick Grift
79e1e4efb9
NSCD related changes in various policy modules
...
Use nscd_use instead of nscd_socket_use. This conditionally allows
nscd_shm_use
Remove the nscd_socket_use from ssh_keygen since it was redundant
already allowed by auth_use_nsswitch
Had to make some ssh_keysign_t rules unconditional else
nscd_use(ssh_keysign_t) would not build (nested booleans) but that does
not matter, the only actual domain transition to ssh_keysign_t is
conditional so the other unconditional ssh_keygen_t rules are
conditional in practice
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-01-03 10:43:10 -05:00
Chris PeBenito
79f71729e3
Module version bump from Debian changes from Laurent Bigonville.
2012-12-07 00:46:27 -05:00
Chris PeBenito
c48458f8e2
Module version bump for Debian ssh-keysign location from Laurent Bigonville.
2012-11-26 11:13:12 -05:00
Chris PeBenito
f65edd8280
Bump module versions for release.
2012-02-15 14:32:45 -05:00
Chris PeBenito
e34b1f6cbd
Module version bump and changelog for sshd using oddjob_mkhomedir from Sven Vermeulen.
2012-01-04 08:14:11 -05:00
Sven Vermeulen
93e4685552
sshd can call mkhomedir when a new user logs on
...
These services are offered through the oddjob module.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-01-04 07:49:50 -05:00
Chris PeBenito
c4fa10ef81
Module version bump for changes from Fedora.
2011-12-15 08:38:06 -05:00
Chris PeBenito
ba817fccd9
Add userdom interfaces for user application domains, user tmp files, and user tmpfs files.
2011-10-28 08:49:19 -04:00
Chris PeBenito
e2fa4f2e8c
Add user application, tmp and tmpfs file interfaces.
2011-10-28 08:48:10 -04:00
Chris PeBenito
7b98e4f436
Clean up stale TODOs.
2011-09-26 11:51:47 -04:00
Chris PeBenito
bca0cdb86e
Remove duplicate/redundant rules, from Russell Coker.
2010-07-07 08:41:20 -04:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Chris PeBenito
088b65e52b
SSH patch from Dan Walsh.
2010-05-19 08:31:17 -04:00