aa4dad379b
Module version bump for release.
2011-07-26 08:11:01 -04:00
3cbc972771
Fix role declaration to handle new roleattribute requirements.
2011-07-25 12:10:05 -04:00
a29c7b86e1
Module version bump and Changelog for auth file patches from Matthew Ife.
2011-07-18 13:48:05 -04:00
b598c4421c
Merge various apps layer changes from the Fedora policy.
2011-06-08 13:05:34 -04:00
ec5d81e1ca
Aisexec patch from Miroslav Grepl.
...
* openais needs ipc_owner and read/write user SysV sempaphores/shared memory
2011-03-21 11:23:26 -04:00
826d014241
Bump module versions for release.
2010-12-13 09:12:22 -05:00
e29f6bf08a
Module version bump and Changelog for 329138b and 413aac1.
2010-10-01 09:50:50 -04:00
48c3c37cf2
Remove some redundant attributes from user_home_t.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-12 14:35:22 -04:00
4b76ea5f51
Module version bump for fa1847f.
2010-07-12 14:02:18 -04:00
1db1836ab9
Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role().
2010-07-06 13:17:05 -04:00
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
c54e7d63dc
Module version bump for cgroup patchset.
2010-06-08 09:18:43 -04:00
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
a6bafb5a25
Module version bump for bf530f5.
2010-03-03 13:11:58 -05:00
2d743657f4
Userdomain patch from Stefan Schulze Frielinghaus.
2010-02-08 11:43:44 -05:00
22a2874dbf
Add dbadm, from KaiGai Kohei.
2010-02-08 10:34:08 -05:00
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
a9e9678fc7
kismet patch from dan.
2009-08-31 09:38:47 -04:00
aaff2fcfcd
module version number bump for tun patches
2009-08-31 09:17:31 -04:00
0be901ba40
rename admin_tun_type to admindomain.
2009-08-31 09:03:51 -04:00
bd75703c7d
reorganize tun patch changes.
2009-08-31 08:49:57 -04:00
9dc3cd1635
refpol: Policy for the new TUN driver access controls
...
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices. The policy rules for creating and attaching to a device are as
shown below:
# create a new device
allow domain_t self:tun_socket { create };
# attach to a persistent device (created by tunlbl_t)
allow domain_t tunlbl_t:tun_socket { relabelfrom };
allow domain_t self:tun_socket { relabelto };
Further discussion can be found on this thread:
* http://marc.info/?t=125080850900002&r=1&w=2
Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
4279891d1f
patch from Eamon Walsh to remove useage of deprecated xserver interfaces.
2009-08-28 13:40:29 -04:00
93c49bdb04
deprecate userdom_xwindows_client_template
...
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role(). Deprecate
the former and put the rules into the latter.
For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
73c77e2c9b
trunk: 2 fixes from martin orr.
2008-11-13 18:44:23 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
dc1920b218
trunk: Database labeled networking update from KaiGai Kohei.
2008-07-25 04:07:09 +00:00
cfcf5004e5
trunk: bump versions for release.
2008-07-02 14:07:57 +00:00
e8cb08aefa
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
e9c6cda7da
trunk: Move user roles into individual modules.
2008-04-29 13:58:34 +00:00
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
dd9e1de35e
trunk: Improve several tunables descriptions from Dan Walsh.
2007-12-07 15:44:53 +00:00
0aa18d9fd5
trunk: version bumps for previous commit.
2007-11-26 16:46:38 +00:00
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
6f49b490b8
trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara.
2007-09-17 18:04:35 +00:00
4922765ec6
trunk: fix certwatch_run() interface, which had a typo in the name.
2007-08-30 15:01:48 +00:00
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito
Dominick Grift
Chris PeBenito
Paul Moore