be570944e5
Module version bump for ssh server caps for Debian from Dominick Grift.
2013-09-27 16:25:56 -04:00
fc8bbe630a
ssh: Debian sshd is configured to use capabilities
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-27 16:25:15 -04:00
36e088fa43
Module version bump for kerberos keytab changes for ssh from Dominick Grift.
2013-09-23 14:28:00 -04:00
22f71be4e3
The kerberos_keytab_template() template is deprecated: Breaks monolithic built (out-of-scope)
...
This keytab functionality should be re-evaluated because it does not
make sense in its current implementation
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-23 14:15:46 -04:00
d174521a64
Bump module versions for release.
2013-04-24 16:14:52 -04:00
be2e70be8d
Module version bump for fixes from Dominick Grift.
2013-01-03 10:53:34 -05:00
79e1e4efb9
NSCD related changes in various policy modules
...
Use nscd_use instead of nscd_socket_use. This conditionally allows
nscd_shm_use
Remove the nscd_socket_use from ssh_keygen since it was redundant
already allowed by auth_use_nsswitch
Had to make some ssh_keysign_t rules unconditional else
nscd_use(ssh_keysign_t) would not build (nested booleans) but that does
not matter, the only actual domain transition to ssh_keysign_t is
conditional so the other unconditional ssh_keygen_t rules are
conditional in practice
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-01-03 10:43:10 -05:00
79f71729e3
Module version bump from Debian changes from Laurent Bigonville.
2012-12-07 00:46:27 -05:00
c48458f8e2
Module version bump for Debian ssh-keysign location from Laurent Bigonville.
2012-11-26 11:13:12 -05:00
f65edd8280
Bump module versions for release.
2012-02-15 14:32:45 -05:00
e34b1f6cbd
Module version bump and changelog for sshd using oddjob_mkhomedir from Sven Vermeulen.
2012-01-04 08:14:11 -05:00
93e4685552
sshd can call mkhomedir when a new user logs on
...
These services are offered through the oddjob module.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-01-04 07:49:50 -05:00
c4fa10ef81
Module version bump for changes from Fedora.
2011-12-15 08:38:06 -05:00
ba817fccd9
Add userdom interfaces for user application domains, user tmp files, and user tmpfs files.
2011-10-28 08:49:19 -04:00
e2fa4f2e8c
Add user application, tmp and tmpfs file interfaces.
2011-10-28 08:48:10 -04:00
7b98e4f436
Clean up stale TODOs.
2011-09-26 11:51:47 -04:00
bca0cdb86e
Remove duplicate/redundant rules, from Russell Coker.
2010-07-07 08:41:20 -04:00
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
088b65e52b
SSH patch from Dan Walsh.
2010-05-19 08:31:17 -04:00
d08a3df046
Ssh key creation fix from Gentoo.
2010-02-17 20:32:08 -05:00
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
edc2f7dea4
Fix home_ssh_t usage.
2010-01-25 08:34:28 -05:00
cde15072d0
SSH patch from Dan Walsh.
2010-01-15 15:28:27 -05:00
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
c1262146e0
trunk: Remove node definitions and change node usage to generic nodes.
2009-01-09 19:48:02 +00:00
668b3093ff
trunk: change network interface access from all to generic network interfaces.
2009-01-06 20:24:10 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
c9824ec5ce
trunk: remove incomplete sshd_extern.
2008-09-18 14:06:30 +00:00
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
708aab1393
trunk: fix targeted sshd. When the domain was unaliased from unconfined_t, a transition to unconfined_t was not added.
2007-07-20 18:25:26 +00:00
d46cfe45cd
trunk: add application module
2007-07-19 18:57:48 +00:00
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
d28e528b0d
Fixes for RHEL4 from the CLIP project.
2007-04-27 15:08:15 +00:00
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
56e1b3d207
- Move booleans and tunables to modules when it is only used in a single
...
module.
- Add support for tunables and booleans local to a module.
2007-03-26 18:41:45 +00:00
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
Dominick Grift
Sven Vermeulen
Chris PeBenito