9d57bf3a2e
selinux: Change generic Boolean type to boolean_t.
...
This will prevent other security_t writers from setting Boolean pending
values, which could be activated unwittingly by setbool processes.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-03-19 15:50:25 -04:00
d84e0ee70f
selinux: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-03-12 09:57:36 -05:00
3ab2274e3d
selinux: Add a secure_mode_setbool Boolean.
...
Enabling this will disable all permissions for setting SELinux Booleans,
even for unconfined domains.
This does not affect setenforce. Enable secure_mode_policyload along with
secure_mode_setbool to fully lock the SELinux security interface.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-03-05 16:13:11 -05:00
ff983a6239
Bump module versions for release.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-02-03 08:38:26 -05:00
c33866e1f6
selinux, init, systemd, rpm: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-09-09 16:55:06 -04:00
b2f72e833b
Bump module versions for release.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-02-29 16:54:39 -05:00
921eb37a97
rpm, selinux, sysadm, init: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-07-13 14:07:11 -04:00
445cbed7c7
Bump module versions for release.
2019-02-01 15:03:42 -05:00
d301e83161
mozilla, devices, selinux, xserver, init, iptables: Module version bump.
2018-07-10 20:11:40 -04:00
495e2c203b
Remove complement and wildcard in allow rules.
...
Remove complement (~) and wildcard (*) in allow rules so that there are no
unintentional additions when new permissions are declared.
This patch does not add or remove permissions from any rules.
2017-08-13 16:21:44 -04:00
d8cb498284
remove trailing whitespaces
2016-12-06 13:45:13 +01:00
c23353bcd8
Bump module versions for release.
2015-12-08 09:53:02 -05:00
b94f45d760
Revise selinux module interfaces for perms protected by neverallows.
...
Use the allow rules on the relevant attributes in selinux.te, rather than
only using the attribute to pass the neverallows.
Closes #14
2015-11-04 15:10:29 -05:00
468185f5f7
Bump module versions for release.
2014-12-03 13:37:38 -05:00
6624f9cf7a
Drop RHEL4 and RHEL5 support.
2014-09-24 13:10:37 -04:00
92ccf71c26
Module version bump for /sys/fs/selinux support from Sven Vermeulen.
2014-04-21 09:01:08 -04:00
10ff4d0fa3
Bump module versions for release.
2014-03-11 08:16:57 -04:00
7f736f3587
Module version bump for selinuxfs location change from Dominick Grift.
2013-09-26 09:52:37 -04:00
3516535aa6
Bump module versions for release.
2012-07-25 14:33:06 -04:00
2e83467903
Module version bump and changelog for virt updates from Sven Vermeulen.
2012-04-23 10:43:15 -04:00
94d8bd2904
Module version bump for mountpoint patches from Sven Vermeulen.
2012-04-23 09:33:17 -04:00
26cfbe5317
Marking debugfs and securityfs as mountpoints
...
The locations for debugfs_t (/sys/kernel/debug) and security_t
(/selinux or /sys/fs/selinux) should be marked as mountpoints as well.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-04-23 09:21:15 -04:00
f65edd8280
Bump module versions for release.
2012-02-15 14:32:45 -05:00
8e94109c52
Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions.
2011-09-26 10:44:27 -04:00
aecd12c7b0
Move secure_mode_policyload into selinux module as that is the only place it is used.
2011-09-26 09:53:23 -04:00
aa4dad379b
Module version bump for release.
2011-07-26 08:11:01 -04:00
ed17ee5394
Pull in additional changes in kernel layer from Fedora.
2011-03-31 09:49:01 -04:00
826d014241
Bump module versions for release.
2010-12-13 09:12:22 -05:00
220915dcad
Add mounting interfaces for selinuxfs.
2010-10-28 14:32:24 -04:00
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
f0435b1ac4
trunk: add support for labeled booleans.
2009-01-13 13:01:48 +00:00
0b36a2146e
trunk: Enable open permission checks policy capability.
2008-10-16 16:09:20 +00:00
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
04d2861035
trunk: missing bits from dan's previous round of patches.
2008-10-09 14:01:53 +00:00
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
91d6c92160
trunk: a pair of tweaks from gentoo systems.
2008-03-14 14:55:34 +00:00
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
5bf9deb5bb
trunk: 3 patches from dan
2007-06-20 19:47:10 +00:00
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
86d754eed6
Add support for libselinux 2.0.5 init_selinuxmnt() changes.
2007-02-27 17:02:35 +00:00
a52b4d4f23
bump versions to release numbers
2006-10-18 19:25:27 +00:00
e070dd2df0
- Move range transitions to modules.
...
- Make number of MLS sensitivities, and number of MLS and MCS
categories configurable as build options.
2006-10-04 17:25:34 +00:00
46551033aa
patch from dan Wed, 26 Jul 2006 14:42:46 -0400
2006-07-28 15:13:58 +00:00
133000c286
remove setbool auditallow, except for distro_rhel4.
2006-07-13 14:22:21 +00:00
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00
Chris PeBenito
cgzones
Chris PeBenito
Sven Vermeulen