RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,535 Commits 3 Branches 49 Tags 19 MiB
Commit Graph

85 Commits

Author SHA1 Message Date
Chris PeBenito aa0eecf3e3 Bump module versions for release. 2017-08-05 12:59:42 -04:00
Chris PeBenito a599f28196 Module version bump for /usr/bin fc fixes from Nicolas Iooss. 2017-05-04 08:27:46 -04:00
Chris PeBenito c2b04d1ea2 kmod, lvm, brctl patches from Russell Coker 
Patches for modutils, at least one of which is needed to generate an initramfs
on Debian.

Patch to allow lvm to talk to fifos from dpkg_script_t for postinst scripts
etc.

Patch for brctl to allow it to create sysfs files.
 2017-04-18 21:17:36 -04:00
Chris PeBenito 73d8b3026c Systemd-related changes from Russell Coker. 2017-04-06 17:37:50 -04:00
Chris PeBenito b690079a93 Misc fc changes from Russell Coker. 2017-04-06 17:00:28 -04:00
Chris PeBenito 63a6a44b3d Module version bump for fixes from cgzones. 2017-03-12 16:36:49 -04:00
cgzones d62ce5b4e8 lvm: small adjustments 
* align file contexts
* fix lvm_admin()
* call user_use_inherited_user_terminals and remove useless dontaudit call
 2017-03-12 10:32:02 +01:00
Chris PeBenito 4d028498d8 Module version bumps for fixes from cgzones. 2017-03-05 10:48:42 -05:00
cgzones 4b79a54b41 modutils: adopt callers to new interfaces 2017-03-03 12:28:17 +01:00
Chris PeBenito e527ebaadf systemd: Further revisions from Russell Coker. 2017-02-25 09:35:10 -05:00
Chris PeBenito 2087bde934 Systemd fixes from Russell Coker. 2017-02-23 20:03:23 -05:00
Chris PeBenito cb35cd587f Little misc patches from Russell Coker. 2017-02-18 09:39:01 -05:00
Chris PeBenito 1720e109a3 Sort capabilities permissions from Russell Coker. 2017-02-15 18:47:33 -05:00
Chris PeBenito 2e7553db63 Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
Chris PeBenito 69ede859e8 Bump module versions for release. 2017-02-04 13:30:53 -05:00
Chris PeBenito 67c435f1fc Module version bump for fc updates from Nicolas Iooss. 2016-12-28 14:38:05 -05:00
Chris PeBenito f850ec37df Module version bumps for /run fc changes from cgzones. 2016-12-22 15:54:46 -05:00
Chris PeBenito 34055cae87 Bump module versions for release. 2016-10-23 16:58:59 -04:00
Chris PeBenito 76f05a2c15 Module version bumps for LVM and useromain patches from Guido Trentalancia. 2016-09-07 18:02:18 -04:00
Guido Trentalancia cbccb5aedf Update the lvm module 
Update the lvm module to add a permission needed by cryptsetup.

At the moment the SELinux kernel code is not able yet to distinguish
the sockets in the AF_ALG namespace that are used for interfacing to
the kernel Crypto API.

In the future the SELinux kernel code will be updated to distinguish
the new socket class and so this permission will change its class
from the generic "socket" to the new socket (e.g. "alg_socket").

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
 2016-09-07 17:43:16 -04:00
Chris PeBenito c23353bcd8 Bump module versions for release. 2015-12-08 09:53:02 -05:00
Chris PeBenito 17694adc7b Module version bump for systemd additions. 2015-10-23 14:53:14 -04:00
Chris PeBenito 4388def2d9 Add refpolicy core socket-activated services. 2015-10-23 10:17:46 -04:00
Chris PeBenito f7286189b3 Add systemd units for core refpolicy services. 
Only for services that already have a named init script.

Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
 2015-10-23 10:17:46 -04:00
Chris PeBenito 579849912d Add supporting rules for domains tightly-coupled with systemd. 2015-10-23 10:17:46 -04:00
Chris PeBenito d74c9bd6b8 Module version bumps for admin interfaces from Jason Zaman. 2015-07-14 11:18:35 -04:00
Chris PeBenito 10ff4d0fa3 Bump module versions for release. 2014-03-11 08:16:57 -04:00
Chris PeBenito 58db129761 Update modules for file_t merge into unlabeled_t. 2014-01-16 11:24:25 -05:00
Chris PeBenito 3208ff94c4 Module version bump for second lot of patches from Dominick Grift. 2013-12-03 13:03:35 -05:00
Chris PeBenito 3ee649f132 Add comment in policy for lvm sysfs write. 2013-12-03 10:54:22 -05:00
Dominick Grift 6905ddaa98 lvm: lvm writes read_ahead_kb 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2013-12-03 10:53:23 -05:00
Chris PeBenito b7b3b55280 Module version bumps for Debian udev updates from Dominick Grift. 2013-09-27 16:44:54 -04:00
Chris PeBenito 5a727e1c60 Module version bump for lvm update from Dominick Grift. 2013-09-26 09:24:58 -04:00
Dominick Grift 43d6ac3f8e lvm: lvm and udisks-lvm-pv-e read /run/udev/queue.bin 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2013-09-26 09:16:36 -04:00
Chris PeBenito d174521a64 Bump module versions for release. 2013-04-24 16:14:52 -04:00
Chris PeBenito e1ab3f885b Module version bump for misc updates from Sven Vermeulen. 2013-01-03 10:32:41 -05:00
Sven Vermeulen 829b252cdc lvscan creates the /run/lock/lvm directory if nonexisting (v2) 
If the /run/lock/lvm directory doesn't exist yet, running any of the LVM tools
(like lvscan) will create this directory. Introduce a named file transition for
the lock location when a directory named "lvm" is created and grant the
necessary rights to create the directory.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2013-01-03 10:32:41 -05:00
Chris PeBenito 3516535aa6 Bump module versions for release. 2012-07-25 14:33:06 -04:00
Chris PeBenito 7b6fe9c1a5 Module version bump for syslog-ng and lvm patches from Sven Vermeulen. 2012-05-04 10:49:11 -04:00
Sven Vermeulen ee62c91345 Recent lvm utilities now use setfscreate 
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-05-04 10:45:57 -04:00
Chris PeBenito aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito a26f6088c9 Changelog and module version bump for LVM semaphore usage patch from Sven Vermeulen. 2011-02-09 09:01:18 -05:00
Sven Vermeulen 57835f4453 LVM uses systemwide semaphores for activities such as vgchange -ay 
The LVM subsystem uses system-wide semaphores for various activities.

Although the system boots properly without these (apart from the AVC denials
of course), I would assume that they are here to ensure no corruption of any
kind happens in case of concurrent execution / race conditions.

As such, I rather enable it explicitly in the security policy.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-02-09 09:00:12 -05:00
Justin P. Mattock dd74a2f442 policy/modules/system/lvm.te Typo change directores to directories, and also clean up a comment. 
The below patch changes a typo "directores" to "directories", and also
fixes a comment to sound more proper.

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
 2011-02-01 09:09:26 -05:00
Chris PeBenito bca0cdb86e Remove duplicate/redundant rules, from Russell Coker. 2010-07-07 08:41:20 -04:00
Chris PeBenito 48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito 29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito dccbb80cb0 Whitespace cleanup. 2009-11-24 11:11:38 -05:00
Chris PeBenito bd34ef71df LVM patch from Dan Walsh. 2009-11-24 09:19:45 -05:00
Chris PeBenito 9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00