RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,874 Commits 3 Branches 49 Tags 19 MiB
Commit Graph

114 Commits

Author SHA1 Message Date
Chris PeBenito 65e8f758ca Bump module versions for release. 2018-07-01 11:02:33 -04:00
Chris PeBenito e75bcdead0 Module version bumps for patches from James Carter. 2018-04-12 18:49:46 -04:00
Chris PeBenito 03e2f1a809 Simple map patch from Russell Coker. 2018-02-15 17:10:34 -05:00
Chris PeBenito 4d5b06428b Bump module versions for release. 2018-01-14 14:08:09 -05:00
Chris PeBenito 5a73eaf64e files, userdomain: Module version bump. 2017-11-01 19:03:30 -04:00
Chris PeBenito d2e201495a files, netutils: Module version bump. 2017-10-25 17:21:31 -04:00
Chris PeBenito 1b405f4a90 files, init, sysnetwork, systemd: Module version bumps. 2017-10-12 18:48:29 -04:00
Chris PeBenito 2ce0d06bbc Module version bumps. 2017-09-13 18:58:07 -04:00
Chris PeBenito 095ad7923a Several module version bumps. 2017-09-11 20:34:13 -04:00
Chris PeBenito 495e2c203b Remove complement and wildcard in allow rules. 
Remove complement (~) and wildcard (*) in allow rules so that there are no
unintentional additions when new permissions are declared.

This patch does not add or remove permissions from any rules.
 2017-08-13 16:21:44 -04:00
Chris PeBenito aa0eecf3e3 Bump module versions for release. 2017-08-05 12:59:42 -04:00
Chris PeBenito 8902f93b9a Module version bump for systemd fix from Krzysztof Nowicki. 2017-05-15 18:48:51 -04:00
Chris PeBenito 8527b86621 Further strict systemd fixes from Russell Coker. 2017-04-20 20:00:34 -04:00
Chris PeBenito 73d8b3026c Systemd-related changes from Russell Coker. 2017-04-06 17:37:50 -04:00
Chris PeBenito b690079a93 Misc fc changes from Russell Coker. 2017-04-06 17:00:28 -04:00
Chris PeBenito 2cd92db5cd systemd-nspawn again 
This patch doesn't do everything that is needed to have systemd-nspawn work.
But it does everything that is needed and which I have written in a clear and
uncontroversial way.  I think it's best to get this upstream now and then
either have a separate discussion about the more difficult issues, or wait
until I devise a way of solving those problems that's not too hacky.

Who knows, maybe someone else will devise a brilliant solution to the remaining
issues after this is accepted upstream.

Also there's a tiny patch for systemd_machined_t that is required by
systemd_nspawn_t.

Description: systemd-nspawn
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-03-29
 2017-04-01 12:08:42 -04:00
Chris PeBenito 160d08f3ae systemd-resolvd, sessions, and tmpfiles take2 
I believe that I have addressed all the issues Chris raised, so here's a newer
version of the patch which applies to today's git version.

Description: systemd-resolved, sessions, and tmpfiles patches
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-03-26
 2017-03-28 18:51:35 -04:00
Chris PeBenito 5e20a0ee5b /var/run -> /run again 
Here's the latest version of my patch to remove all /var/run when it's not
needed.  I have removed the subst thing from the patch, but kept a
distro_debian bit that relies on it.  So with this patch the policy won't
install if you build it with distro_debian unless you have my subst patch.
Chris, if your automated tests require that it build and install with
distro_debian then skip the patch for sysnetwork.fc.

From Russell Coker
 2017-03-25 12:56:03 -04:00
Chris PeBenito 2087bde934 Systemd fixes from Russell Coker. 2017-02-23 20:03:23 -05:00
Chris PeBenito 3726cd58f6 Module version bump for changes from cgzones. 2017-02-18 12:28:38 -05:00
Chris PeBenito cb35cd587f Little misc patches from Russell Coker. 2017-02-18 09:39:01 -05:00
Chris PeBenito e9b2a7943c Module version bump for bootloader patch revert. Plus compat alias. 2017-02-11 14:51:21 -05:00
Chris PeBenito 2e7553db63 Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
Chris PeBenito 69ede859e8 Bump module versions for release. 2017-02-04 13:30:53 -05:00
Chris PeBenito 0fe21742cd Module version bumps for patches from cgzones. 2017-01-09 20:34:15 -05:00
Chris PeBenito 67c435f1fc Module version bump for fc updates from Nicolas Iooss. 2016-12-28 14:38:05 -05:00
Chris PeBenito 19c3addb99 Module version bump for patches from Guido Trentalancia. 2016-12-27 10:51:56 -05:00
Chris PeBenito f850ec37df Module version bumps for /run fc changes from cgzones. 2016-12-22 15:54:46 -05:00
Chris PeBenito 34055cae87 Bump module versions for release. 2016-10-23 16:58:59 -04:00
Chris PeBenito c720d99e30 Module version bump for module_load perm use from Guido Trentalancia. 2016-08-29 20:29:46 -04:00
Chris PeBenito 464c5df247 Reduce broad entrypoints for unconfined domains. 
Entrypoints into unconfined domains, like with confined domains, should be
tightly controlled to make arbitrary code execution more difficult.
 2016-03-22 15:43:30 -04:00
Chris PeBenito c23353bcd8 Bump module versions for release. 2015-12-08 09:53:02 -05:00
Chris PeBenito 17694adc7b Module version bump for systemd additions. 2015-10-23 14:53:14 -04:00
Chris PeBenito 468185f5f7 Bump module versions for release. 2014-12-03 13:37:38 -05:00
Chris PeBenito 1743984baf Module version bump for misc fixes from Nicolas Iooss. 2014-08-26 09:14:44 -04:00
Chris PeBenito b2b750279a Module version bump for firstboot_rw_t alias removal. 2014-06-09 08:23:24 -04:00
Chris PeBenito fb51415d42 Remove firstboot_rw_t as FC5 has been gone for a long time. 2014-06-09 08:22:52 -04:00
Elia Pinto a55da23db2 Fix misspelling 
Fix misspelling using  http://github.com/lyda/misspell-check

Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
 2014-06-09 08:21:45 -04:00
Chris PeBenito 10ff4d0fa3 Bump module versions for release. 2014-03-11 08:16:57 -04:00
Chris PeBenito dd0df56c26 Module version bump for files_dontaudit_list_var() interface from Luis Ressel. 2014-02-08 09:04:18 -05:00
Chris PeBenito d66aeb8436 Merge file_t into unlabeled_t, as they are security equivalent. 2014-01-16 11:19:00 -05:00
Chris PeBenito 57f00181ee Module version bump for mount updates from Dominick Grift. 2013-09-27 16:54:54 -04:00
Chris PeBenito d174521a64 Bump module versions for release. 2013-04-24 16:14:52 -04:00
Chris PeBenito fd569471c3 Module version bump for Debian updates from Laurent Bigonville. 2013-01-23 07:23:52 -05:00
Laurent Bigonville ef854630b4 Label var_lock_t as a mountpoint 
In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs
mount.
 2013-01-23 07:10:13 -05:00
Chris PeBenito b2cf9398df Module version bump for Gentoo openrc fixes for /run from Sven Vermeulen. 2012-10-31 11:49:56 -04:00
Chris PeBenito 104456aa17 Module version bump for interfaces used by virt from Dominick Grift. 2012-10-30 14:17:25 -04:00
Chris PeBenito d7f7136953 Module version bump for cachefiles core support. 2012-10-04 08:25:19 -04:00
Chris PeBenito 4a865b3830 Module version bump for lost+found labeling in /var/log from Guido Trentalancia. 2012-08-29 10:49:23 -04:00
Chris PeBenito 2b70efd2f6 Module version bump for fc substitutions optimizations from Sven Vermeulen. 2012-08-15 11:00:55 -04:00