0b6acad1bb
trunk: More complete labeled networking infrastructure from KaiGai Kohei.
2007-11-26 16:44:57 +00:00
eeef8dc451
trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs.
2007-11-16 14:58:17 +00:00
2999cea1f2
trunk: remove duplicate specifiction for /usr/lib/devices on debian.
2007-11-14 20:12:44 +00:00
bdccbacdd6
trunk: add labeled networking support to unconfined.
2007-11-14 14:38:45 +00:00
a56055e362
trunk: rearrange the bottom of domain.if and fix domain_ipsec_labels().
2007-11-14 13:40:25 +00:00
847937da7d
trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh.
2007-11-13 19:31:43 +00:00
4605adcba7
trunk: add postfixpolicyd from Jan-Frode Myklebust.
2007-11-07 20:17:44 +00:00
7d4161cdc9
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
495df41602
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
8e2fb69f88
trunk: filesystem patch from dan.
2007-10-24 18:37:26 +00:00
cdf98fedc0
trunk: 10 patches from dan.
2007-10-11 18:12:29 +00:00
ef659a476e
Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros.
2007-10-09 17:29:48 +00:00
6c53a10e28
trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust.
2007-10-05 18:00:55 +00:00
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
8242f5a68d
trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain().
2007-09-17 14:33:40 +00:00
abc89340c4
trunk: two tiny patches from Stefan Schulze Frielinghaus
2007-09-06 19:29:54 +00:00
8241b538af
trunk: udev update and brctl module from dan.
2007-09-05 17:55:57 +00:00
ce2c80f3c6
trunk: make coda nfs_t, ticket #39 .
2007-09-04 13:38:39 +00:00
d62c0881e2
Update MLS constraints from LSPP evaluated policy.
2007-08-24 14:14:29 +00:00
80d5e02c81
trunk: Files and radvd updates from Stefan Schulze Frielinghaus.
2007-08-21 19:03:34 +00:00
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
2d0c9cecaf
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
9760cbec2d
trunk: Database userspace object manager classes from KaiGai Kohei.
2007-08-09 13:15:07 +00:00
3d6e962dfa
trunk: filesystem patch from dan
2007-08-08 20:04:28 +00:00
939a4287b3
trunk: 3 patches from dan
2007-08-07 17:06:32 +00:00
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
1900668638
trunk: Unified labeled networking policy from Paul Moore.
...
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
5bf9deb5bb
trunk: 3 patches from dan
2007-06-20 19:47:10 +00:00
788d88c923
trunk: drop snmpd_etc_t.
2007-06-19 17:39:35 +00:00
41337aa8b9
Memprotect support patch from Stephen Smalley.
2007-06-19 13:02:26 +00:00
262def165a
trunk: version bumps for previous commit.
2007-06-12 13:08:19 +00:00
f7101c5430
trunk: 7 simple patches from dan.
2007-06-12 13:06:13 +00:00
6649aec9d0
trunk: 3 patches from dan
2007-06-11 15:43:37 +00:00
d534d35a7e
trunk: 5 patches from dan
2007-06-11 15:01:10 +00:00
c412be6bef
trunk: remaining pieces for apcupsd module
2007-05-15 15:43:00 +00:00
12217cc286
Patch to begin separating out hald helper programs from Dan Walsh.
2007-05-07 17:57:48 +00:00
b129e2001c
Fixes for squid, dovecot, and snmp from Dan Walsh.
2007-05-07 13:45:17 +00:00
882186c933
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
...
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
6a2975706a
add rwho from Nalin Dahyabhai
2007-04-30 17:39:01 +00:00
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
697489040e
5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes
2007-04-11 17:56:03 +00:00
9af48eef6e
six patches from dan
2007-04-10 13:10:58 +00:00
9e8f65c83e
six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed
2007-03-26 20:47:29 +00:00
8021cb4f63
Merge sbin_t and ls_exec_t into bin_t.
2007-03-23 23:24:59 +00:00
93784927ca
add kvmfs support, from dan
2007-03-19 18:48:14 +00:00
6c20f77e80
patch from Dan for sudo:
...
sudo should be able to getattr on all executables not just
bin_t/sbin_t. Confined executeables run from sudo need this.
sudo_exec_t needs to be marked as exec_type so prelink will work correctly.
sudo semanage should work
2007-03-19 16:32:44 +00:00
ecc98e19e3
patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh.
2007-03-01 15:43:39 +00:00
86d754eed6
Add support for libselinux 2.0.5 init_selinuxmnt() changes.
2007-02-27 17:02:35 +00:00
bbb7cc8927
Patch to start deprecating usercanread attribute from Ryan Bradetich.
2007-02-26 16:13:23 +00:00
f1be09c2b1
make ttys and ptys device nodes
2007-02-20 20:17:07 +00:00
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
bff907113d
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:57:22 +00:00
fa45da0efd
add aide, ccs, and ricci
2006-11-16 20:56:24 +00:00
ed38ca9f3d
fixes from gentoo strict testing:
...
- Allow semanage to read from /root on strict non-MLS for
local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
on clients.
2006-11-13 03:24:07 +00:00
f497b8df50
Christopher J. PeBenito wrote:
...
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
2006-11-01 15:42:22 +00:00
d9845ae92a
patch from dan Tue, 24 Oct 2006 11:00:28 -0400
2006-10-31 21:01:48 +00:00
582438054d
fix up corecommands perm sets, add seutil_manage_config_dirs()
2006-10-27 13:55:35 +00:00
a8671ae5b2
enhanced setransd support from darrel goeddel
2006-10-20 14:44:23 +00:00
a52b4d4f23
bump versions to release numbers
2006-10-18 19:25:27 +00:00
130f8a4aa5
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
aeaae5185e
fix ticket #16
2006-10-16 16:51:57 +00:00
0e5c5442c6
fix term_tty() associations
2006-10-14 23:32:30 +00:00
3c3c0439f6
patch from russell, Thu, 5 Oct 2006 22:44:49 +1000
...
Allow unconfined processes to see unlabeled processes in ps.
Removed a redundant rule in samba.te
Removed support for the pre-Fedora Red Hat code to create sym-links in /boot.
Removed support for devpts_t files in /tmp (there is no way that would ever
work).
Allowed postgrey to create socket files.
Made the specs for the /lib and /lib64 directories better support stem
compression.
2006-10-05 19:57:37 +00:00
e070dd2df0
- Move range transitions to modules.
...
- Make number of MLS sensitivities, and number of MLS and MCS
categories configurable as build options.
2006-10-04 17:25:34 +00:00
f8cfddbb76
fix ticket #15 .
2006-09-29 18:00:21 +00:00
49317e6b49
fix corenetwork so the ifdef enable_mls survives to regular processing.
2006-09-29 17:37:57 +00:00
6c63996d9b
fix build error
2006-09-29 14:24:57 +00:00
e2b84ef79a
patch from dan Mon, 25 Sep 2006 15:46:40 -0400
2006-09-28 14:37:29 +00:00
693d4aedb5
patch from dan Fri, 22 Sep 2006 16:30:34 -0400
2006-09-25 18:53:06 +00:00
8708d9bef2
patch from dan Wed, 20 Sep 2006 12:12:49 -0400
2006-09-22 17:14:35 +00:00
bf469d7669
gentoo testing fixes
2006-09-19 17:02:29 +00:00
cf7af137c0
add mls fd constraints
2006-09-15 19:05:03 +00:00
2cac32a605
fix miscfiles_read_localization()
2006-09-13 18:08:17 +00:00
95b8223eed
cleanups
2006-09-08 17:21:28 +00:00
bbcd3c97dd
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
75beb95014
patch from dan Tue, 05 Sep 2006 17:06:06 -0400
2006-09-06 16:36:23 +00:00
13d7cec671
patch from erich Sat, 02 Sep 2006 03:37:44 +0200
2006-09-04 18:22:12 +00:00
5dbda5558a
patch from dan Fri, 01 Sep 2006 15:45:24 -0400
2006-09-04 15:15:35 +00:00
eac818f040
patch from dan Thu, 31 Aug 2006 15:16:30 -0400
2006-09-01 15:52:05 +00:00
a5e2133bc8
patch from dan Wed, 23 Aug 2006 14:03:49 -0400
2006-08-29 02:41:00 +00:00
ce6bf7cc23
more testing fixes
2006-08-28 02:46:20 +00:00
e539a49638
This patch enables to use xattr on jffs2 filesystem.
...
The jffs2 filesystem is a filesystem for memory technology
devices (MTD), and xattr supporting on jffs2 is neccesary
to use SELinux with a small diskless PDA and so on.
This facility is queued for kernel 2.6.18 now, so I hope
to merge this small patch into the refpolicy repository.
Example of xattr/jffs2: SELinux on OpenZaurus :D
http://www.kaigai.gr.jp/pub/sezaurus.jpg
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
2006-08-25 13:28:57 +00:00
d15dd5a739
more testing fixes
2006-08-23 03:47:39 +00:00
e9b9e45214
testing fixes
2006-08-18 18:20:22 +00:00
33c7e6b4e8
remove dead selopt rules
2006-08-15 20:00:58 +00:00
85476e94d8
fix up mtrr interfaces. missing the file class on a few interfaces, and read and write cannot be split.
2006-08-01 14:43:10 +00:00
46551033aa
patch from dan Wed, 26 Jul 2006 14:42:46 -0400
2006-07-28 15:13:58 +00:00
ea3c1f508a
add helpers for printing warning and error messages
2006-07-25 17:27:00 +00:00
8b9ebd3769
some cleanup in the kernel layer
2006-07-25 15:23:13 +00:00
19ebf01d6a
patch to fix escaping of . in file contexts from james athey
2006-07-24 15:43:57 +00:00
d822675850
add access to keys for unconfined
2006-07-14 13:11:42 +00:00
133000c286
remove setbool auditallow, except for distro_rhel4.
2006-07-13 14:22:21 +00:00
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00
Chris PeBenito
