RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-02-02 21:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,206 Commits 3 Branches 49 Tags 21 MiB
d1f92dae04
Commit Graph

409 Commits

Author SHA1 Message Date
Chris PeBenito
e3a90e358a add abrt from dan. 2009-09-14 09:22:24 -04:00
Chris PeBenito
81bca10b28 nslcd policy from dan. 2009-09-08 10:31:19 -04:00
Chris PeBenito
dbed95369c add gitosis from miroslav grepl. 2009-09-03 09:52:08 -04:00
Chris PeBenito
625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito
71965a1fc5 add kdump from dan. 2009-09-02 08:33:25 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template 
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
 2009-08-28 13:29:36 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr. 
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
 2009-08-18 09:49:31 -04:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t. 
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
 2009-08-17 13:19:26 -04:00
Chris PeBenito
4254cec711 Add missing x_device rules for XI2 functions, from Eamon Walsh. 
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy.  You can now create one or more
> "master devices" (mouse cursor and keyboard focus).  The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device.  Create/destroy controls the ability to create new master
> devices.
 2009-08-14 13:18:16 -04:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain. 
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
 2009-08-12 14:15:39 -04:00
Chris PeBenito
0f5e26b620 Add btrfs and ext4 to labeling targets. 2009-08-11 09:01:58 -04:00
Chris PeBenito
90286f4292 Fix infrastructure to expand macros in initrc_context when installing. 
The initrc_context file uses the mls_systemhigh macro and needs to be properly
expanded based on the build.conf settings.  Add makefile support to do this.
 2009-08-10 14:00:34 -04:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types. 
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
 2009-08-05 11:17:53 -04:00
Chris PeBenito
915dfa68b6 release 2.20090730 2009-07-30 14:35:47 -04:00
Chris PeBenito
64c7061e1a changelog entry for the previous gentoo fixes 2009-07-30 10:41:17 -04:00
Chris PeBenito
20c3ccee1a add fprintd module from dan. 2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea add devicekit module from dan. 2009-07-29 10:02:06 -04:00
Chris PeBenito
c7ae9ae1c8 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-07-28 08:00:03 -04:00
Chris PeBenito
5f6c30f8bd wm policy from dan 2009-07-27 15:11:22 -04:00
Chris PeBenito
f4962ab15b add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
dc0ab0f0c3 changelog for previous commit 2009-07-20 11:16:22 -04:00
Chris PeBenito
50824a99ca trunk: pads from dan. 2009-06-30 15:03:20 +00:00
Chris PeBenito
267d9c60c5 trunk: varnishd from dan. 2009-06-30 13:49:53 +00:00
Chris PeBenito
c017ee17ab trunk: add sssd from dan. 2009-06-22 15:33:21 +00:00
Chris PeBenito
c9c0d846de trunk: Greylist milter from Paul Howarth. 2009-06-18 14:36:35 +00:00
Chris PeBenito
c7dc1c7222 trunk: Allow unix_update to change the security attributes associate with files so 
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
 2009-06-18 13:57:26 +00:00
Chris PeBenito
df28a0c444 trunk: Misc fixes for unix_update from Brandon Whalen. 2009-06-18 13:36:40 +00:00
Chris PeBenito
95ea7d6986 trunk: Add x_device permissions for XI2 functions, from Eamon Walsh. 2009-06-18 13:07:23 +00:00
Chris PeBenito
16fd1fd814 trunk: MLS constraints for the x_selection class, from Eamon Walsh. 2009-06-05 13:36:19 +00:00
Chris PeBenito
cca4a215fe trunk: add gpsd from miroslav grepl 2009-06-02 14:28:40 +00:00
Chris PeBenito
350ed89156 se-postgresql update from kaigai 
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
    db_database:{getattr}
    db_table:{getattr lock}
    db_column:{getattr}
    db_procedure:{drop getattr setattr}
    db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
  impossible to refer read-only table with foreign-key constraint.
  (FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
  on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
  It should allow them on sepgsql_trusted_proc_exec_t.
  I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
  such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
  sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
  procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
  but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
 2009-05-07 12:35:32 +00:00
Chris PeBenito
da3ed0667f trunk: lircd from miroslav grepl 2009-05-06 15:09:46 +00:00
Chris PeBenito
3392356f36 trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
Chris PeBenito
0cf1d56018 trunk: Milter state directory patch from Paul Howarth. 2009-04-21 20:40:45 +00:00
Chris PeBenito
a5ef553c2d trunk: 5 modules from dan. 2009-04-20 19:03:15 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
42d567c3f4 trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
e1a70f1dde trunk: add MLS constrains for ingress/egress permissions from Paul Moore. 
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls.  Based on
the following post to the SELinux Reference Policy mailing list:

 * http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
 2009-03-02 15:16:49 +00:00
Chris PeBenito
156204a385 trunk: Drop write permission from fs_read_rpc_sockets(). 2009-02-24 20:00:15 +00:00
Chris PeBenito
81fa19ed73 trunk: remove unused udev_runtime_t type. 2009-02-24 19:31:08 +00:00
Chris PeBenito
f3fcadfe04 trunk: Patch for RadSec port from Glen Turner. 2009-02-23 13:41:28 +00:00
Chris PeBenito
7722c29e88 trunk: Enable network_peer_controls policy capability from Paul Moore. 2009-02-03 15:45:30 +00:00
Chris PeBenito
805f34ed09 trunk: btrfs from Paul Moore. 2009-01-30 13:44:14 +00:00
Chris PeBenito
466e22a8ba trunk: Add db_procedure install permission from KaiGai Kohei. 2009-01-23 19:49:36 +00:00
Chris PeBenito
019dfaf9dc trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project. 2009-01-15 20:31:06 +00:00
Chris PeBenito
9e7a338509 trunk: su fixes from clip. 2009-01-13 19:44:23 +00:00
Chris PeBenito
f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
347a701119 trunk: Add kernel_service access vectors, from Stephen Smalley. 2009-01-05 21:44:33 +00:00
Chris PeBenito
e66a0cad18 trunk: check in version and changelog for release. 2008-12-10 19:49:42 +00:00
Chris PeBenito
3196971ae8 trunk: Fix consistency of audioentropy and iscsi module naming. 2008-12-09 16:47:33 +00:00
Chris PeBenito
b3eb124654 trunk: Debian file context fix for xen from Russell Coker. 2008-11-24 15:34:54 +00:00
Chris PeBenito
b9e5238a24 trunk: add milter module from Paul Howarth. 2008-11-24 15:06:58 +00:00
Chris PeBenito
7f49194215 trunk: Xserver MLS fix from Eamon Walsh. 2008-11-17 13:49:19 +00:00
Chris PeBenito
99282e6be0 trunk: add omapi port for dhcpcd. 2008-11-12 13:11:00 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
6e68e6bb5e trunk: Move shared library calls from individual modules to the domain module. 2008-10-17 17:36:56 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40 trunk: Remove hierarchy from portage module as it is not a good example of hieararchy. 2008-10-15 19:56:33 +00:00
Chris PeBenito
b19f862271 trunk: Remove enableaudit target from modular build as semodule -DB supplants it. 2008-10-15 14:30:14 +00:00
Chris PeBenito
40db860272 trunk: version bits for the release. 2008-10-14 17:38:03 +00:00
Chris PeBenito
967fd1ba3f trunk: 8 patches from dan. 2008-10-08 20:03:24 +00:00
Chris PeBenito
73edbc9101 trunk: add oident from dominick grift. 2008-10-06 14:01:59 +00:00
Chris PeBenito
52ceaaac6e trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr. 2008-09-11 14:02:53 +00:00
Chris PeBenito
a71e136cc3 trunk: add cyphesis from dan. 2008-09-03 14:46:10 +00:00
Chris PeBenito
e40fa634b2 trunk: Logrotate and Bind updates from Vaclav Ovsik. 2008-09-03 14:12:56 +00:00
Chris PeBenito
6cc3f35635 trunk: first part of init script labeling support. 2008-08-29 19:00:02 +00:00
Chris PeBenito
32f8ff393b trunk: add w3c from dan. 2008-08-21 13:52:52 +00:00
Chris PeBenito
9c4500b2f4 trunk: Glibc 2.7 fix from Vaclav Ovsik. 2008-08-12 19:33:18 +00:00
Chris PeBenito
8a948caf2b trunk: 11 more cherry picks from fedora policy, by david hardeman. 2008-08-07 14:17:50 +00:00
Chris PeBenito
b81bfc2651 trunk: Samba/winbind update from Mike Edenfield. 2008-08-05 12:54:11 +00:00
Chris PeBenito
3338f231d5 trunk: Policy size optimization with a non-security file attribute from James Carter. 2008-07-31 14:05:46 +00:00
Chris PeBenito
dc1920b218 trunk: Database labeled networking update from KaiGai Kohei. 2008-07-25 04:07:09 +00:00
Chris PeBenito
6224fc1485 trunk: 7 patches from Fedora policy, cherry picked by david hrdeman. 2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8 trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
Chris PeBenito
2b592aa495 trunk: pam_mount fix for local login from Stefan Schulze Frielinghaus 2008-07-18 13:25:31 +00:00
Chris PeBenito
4459a7c086 trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage. 2008-07-15 15:33:51 +00:00
Chris PeBenito
e64c38c7a4 trunk: VERSION and Changelog update for release. 2008-07-02 15:39:31 +00:00
Chris PeBenito
e311e23a44 trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide. 2008-07-01 13:57:53 +00:00
Chris PeBenito
c5cfd2d405 trunk: Add unused interface/template parameter metadata in XML. 2008-06-24 14:23:40 +00:00
Chris PeBenito
8c6292b7a4 trunk: Patch to handle postfix data_directory from Vaclav Ovsik. 2008-06-24 13:21:35 +00:00
Chris PeBenito
131634a581 trunk: podsleuth and hal updates from dan. 2008-06-17 14:07:44 +00:00
Chris PeBenito
eb4216397c trunk: add qemu and virt from dan. 2008-06-16 18:59:07 +00:00
Chris PeBenito
e8cb08aefa trunk: add sepostgresql policy from kaigai kohei. 2008-06-10 15:33:18 +00:00
Chris PeBenito
ef55a11980 trunk: Patch for X.org dbus support from Martin Orr. 2008-06-07 13:31:48 +00:00
Chris PeBenito
cdbd09f65e trunk: add prelude from dan. 2008-06-06 03:13:42 +00:00
Chris PeBenito
308baad28c trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore. 2008-05-26 18:38:06 +00:00
Chris PeBenito
782c10e949 trunk: add kerneloops from dan. 2008-05-26 17:47:49 +00:00
Chris PeBenito
ff79b83c51 trunk: add kismet from dan. 2008-05-26 15:35:25 +00:00
Chris PeBenito
4416c416fa trunk: Module loading now requires setsched on kernel threads. 2008-05-22 18:39:03 +00:00
Chris PeBenito
a42ce93a4d trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik. 2008-05-12 20:05:32 +00:00
Chris PeBenito
d923d54c08 trunk: X application data class from Eamon Walsh and Ted Toth. 2008-05-06 14:37:05 +00:00
Chris PeBenito
e9c6cda7da trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
Chris PeBenito
7e11b74087 trunk: make hald_log_t a log file. 2008-04-18 16:04:15 +00:00
Chris PeBenito
2083db2e40 trunk: Cryptsetup runs shell scripts. Patch from Martin Orr. 2008-04-18 15:32:03 +00:00
Chris PeBenito
c07f9ccd18 trunk: Add file for enabling policy capabilities. 2008-04-18 14:21:01 +00:00
Chris PeBenito
75da4b8ad3 trunk: Patch to fix leaky interface/template call depth calculator from Vaclav Ovsik. 2008-04-18 12:57:01 +00:00
Chris PeBenito
c565b44f9c trunk: release 2008-04-02 18:44:07 +00:00
Chris PeBenito
2c12b471ad trunk: add core xselinux support. 2008-04-01 20:23:23 +00:00
Chris PeBenito
9377a3e59c trunk: fix winbind socket connection interface for default location of the sock_file. 2008-03-21 14:18:13 +00:00
Chris PeBenito
6e2123fc72 trunk: add wireshark. 2008-03-14 15:26:52 +00:00
Chris PeBenito
47333d8246 trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too. 2008-03-10 19:29:47 +00:00
Chris PeBenito
e276d50e21 trunk: Add iferror.m4 rather generate it out of the Makefiles. 2008-03-06 20:17:46 +00:00
Chris PeBenito
210607be61 trunk: Definitions for open permisson on file and similar objects from Eric Paris. 2008-03-04 20:19:29 +00:00
Chris PeBenito
e065ac8ab5 trunk: Apt updates for ptys and logs, from Martin Orr. 2008-03-04 19:48:58 +00:00
Chris PeBenito
01e8ff4ab3 trunk: rpc update from Vaclav Ovsik. 2008-03-04 19:14:08 +00:00
Chris PeBenito
d57a094347 trunk: Exim updates on Debian from Devin Carrawy. 2008-03-04 18:25:13 +00:00
Chris PeBenito
9fa023ff58 trunk: Pam and samba updates from Stefan Schulze Frielinghaus. 2008-02-19 19:33:48 +00:00
Chris PeBenito
45b56b01e8 trunk: Backup update on Debian from Vaclav Ovsik. 2008-02-19 14:26:59 +00:00
Chris PeBenito
51223bfc56 trunk: Cracklib update on Deban from Vaclav Ovsik. 2008-02-19 14:06:11 +00:00
Chris PeBenito
037fc0f4e6 trunk: label /proc/kallsyms with system_map_t. 2008-02-15 19:59:10 +00:00
Chris PeBenito
8b9ffed517 trunk: add capability2 class, from Stephen Smalley. 2008-02-07 17:51:59 +00:00
Chris PeBenito
f3da31d339 trunk: Labeled networking peer object class updates. 2008-01-03 16:20:01 +00:00
Chris PeBenito
cde477c7e5 trunk: package versioning for release. 2007-12-14 18:49:30 +00:00
Chris PeBenito
1abafe3707 trunk: Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. 2007-12-12 16:18:50 +00:00
Chris PeBenito
dd9e1de35e trunk: Improve several tunables descriptions from Dan Walsh. 2007-12-07 15:44:53 +00:00
Chris PeBenito
c0cf6e0a6e trunk: clean up nsswitch usage, from dan. 2007-12-04 15:05:55 +00:00
Chris PeBenito
0b6acad1bb trunk: More complete labeled networking infrastructure from KaiGai Kohei. 2007-11-26 16:44:57 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
847937da7d trunk: Patch to restructure user role templates to create restricted user roles from Dan Walsh. 2007-11-13 19:31:43 +00:00
Chris PeBenito
4605adcba7 trunk: add postfixpolicyd from Jan-Frode Myklebust. 2007-11-07 20:17:44 +00:00
Chris PeBenito
164772b537 trunk: Russian man page translations from Andrey Markelov. 2007-10-29 18:45:24 +00:00
Chris PeBenito
bd973e3e68 trunk: remove unused types from dbus. 2007-10-26 18:04:38 +00:00
Chris PeBenito
6bf8bf4f5c trunk: add exim from dan. 2007-10-24 15:07:40 +00:00
Chris PeBenito
a334d2918f trunk: add infrastructure for managing user web content. 2007-10-18 19:23:33 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
6c53a10e28 trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. 2007-10-05 18:00:55 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
cb811cda3b trunk: update version and changelog for release. 2007-09-28 15:14:55 +00:00
Chris PeBenito
8acfcbcc2a trunk: Add support for setting the unknown permissions handling. 2007-09-27 13:41:09 +00:00
Chris PeBenito
96fc0a45be trunk: Fix XML building for external reference builds and headers builds. 2007-09-21 15:06:58 +00:00
Chris PeBenito
6f49b490b8 trunk: Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara. 2007-09-17 18:04:35 +00:00
Chris PeBenito
0cf6df55e5 trunk: add awstats from Stefan Schulze Frielinghaus. 2007-09-17 17:25:40 +00:00
Chris PeBenito
8242f5a68d trunk: add bitlbee from devin carraway and add tcpd_wrapped_domain(). 2007-09-17 14:33:40 +00:00
Chris PeBenito
8241b538af trunk: udev update and brctl module from dan. 2007-09-05 17:55:57 +00:00
Chris PeBenito
d62c0881e2 Update MLS constraints from LSPP evaluated policy. 2007-08-24 14:14:29 +00:00
Chris PeBenito
2af7b42a06 trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels. 2007-08-22 20:21:52 +00:00
Chris PeBenito
80d5e02c81 trunk: Files and radvd updates from Stefan Schulze Frielinghaus. 2007-08-21 19:03:34 +00:00
Chris PeBenito
f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito
2d0c9cecaf trunk: several MLS enhancements. 2007-08-20 15:15:03 +00:00
Chris PeBenito
9760cbec2d trunk: Database userspace object manager classes from KaiGai Kohei. 2007-08-09 13:15:07 +00:00
Chris PeBenito
371d11ec04 trunk: add 3rd party interface for apache cgi. 2007-07-26 19:48:40 +00:00
Chris PeBenito
924f3cc2cb trunk: add getserv and shmemserv nscd permissions. 2007-07-24 19:52:18 +00:00
Chris PeBenito
d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito
f80a0e4f25 trunk: Add debian apcupsd binary location, from Stefan Schulze Frielinghaus. 2007-07-02 15:25:46 +00:00
Chris PeBenito
970122ca12 trunk: updated version and changelog for release 2007-06-29 15:30:58 +00:00
Chris PeBenito
113b4fc4a2 Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module. 2007-06-28 17:25:46 +00:00
Chris PeBenito
7b61fe506d trunk: add rpcbind from dan 2007-06-27 16:31:55 +00:00
Chris PeBenito
1900668638 trunk: Unified labeled networking policy from Paul Moore. 
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
 2007-06-27 15:23:21 +00:00
Chris PeBenito
7f089782ae trunk: xen updates from dan 2007-06-21 13:36:05 +00:00
Chris PeBenito
5bf9deb5bb trunk: 3 patches from dan 2007-06-20 19:47:10 +00:00
Chris PeBenito
40df56772f trunk: big samba update from dan 2007-06-19 19:11:35 +00:00
Chris PeBenito
788d88c923 trunk: drop snmpd_etc_t. 2007-06-19 17:39:35 +00:00
Chris PeBenito
6c8aba7b31 trunk: confine sendmail and logrotate on targeted 2007-06-19 17:01:39 +00:00
Chris PeBenito
cb10a2d5bf trunk: Tunable connection to postgresql for users from KaiGai Kohei. 2007-06-19 14:30:06 +00:00
Chris PeBenito
41337aa8b9 Memprotect support patch from Stephen Smalley. 2007-06-19 13:02:26 +00:00
Chris PeBenito
a74d1ad7cd trunk: add amtu from dan 2007-06-12 18:58:36 +00:00
Chris PeBenito
d5b81a81ff trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). 2007-06-12 18:46:14 +00:00
Chris PeBenito
d534d35a7e trunk: 5 patches from dan 2007-06-11 15:01:10 +00:00
Chris PeBenito
762d2cb989 merge restorecon into setfiles 2007-05-11 17:10:43 +00:00
Chris PeBenito
12217cc286 Patch to begin separating out hald helper programs from Dan Walsh. 2007-05-07 17:57:48 +00:00
Chris PeBenito
78f17e6d6c add apcupsd from dan 2007-05-07 14:55:54 +00:00
Chris PeBenito
b129e2001c Fixes for squid, dovecot, and snmp from Dan Walsh. 2007-05-07 13:45:17 +00:00
Chris PeBenito
4967aaa320 Miscellaneous consolekit fixes from Dan Walsh. 2007-05-03 14:15:38 +00:00
Chris PeBenito
ed4b7301fb Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh. 2007-05-03 12:45:28 +00:00
Chris PeBenito
517618f0b4 Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh. 2007-05-02 17:55:03 +00:00
Chris PeBenito
882186c933 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes 
to handle usage from userhelper.
 2007-05-02 17:31:38 +00:00
Chris PeBenito
6a2975706a add rwho from Nalin Dahyabhai 2007-04-30 17:39:01 +00:00
Chris PeBenito
747ab18400 Patch to allow amavis to read spamassassin libraries from Dan Walsh. 2007-04-30 15:19:47 +00:00
Chris PeBenito
f9029fc5b6 Patch to allow slocate to getattr other filesystems and directories on those filesystems from Dan Walsh. 2007-04-30 15:01:19 +00:00
Chris PeBenito
d28e528b0d Fixes for RHEL4 from the CLIP project. 2007-04-27 15:08:15 +00:00
Chris PeBenito
cd16fe6e2c Replace the old lrrd fc entries with correct munin ones. 2007-04-23 17:36:35 +00:00
Chris PeBenito
b4dfdc7d30 Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties. 2007-04-19 14:30:57 +00:00
Chris PeBenito
7a4bd42ea3 Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface. 2007-04-19 14:24:02 +00:00
Chris PeBenito
2733830a27 final release entries for 20070417 2007-04-17 14:20:24 +00:00
Chris PeBenito
97e8156ecb add zabbix from dan 2007-04-11 18:55:44 +00:00
Chris PeBenito
697489040e 5 patches from dan. confine insmod and udev on targeted, misc fc fixes, sasl kerberos use, and samba port fixes 2007-04-11 17:56:03 +00:00
Chris PeBenito
19b2dee3cc confine ldconfig in targeted, from dan 2007-04-10 19:39:22 +00:00
Chris PeBenito
f4e2b1983a man page updates from dan 2007-04-02 13:58:33 +00:00
Chris PeBenito
a26923c32e Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file. 2007-03-28 18:47:45 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single 
module.
- Add support for tunables and booleans local to a module.
 2007-03-26 18:41:45 +00:00
Chris PeBenito
8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito
ab514d6a89 remove disable_trans booleans 2007-03-23 21:01:49 +00:00
Chris PeBenito
e9b0042f35 Output different header sets for kernel and userland from flask headers. 2007-03-23 20:32:23 +00:00
Chris PeBenito
1852cdabce deprecated pax class 2007-03-23 20:21:06 +00:00
Chris PeBenito
d17bab02cc stop adding netfilter contexts, as decided at the developers summit 2007-03-21 19:40:55 +00:00
Chris PeBenito
cd3ee91a4b add fail2ban from dan 2007-03-21 15:51:52 +00:00
Chris PeBenito
a5f5eba459 Add dontaudits for init fds and console to init_daemon_domain(). 2007-03-20 18:47:18 +00:00
Chris PeBenito
4832f0e066 create user gpg keys dir patch from dan 2007-03-19 19:10:43 +00:00
Chris PeBenito
93784927ca add kvmfs support, from dan 2007-03-19 18:48:14 +00:00
Chris PeBenito
c224d91c7b from Dan: 
This is a new policy for the User Switching capability coming in gnome.

consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
 2007-03-19 18:01:15 +00:00
Chris PeBenito
6c20f77e80 patch from Dan for sudo: 
sudo should be able to getattr on all executables not just 
bin_t/sbin_t.  Confined executeables run from sudo need this.

sudo_exec_t needs to be marked as exec_type so prelink will work correctly.

sudo semanage should work
 2007-03-19 16:32:44 +00:00
Chris PeBenito
b50f2ee48d It was just pointed out to me that the raw IP socket class is missing from the 
recvfrom MLS constraint.

Signed-off-by: Paul Moore
 2007-03-09 14:45:19 +00:00
Chris PeBenito
cdc91b9aeb Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh. 2007-03-08 15:14:45 +00:00