Commit Graph

73 Commits

Author SHA1 Message Date
Chris PeBenito d174521a64 Bump module versions for release. 2013-04-24 16:14:52 -04:00
Chris PeBenito be2e70be8d Module version bump for fixes from Dominick Grift. 2013-01-03 10:53:34 -05:00
Dominick Grift 79e1e4efb9 NSCD related changes in various policy modules
Use nscd_use instead of nscd_socket_use. This conditionally allows
nscd_shm_use

Remove the nscd_socket_use from ssh_keygen since it was redundant
already allowed by auth_use_nsswitch

Had to make some ssh_keysign_t rules unconditional else
nscd_use(ssh_keysign_t) would not build (nested booleans) but that does
not matter, the only actual domain transition to ssh_keysign_t is
conditional so the other unconditional ssh_keygen_t rules are
conditional in practice

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-01-03 10:43:10 -05:00
Chris PeBenito 79f71729e3 Module version bump from Debian changes from Laurent Bigonville. 2012-12-07 00:46:27 -05:00
Chris PeBenito 3516535aa6 Bump module versions for release. 2012-07-25 14:33:06 -04:00
Chris PeBenito 2728d43634 Module version bump, changelog, pull contrib 2012-07-10 08:58:37 -04:00
Chris PeBenito b35c647481 nss_domain attribute patch 3, Miroslav Grepl 2012-07-10 08:43:38 -04:00
Chris PeBenito 330b13a4a2 nss_domain attribute patch 1, Miroslav Grepl 2012-07-10 08:43:31 -04:00
Chris PeBenito b72101a116 Module version bump and changelog for non-auth file attribute to eliminate set expressions, from James Carter. 2012-05-04 09:14:00 -04:00
James Carter 709fd365b8 Create non_auth_file_type attribute and interfaces
Reduce the binary policy size by eliminating some set expressions
related to file accesses and make Repolicy easier to convert into CIL.
- Moved the auth_file_type attribute.
- Created a new type attribute called non_auth_file_type.
- Created new interfaces to allow file accesses on non_auth_file_type
files.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2012-05-04 08:47:37 -04:00
Chris PeBenito aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito a29c7b86e1 Module version bump and Changelog for auth file patches from Matthew Ife. 2011-07-18 13:48:05 -04:00
Matthew Ife 61fb2009ad Create a new attribute for auth_file types. Add shadow as an auth_file type. Add new interfaces to manage auth_file types Deprecate *_except_shadow macros in favour of *_except_auth_files 2011-07-18 13:40:37 -04:00
Chris PeBenito 1bc5de22c0 Start pulling in pieces of Fedora policy in system layer. 2011-03-31 13:29:59 -04:00
Chris PeBenito 219e9a4f9a Module version bump for authlogin patch from Guido Trentalancia. 2011-02-28 09:22:55 -05:00
Chris PeBenito 9262d3c958 Whitespace fixes in authlogin. 2011-02-28 09:22:26 -05:00
Guido Trentalancia baa87c9324 patch to add needed permissions to the authlogin module
This patch adds some needed permissions to the chkpwd_t domain
in policy/modules/system/authlogin.te.
2011-02-28 09:17:05 -05:00
Dominick Grift 8340621920 Implement miscfiles_cert_type().
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.

Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-10 11:05:46 -04:00
Chris PeBenito 48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito 29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito 153ed8751a Authlogin patch from Dan Walsh. 2010-03-18 08:59:25 -04:00
Chris PeBenito 827060cb04 Style fixes and module version bumps for 38fc1bd. 2010-03-17 09:28:18 -04:00
Chris PeBenito 42f1b11482 Module version bump for 03dd57f. 2010-03-01 13:34:10 -05:00
Chris PeBenito aadcb968f9 Move netlink route sockets from nsswitch to DNS name resolve. 2010-02-17 20:28:59 -05:00
Chris PeBenito c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito 9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito 2acba7bbdb fix ordering of interface calls in authlogin. 2009-08-05 09:51:47 -04:00
Chris PeBenito 3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito df28a0c444 trunk: Misc fixes for unix_update from Brandon Whalen. 2009-06-18 13:36:40 +00:00
Chris PeBenito 30425aa876 trunk: 1 patch from dan. 2009-06-12 15:30:15 +00:00
Chris PeBenito 296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito 932c3536f8 trunk: additional open fixes. 2008-11-04 14:37:05 +00:00
Chris PeBenito 2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito 0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito cfcf5004e5 trunk: bump versions for release. 2008-07-02 14:07:57 +00:00
Chris PeBenito e9c6cda7da trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
Chris PeBenito 0a14f3ae09 trunk: bump module version numbers for release. 2008-04-02 16:04:43 +00:00
Chris PeBenito 9fa023ff58 trunk: Pam and samba updates from Stefan Schulze Frielinghaus. 2008-02-19 19:33:48 +00:00
Chris PeBenito 12cf805e1c trunk: add basic ubuntu support 2008-02-05 18:24:43 +00:00
Chris PeBenito 7cbfeb97cf trunk: uncomment set loginuid for functional login programs under strict. 2008-01-03 18:30:45 +00:00
Chris PeBenito f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito 02d968c581 trunk: several fc updates from dan. 2007-12-12 15:55:21 +00:00
Chris PeBenito 09e21686ea trunk: another round of nsswitch from dan. 2007-12-06 16:04:14 +00:00
Chris PeBenito 7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito 12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito 350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito 3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito f8233ab7b0 trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. 2007-08-20 18:26:08 +00:00
Chris PeBenito d46cfe45cd trunk: add application module 2007-07-19 18:57:48 +00:00
Chris PeBenito 116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00