Commit Graph

39 Commits

Author SHA1 Message Date
Chris PeBenito 09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito 7722c29e88 trunk: Enable network_peer_controls policy capability from Paul Moore. 2009-02-03 15:45:30 +00:00
Chris PeBenito c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito 668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito ff8f0a63f4 trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
Chris PeBenito cfcf5004e5 trunk: bump versions for release. 2008-07-02 14:07:57 +00:00
Chris PeBenito c54eb87d43 trunk: two small updates from dan. 2008-06-18 13:15:25 +00:00
Chris PeBenito e8cb08aefa trunk: add sepostgresql policy from kaigai kohei. 2008-06-10 15:33:18 +00:00
Chris PeBenito 67b6207a9e trunk: trivial kernel patch from dan. 2008-06-07 13:53:29 +00:00
Chris PeBenito 308baad28c trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore. 2008-05-26 18:38:06 +00:00
Chris PeBenito 4416c416fa trunk: Module loading now requires setsched on kernel threads. 2008-05-22 18:39:03 +00:00
Chris PeBenito 8152a78836 trunk: 7 patches from dan. 2008-04-04 17:08:34 +00:00
Chris PeBenito f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito 7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito 495df41602 trunk: 11 patches from dan. 2007-10-29 18:35:32 +00:00
Chris PeBenito ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito 12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito 350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito 3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00
Chris PeBenito 2d0c9cecaf trunk: several MLS enhancements. 2007-08-20 15:15:03 +00:00
Chris PeBenito 939a4287b3 trunk: 3 patches from dan 2007-08-07 17:06:32 +00:00
Chris PeBenito 116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito 1900668638 trunk: Unified labeled networking policy from Paul Moore.
The latest revision of the labeled policy patches which enable both labeled 
and unlabeled policy support for NetLabel.  This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access.  The older, transport layer specific interfaces, are still  
present for use by third-party modules but are not used in the default policy
modules.

trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.

This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.
2007-06-27 15:23:21 +00:00
Chris PeBenito 882186c933 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
Chris PeBenito 0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito 8021cb4f63 Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00
Chris PeBenito 93784927ca add kvmfs support, from dan 2007-03-19 18:48:14 +00:00
Chris PeBenito 6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito 42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito ed38ca9f3d fixes from gentoo strict testing:
- Allow semanage to read from /root on strict non-MLS for
  local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
  on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito 130f8a4aa5 merge netlabel stuff from labeled-networking branch 2006-10-17 16:58:17 +00:00
Chris PeBenito 3c3c0439f6 patch from russell, Thu, 5 Oct 2006 22:44:49 +1000
Allow unconfined processes to see unlabeled processes in ps.

Removed a redundant rule in samba.te

Removed support for the pre-Fedora Red Hat code to create sym-links in /boot.

Removed support for devpts_t files in /tmp (there is no way that would ever 
work).

Allowed postgrey to create socket files.

Made the specs for the /lib and /lib64 directories better support stem 
compression.
2006-10-05 19:57:37 +00:00
Chris PeBenito e070dd2df0 - Move range transitions to modules.
- Make number of MLS sensitivities, and number of MLS and MCS
  categories configurable as build options.
2006-10-04 17:25:34 +00:00
Chris PeBenito bf469d7669 gentoo testing fixes 2006-09-19 17:02:29 +00:00
Chris PeBenito a5e2133bc8 patch from dan Wed, 23 Aug 2006 14:03:49 -0400 2006-08-29 02:41:00 +00:00
Chris PeBenito 33c7e6b4e8 remove dead selopt rules 2006-08-15 20:00:58 +00:00
Chris PeBenito 17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00