Commit Graph

234 Commits

Author SHA1 Message Date
Chris PeBenito dc0ab0f0c3 changelog for previous commit 2009-07-20 11:16:22 -04:00
Chris PeBenito 50824a99ca trunk: pads from dan. 2009-06-30 15:03:20 +00:00
Chris PeBenito 267d9c60c5 trunk: varnishd from dan. 2009-06-30 13:49:53 +00:00
Chris PeBenito c017ee17ab trunk: add sssd from dan. 2009-06-22 15:33:21 +00:00
Chris PeBenito c9c0d846de trunk: Greylist milter from Paul Howarth. 2009-06-18 14:36:35 +00:00
Chris PeBenito c7dc1c7222 trunk: Allow unix_update to change the security attributes associate with files so
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
2009-06-18 13:57:26 +00:00
Chris PeBenito df28a0c444 trunk: Misc fixes for unix_update from Brandon Whalen. 2009-06-18 13:36:40 +00:00
Chris PeBenito 95ea7d6986 trunk: Add x_device permissions for XI2 functions, from Eamon Walsh. 2009-06-18 13:07:23 +00:00
Chris PeBenito 16fd1fd814 trunk: MLS constraints for the x_selection class, from Eamon Walsh. 2009-06-05 13:36:19 +00:00
Chris PeBenito cca4a215fe trunk: add gpsd from miroslav grepl 2009-06-02 14:28:40 +00:00
Chris PeBenito 350ed89156 se-postgresql update from kaigai
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
    db_database:{getattr}
    db_table:{getattr lock}
    db_column:{getattr}
    db_procedure:{drop getattr setattr}
    db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
  impossible to refer read-only table with foreign-key constraint.
  (FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
  on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
  It should allow them on sepgsql_trusted_proc_exec_t.
  I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
  such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
  sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
  procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
  but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
Chris PeBenito da3ed0667f trunk: lircd from miroslav grepl 2009-05-06 15:09:46 +00:00
Chris PeBenito 3392356f36 trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
Chris PeBenito 0cf1d56018 trunk: Milter state directory patch from Paul Howarth. 2009-04-21 20:40:45 +00:00
Chris PeBenito a5ef553c2d trunk: 5 modules from dan. 2009-04-20 19:03:15 +00:00
Chris PeBenito 153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito 42d567c3f4 trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
Chris PeBenito 3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito e1a70f1dde trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls.  Based on
the following post to the SELinux Reference Policy mailing list:

 * http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito 156204a385 trunk: Drop write permission from fs_read_rpc_sockets(). 2009-02-24 20:00:15 +00:00
Chris PeBenito 81fa19ed73 trunk: remove unused udev_runtime_t type. 2009-02-24 19:31:08 +00:00
Chris PeBenito f3fcadfe04 trunk: Patch for RadSec port from Glen Turner. 2009-02-23 13:41:28 +00:00
Chris PeBenito 7722c29e88 trunk: Enable network_peer_controls policy capability from Paul Moore. 2009-02-03 15:45:30 +00:00
Chris PeBenito 805f34ed09 trunk: btrfs from Paul Moore. 2009-01-30 13:44:14 +00:00
Chris PeBenito 466e22a8ba trunk: Add db_procedure install permission from KaiGai Kohei. 2009-01-23 19:49:36 +00:00
Chris PeBenito 019dfaf9dc trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project. 2009-01-15 20:31:06 +00:00
Chris PeBenito 9e7a338509 trunk: su fixes from clip. 2009-01-13 19:44:23 +00:00
Chris PeBenito f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito 347a701119 trunk: Add kernel_service access vectors, from Stephen Smalley. 2009-01-05 21:44:33 +00:00
Chris PeBenito e66a0cad18 trunk: check in version and changelog for release. 2008-12-10 19:49:42 +00:00
Chris PeBenito 3196971ae8 trunk: Fix consistency of audioentropy and iscsi module naming. 2008-12-09 16:47:33 +00:00
Chris PeBenito b3eb124654 trunk: Debian file context fix for xen from Russell Coker. 2008-11-24 15:34:54 +00:00
Chris PeBenito b9e5238a24 trunk: add milter module from Paul Howarth. 2008-11-24 15:06:58 +00:00
Chris PeBenito 7f49194215 trunk: Xserver MLS fix from Eamon Walsh. 2008-11-17 13:49:19 +00:00
Chris PeBenito 99282e6be0 trunk: add omapi port for dhcpcd. 2008-11-12 13:11:00 +00:00
Chris PeBenito 296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito 6e68e6bb5e trunk: Move shared library calls from individual modules to the domain module. 2008-10-17 17:36:56 +00:00
Chris PeBenito 0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito aea3f28e40 trunk: Remove hierarchy from portage module as it is not a good example of hieararchy. 2008-10-15 19:56:33 +00:00
Chris PeBenito b19f862271 trunk: Remove enableaudit target from modular build as semodule -DB supplants it. 2008-10-15 14:30:14 +00:00
Chris PeBenito 40db860272 trunk: version bits for the release. 2008-10-14 17:38:03 +00:00
Chris PeBenito 967fd1ba3f trunk: 8 patches from dan. 2008-10-08 20:03:24 +00:00
Chris PeBenito 73edbc9101 trunk: add oident from dominick grift. 2008-10-06 14:01:59 +00:00
Chris PeBenito 52ceaaac6e trunk: Debian update for NetworkManager/wpa_supplicant from Martin Orr. 2008-09-11 14:02:53 +00:00
Chris PeBenito a71e136cc3 trunk: add cyphesis from dan. 2008-09-03 14:46:10 +00:00
Chris PeBenito e40fa634b2 trunk: Logrotate and Bind updates from Vaclav Ovsik. 2008-09-03 14:12:56 +00:00
Chris PeBenito 6cc3f35635 trunk: first part of init script labeling support. 2008-08-29 19:00:02 +00:00
Chris PeBenito 32f8ff393b trunk: add w3c from dan. 2008-08-21 13:52:52 +00:00
Chris PeBenito 9c4500b2f4 trunk: Glibc 2.7 fix from Vaclav Ovsik. 2008-08-12 19:33:18 +00:00