Kenton Groombridge
edd4ba6f32
Various fixes
...
Allow dovecot to watch the mail spool, and add various dontaudit rules
for several other domains.
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-02-02 10:52:59 -05:00
Chris PeBenito
072c0a9458
userdomain, gpg: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-29 08:35:12 -05:00
Chris PeBenito
2d51dad467
Merge pull request #344 from dsugar100/master
2021-01-29 08:34:49 -05:00
Chris PeBenito
0ce90920ad
Merge pull request #343 from 0xC0ncord/bugfix/systemd_system_custom_unit_fc
...
init: label systemd units in /etc
2021-01-29 08:25:43 -05:00
Dave Sugar
09bd4af708
Work with xdg module disabled
...
These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block
Signed-off-by: Dave Sugar <dsugar@tresys.com>
2021-01-28 18:13:33 -05:00
Kenton Groombridge
38a7334fa7
init: label systemd units in /etc
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-28 16:00:05 -05:00
Chris PeBenito
3d8e755d85
pacemaker: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 15:28:06 -05:00
Chris PeBenito
9a40ead091
Merge pull request #341 from dsugar100/master
2021-01-28 15:27:53 -05:00
Chris PeBenito
bc746ff391
sudo, spamassassin: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 15:27:03 -05:00
Chris PeBenito
2e6d7b8cb9
Merge pull request #339 from 0xC0ncord/feature/sudodomain_http_connect_boolean
2021-01-28 15:24:38 -05:00
Chris PeBenito
733e8519cc
Merge pull request #336 from 0xC0ncord/feature/rspamd_extra_rules
2021-01-28 15:24:34 -05:00
Dave Sugar
f6987e9d82
pcs_snmpd_agent_t fix denials to allow it to read needed queues
...
Jan 27 18:16:51 audispd: node=virtual type=AVC msg=audit(1611771411.553:9337): avc: denied { search } for pid=13880 comm="cibadmin" name="qb-6671-13880-13-bRhDEX" dev="tmpfs" ino=88809 scontext=system_u:system_r:pcs_snmp_agent_t:s0 tcontext=system_u:object_r:pacemaker_tmpfs_t:s0 tclass=dir permissive=0
Jan 27 19:53:46 audispd: node=virtual type=AVC msg=audit(1611777226.144:25975): avc: denied { getattr } for pid=29489 comm="systemctl" name="/" dev="tmpfs" ino=14072 scontext=system_u:system_r:pcs_snmp_agent_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
Signed-off-by: Dave Sugar <dsugar@tresys.com>
2021-01-28 15:20:20 -05:00
Kenton Groombridge
95dd9ebf61
sudo: add tunable for HTTP connections
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-28 15:11:19 -05:00
Chris PeBenito
98681ea89e
samba: Fix lint error.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:57:19 -05:00
Chris PeBenito
a404dc677e
aptcacher: Drop broken config interfaces.
...
The aptcacher_etc_t type does not exist in the policy. The block in cron
will never be enabled because of this, so drop that too.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:57:08 -05:00
Chris PeBenito
920ecf48ce
apache: Really fix lint error.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:34:02 -05:00
Chris PeBenito
cf91901018
apache: Fix lint error.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:29:26 -05:00
Chris PeBenito
744290159e
apache, fail2ban, stunnel: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 14:26:31 -05:00
Chris PeBenito
981e741a51
Merge pull request #337 from 0xC0ncord/bugfix/fail2ban_journald_map
2021-01-28 13:54:16 -05:00
Chris PeBenito
7bf7abd525
Merge pull request #340 from 0xC0ncord/feature/apache_list_dirs_interface
2021-01-28 13:51:17 -05:00
Chris PeBenito
63b25831a4
Merge pull request #338 from 0xC0ncord/feature/stunnel_logging_type
2021-01-28 13:50:46 -05:00
Chris PeBenito
a3e13450e2
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:39:49 -05:00
Chris PeBenito
09fd2a29cf
samba: Add missing userspace class requirements in unit interfaces.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:39:34 -05:00
Chris PeBenito
94e424aa9b
sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba block.
...
This moves the existing samba_manage_config(dhcpc_t) that is not tunable
into the tunable block.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:30:40 -05:00
Chris PeBenito
5d29c35b89
samba: Move service interface definitions.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 11:27:54 -05:00
Russell Coker
ac5b8737fd
misc network patches with Dominick's changes*2
...
I think this one is good for merging now.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-28 11:22:07 -05:00
Chris PeBenito
621baf7752
samba: Fix samba_runtime_t alias use.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:55:54 -05:00
Chris PeBenito
882633aa13
cron: Make backup call for system_cronjob_t optional.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:55:35 -05:00
Chris PeBenito
9f8164d35d
devicekit, jabber, samba: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:55:09 -05:00
Chris PeBenito
982cb068c2
apache, mysql, postgrey, samba, squid: Apply new mmap_manage_files_pattern().
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:53:04 -05:00
Chris PeBenito
c4150cd0a5
file_patterns.spt: Add a mmap_manage_files_pattern().
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-28 10:51:39 -05:00
Russell Coker
55c3c1dcaa
misc services patches with changes Dominick and Chris wanted
...
I think this one is ready to merge.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-28 10:06:16 -05:00
Kenton Groombridge
4e15f5dfe4
apache: add interface for list dir perms on httpd content
...
This is needed by some webservers such as nginx when autoindexing is
enabled.
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-27 15:41:16 -05:00
Kenton Groombridge
c8f723b96e
spamassassin: add rspamd support and tunable
...
Additional rules are required to enable rspamd support. This commit adds
file contexts for rspamd's files and adds a tunable that enables the
additional rules needed for rspamd to function.
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-26 20:10:54 -05:00
Kenton Groombridge
8fc4aa59a9
fail2ban: allow reading systemd journal
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-26 18:19:20 -05:00
Kenton Groombridge
e34e339b96
stunnel: add log type and rules
...
Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-01-26 18:05:56 -05:00
Chris PeBenito
c521270688
memlockd: Fix lint issue.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 10:29:42 -05:00
Chris PeBenito
87ffc9472a
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 09:48:59 -05:00
Chris PeBenito
9f98b92ee5
memlockd: Whitespace fixes.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 09:46:20 -05:00
Chris PeBenito
157b7edcbb
memlockd: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 09:46:04 -05:00
Russell Coker
88c8189207
latest memlockd patch
...
Includes the ifndef(`distro_debian' section that was requested. Should be
ready for merging now.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-25 09:39:26 -05:00
Russell Coker
da9b6306ea
more Chrome stuff
...
Patches for some more Chrome stuff
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-25 09:36:56 -05:00
Russell Coker
eef53e3ddc
remove deprecated from 20190201
...
This patch removes every macro and interface that was deprecated in 20190201.
Some of them date back to 2016 or 2017. I chose 20190201 as that is the one
that is in the previous release of Debian. For any distribution I don't
think it makes sense to carry interfaces that were deprecated in version N
to version N+1.
One thing that particularly annoys me is when audit2allow -R gives deprecated
interfaces in it's output. Removing some of these should reduce the
incidence of that.
I believe this is worthy of merging.
Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-25 08:59:34 -05:00
Chris PeBenito
221813c947
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-25 08:27:35 -05:00
Chris PeBenito
cb93093f4e
Merge pull request #335 from pebenito/drop-dead-modules
2021-01-25 08:22:09 -05:00
Chris PeBenito
ea6002ddf9
devices, virt: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-19 10:08:02 -05:00
Chris PeBenito
6c2432c8bc
Merge pull request #333 from 0xC0ncord/feature/virt_evdev_tunable
2021-01-19 10:07:29 -05:00
Chris PeBenito
0179413fa3
certbot: Fix lint issues.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-19 10:01:27 -05:00
Chris PeBenito
0f6c861dfb
various: Module version bump.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-19 09:51:56 -05:00
Chris PeBenito
81b20d6b08
userdomain: Move lines.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2021-01-19 09:24:14 -05:00