72b2c66256
whitespace cleanup
...
Remove trailing white spaces and mixed up indents
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-08-13 14:34:57 +02:00
f064342f41
systemd: Add filesystem watches.
...
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2020-01-16 15:53:36 -05:00
789307d57e
mount: allow callers of mount to search /usr/bin
...
In order to be able to invoke /usr/bin/mount, /usr/bin/fusermount, etc.
callers need to be able to search /usr/bin. Otherwise, such denials are
recorded:
type=AVC msg=audit(1576534518.220:1320): avc: denied { search }
for pid=24067 comm="cryfs" name="bin" dev="vda1" ino=524829
scontext=sysadm_u:sysadm_r:cryfs_t tcontext=system_u:object_r:bin_t
tclass=dir permissive=0
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-12-22 16:54:51 +01:00
69a403cd97
Rename *_var_run_t types to *_runtime_t.
...
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2019-09-30 20:02:43 -04:00
da156aea1e
systemd: Add initial policy for systemd --user.
...
This is just a start; it does not cover all uses.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
2019-04-25 11:18:58 -04:00
efa32d9b56
Remove deprecated interfaces older than one year old.
...
Additionally one deprecated attribute removed.
2017-08-06 17:03:17 -04:00
caca2e7e6e
some little misc things from Russell Coker.
...
This patch allows setfiles to use file handles inherited from apt (for dpkg
postinst scripts), adds those rsync permissions that were rejected previously
due to not using interfaces, allows fsadm_t to stat /run/mount/utab, and
allows system_cronjob_t some access it requires (including net_admin for
when it runs utilities that set buffers).
2017-04-26 18:03:02 -04:00
132cc4b2d5
bootloader from Russell Coker.
...
This patch adds a lot of policy that is needed to setup an initramfs and grub
on Debian nowadays.
Also changed a comment about ia64 to correctly mention EFI.
2017-04-18 20:56:59 -04:00
d8cb498284
remove trailing whitespaces
2016-12-06 13:45:13 +01:00
0aa6f5b644
system/mount.if: Add mount_rw_loopback_files interface
2014-08-18 15:24:46 -04:00
3501307078
Fix read loopback file interface.
2014-02-08 11:35:57 -05:00
acf1229dad
Rename mount_read_mount_loopback() to mount_read_loopback_file().
...
Also make kernel block optional since the calls are to a higher layer.
2014-02-08 10:49:47 -05:00
09370605a3
system/mount.if: Add mount_read_mount_loopback interface
2014-02-08 10:32:44 -05:00
e6453fa567
Add role attributes to mount.
2011-09-21 08:27:32 -04:00
a0546c9d1c
System layer xml fixes.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:55 -04:00
a7ee7f819a
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 09:20:22 -04:00
33322290f2
automount patch from dan.
2009-07-29 08:59:26 -04:00
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
bbcd3c97dd
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
ea3c1f508a
add helpers for printing warning and error messages
2006-07-25 17:27:00 +00:00
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00
Christian Göttsche
Chris PeBenito
Nicolas Iooss
Chris PeBenito
Chris PeBenito
Luis Ressel
Chris PeBenito
Chris PeBenito
Dominick Grift