b5e8ec6346
Module version bump for iptables/firewalld patch from Laurent Bigonville.
2016-02-16 09:48:37 -05:00
a54d52058d
Allow {eb,ip,ip6}tables-restore to read files in /run/firewalld
...
Since version 0.4.0, firewalld uses *tables-restore to speedup the
load of the rules
2016-02-13 10:06:58 +01:00
137cca377d
Module version bump for iptables fc entries from Laurent Bigonville and Lukas Vrabec.
2016-02-10 10:36:09 -05:00
d35f6b7c58
Module version bump for ipset fc entry from Laurent Bigonville.
2016-02-08 08:33:08 -05:00
c23353bcd8
Bump module versions for release.
2015-12-08 09:53:02 -05:00
17694adc7b
Module version bump for systemd additions.
2015-10-23 14:53:14 -04:00
f7286189b3
Add systemd units for core refpolicy services.
...
Only for services that already have a named init script.
Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
2015-10-23 10:17:46 -04:00
acabb517e6
Module version bump for admin interface changes from Jason Zaman.
2015-06-09 08:39:18 -04:00
a38c3be208
Module version bump for updated netlink sockets from Stephen Smalley
2015-05-22 08:38:53 -04:00
58b3029576
Update netlink socket classes.
...
Define new netlink socket security classes introduced by kernel commit
223ae516404a7a65f09e79a1c0291521c233336e.
Note that this does not remove the long-since obsolete
netlink_firewall_socket and netlink_ip6_fw_socket classes
from refpolicy in case they are still needed for legacy
distribution policies.
Add the new socket classes to socket_class_set.
Update ubac and mls constraints for the new socket classes.
Add allow rules for a few specific known cases (netutils, iptables,
netlabel, ifconfig, udev) in core policy that require access.
Further refinement for the contrib tree will be needed. Any allow
rule previously written on :netlink_socket may need to be rewritten or
duplicated for one of the more specific classes. For now, we retain the
existing :netlink_socket rules for compatibility on older kernels.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-22 08:29:03 -04:00
10ff4d0fa3
Bump module versions for release.
2014-03-11 08:16:57 -04:00
b339b85001
Module version bump for patches from Dominick Grift.
2013-12-06 09:49:41 -05:00
e784e78825
iptables: calls to firewalld interfaces from Fedora. The firewalld_dontaudit_rw_tmp_files(iptables_t) was confirmed on Debian.
...
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-12-06 08:16:49 -05:00
d174521a64
Bump module versions for release.
2013-04-24 16:14:52 -04:00
f1aa23dc47
Add conntrack fc entry.
...
This tool is for maintaining the netfilter connection tracking.
2013-04-05 09:45:04 -04:00
f11752ff60
Module version bump for iptables fc entry from Sven Vermeulen and inn log from Dominick Grift.
2012-11-27 08:53:57 -05:00
f65edd8280
Bump module versions for release.
2012-02-15 14:32:45 -05:00
7d6b1e5889
Module version bump and changelog for role attributes usage.
2011-09-21 09:16:34 -04:00
a858f08e5b
Add role attributes in iptables.
2011-09-21 08:27:24 -04:00
003361c264
Module version bump for xtables-multi patch from Sven Vermeulen.
2011-08-24 08:55:00 -04:00
aa4dad379b
Module version bump for release.
2011-07-26 08:11:01 -04:00
127d617b31
Pull in some changes from Fedora policy system layer.
2011-04-14 11:36:56 -04:00
1ca577db8c
Shorewall patch from Miroslav Grepl.
2011-03-21 09:42:12 -04:00
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
4fbcd778de
Iptables patch from Dan Walsh.
2010-03-18 08:10:21 -04:00
7491a9ed62
Iptables and modutils patches from Dan Walsh.
2009-12-01 09:23:11 -05:00
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
625be1b4e6
add shorewall from dan.
2009-09-02 08:58:52 -04:00
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
3f67f722bb
trunk: whitespace fixes
2009-06-26 14:40:13 +00:00
09125ae411
trunk: module version bump for previous commit.
2009-04-03 14:15:53 +00:00
d6605bc48b
trunk: 3 patches from dan.
2009-04-03 14:14:43 +00:00
17ec8c1f84
trunk: bump module versions for release.
2008-12-10 19:38:10 +00:00
296273a719
trunk: merge UBAC.
2008-11-05 16:10:46 +00:00
2cca6b79b4
trunk: remove redundant shared lib calls.
2008-10-17 17:31:04 +00:00
5d4f4b5375
trunk: bump version numbers for release.
2008-10-14 15:46:36 +00:00
770c015f88
trunk: 2 patches from dan.
2008-08-14 15:10:41 +00:00
9acf481bd0
trunk: fix from fedora policy, cherry picked from David Hardeman.
2008-08-12 19:52:29 +00:00
f7925f25f7
trunk: bump module versions for release.
2007-12-14 14:23:18 +00:00
eaed904cd5
trunk: 3 patches from dan.
2007-11-05 19:35:08 +00:00
12e9ea1ae3
trunk: module version bumps for previous commit.
2007-10-02 17:15:07 +00:00
350b6ab767
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
2007-10-02 16:04:50 +00:00
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
8d2c34195e
trunk: updates from dan on 9 modules
2007-08-22 20:02:41 +00:00
f8233ab7b0
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
2007-08-20 18:26:08 +00:00
116c1da330
trunk: update module version numbers for release.
2007-06-29 14:48:13 +00:00
6649aec9d0
trunk: 3 patches from dan
2007-06-11 15:43:37 +00:00
0251df3e39
bump module versions for release
2007-04-17 13:28:09 +00:00
9e8f65c83e
six trivial patches from dan for iptables, netutils, ipsec, devices, filesystem and cpuspeed
2007-03-26 20:47:29 +00:00
Chris PeBenito
Laurent Bigonville
Stephen Smalley
Dominick Grift
Chris PeBenito