RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,084 Commits 3 Branches 49 Tags 18 MiB
Commit Graph

24 Commits

Author SHA1 Message Date
Nicolas Iooss 4067a18530 Allow unconfined domains to use syslog capability 
When an unconfined_t root user runs dmesg, the kernel complains with
this message in its logs (when SELinux is in enforcing mode):

  dmesg (16289): Attempt to access syslog with CAP_SYS_ADMIN but no
  CAP_SYSLOG (deprecated).

audit.log contains following AVC:

  avc:  denied  { syslog } for  pid=16289 comm="dmesg" capability=34
  scontext=unconfined_u:unconfined_r:unconfined_t
  tcontext=unconfined_u:unconfined_r:unconfined_t tclass=capability2
 2014-06-09 09:28:33 -04:00
Dominick Grift 1a88de7131 Unconfined domains have unconfined access to all of dbus rather than only system bus 
unconfined: unconfined_t is real-time scheduled by rtkit

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2013-09-26 10:14:30 -04:00
Chris PeBenito 1c5dacd2c0 Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod. 
Based on a patch from Dan Walsh.
 2011-09-13 14:45:14 -04:00
Dominick Grift a0546c9d1c System layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 09:25:55 -04:00
Chris PeBenito 14e543cb1c Improve the documentation of unconfined_domain(). 2010-02-26 13:47:17 -05:00
Chris PeBenito 3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito 296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito 82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito 2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito 88cf0a9c2b trunk: whitespace fix; collapse multiple blank lines into one. 2008-10-17 15:29:51 +00:00
Chris PeBenito e8cb08aefa trunk: add sepostgresql policy from kaigai kohei. 2008-06-10 15:33:18 +00:00
Chris PeBenito 2c12b471ad trunk: add core xselinux support. 2008-04-01 20:23:23 +00:00
Chris PeBenito ccf6611bdd trunk: add unconfined_run_to(). 2007-11-16 19:50:34 +00:00
Chris PeBenito 9820351703 trunk: add in polmatch for default spd. 2007-11-14 15:53:18 +00:00
Chris PeBenito bdccbacdd6 trunk: add labeled networking support to unconfined. 2007-11-14 14:38:45 +00:00
Chris PeBenito 350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito 6b19be3360 patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
Chris PeBenito c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Chris PeBenito d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Chris PeBenito b04eccd87b fix duplicate /usr/bin/mplayer fc match for targeted 2006-10-18 17:31:14 +00:00
Chris PeBenito a5e2133bc8 patch from dan Wed, 23 Aug 2006 14:03:49 -0400 2006-08-29 02:41:00 +00:00
Chris PeBenito 46551033aa patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00
Chris PeBenito ea3c1f508a add helpers for printing warning and error messages 2006-07-25 17:27:00 +00:00
Chris PeBenito 17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00