RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,505 Commits 3 Branches 49 Tags 18 MiB
Commit Graph

3505 Commits

Author SHA1 Message Date
Dominick Grift f980fd9208 For virtd lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift f4a0be2dfc For virtd_lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift 0122830bd9 For virtd_lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift e04ad5fe92 For virtd lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift 193760f130 For svirt_lxc_domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift c40ea7bd2d For svirt_lxc_domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift 1cbe9e6196 For svirt_lxc_domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:01 -04:00
Chris PeBenito 2b63d6a616 Module version bump for dovecot libs from Mika Pflueger. 2012-10-30 13:52:59 -04:00
Mika Pflüger 5ea6bf5c1e Explicitly label dovecot libraries lib_t for debian 2012-10-30 13:42:05 -04:00
Chris PeBenito a2cc003740 Module version bump for minor logging and sysnet changes from Sven Vermeulen. 2012-10-30 13:39:46 -04:00
Sven Vermeulen 7ed91bfafd Support flushing routing cache 
To flush the routing cache, ifconfig_t (through the "ip" command) requires
sys_admin capability. If not:

~# ip route flush cache
Cannot flush routing cache

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-30 13:28:02 -04:00
Chris PeBenito d29f5d4e72 Rename logging_search_all_log_dirs to logging_search_all_logs 2012-10-30 13:27:10 -04:00
Sven Vermeulen c239a20504 Introduce logging_search_all_log_dirs interface 
Support the logging_search_all_log_dirs interface for applications such as
fail2ban-client, who scan through log directories.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-30 13:25:23 -04:00
Sven Vermeulen 48e8c08717 Introduce logging_getattr_all_logs interface 
Support the logging_getattr_all_logs interface, which will be used by
applications responsible for reviewing the state of log files (without needing
to read them), such as the fail2ban-client application.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-30 13:25:07 -04:00
Chris PeBenito b7bc3d1506 Module version bump for kernel_stream_connect() from Dominick Grift. 2012-10-19 09:18:53 -04:00
Chris PeBenito 2dfd2b93a9 Move kernel_stream_connect() declaration. 2012-10-19 09:18:19 -04:00
Dominick Grift 07c2944493 Changes to the kernel policy module 
Interface is needed by at least plymouth

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 09:03:37 -04:00
Dominick Grift 0805dd800c Changes to various policy modules 
pcscd_read_pub_files is deprecated use pcscd_read_pid_files instead

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 08:59:22 -04:00
Chris PeBenito 51b1bd56c4 Module version bump for xserver interfaces from Dominick Grift. 2012-10-19 08:58:54 -04:00
Chris PeBenito 1409b86b02 Rename new xserver interfaces. 2012-10-19 08:52:58 -04:00
Chris PeBenito 9b6993158b Rearrange new xserver interfaces. 2012-10-19 08:49:43 -04:00
Dominick Grift 4034f4a4b4 Changes to the xserver policy module 
These interfaces are needed by at least plymouth

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 08:48:12 -04:00
Mika Pflüger 8b1aa69f1f Debian locations of gvfs and kde4 libexec binaries in /usr/lib 2012-10-19 08:40:16 -04:00
Chris PeBenito e4f0112175 Module version bump for dhcp6 ports, from Russell Coker. 2012-10-19 08:39:02 -04:00
Russell Coker f9bee5a60b Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control 
Client control is used by the wide dhcp6 client, which can be controlled
via dhcp6ctl. This works by communicating over port 5546.
 2012-10-19 08:19:28 -04:00
Chris PeBenito 2f3035fb3b Module version bump for modutils patch from Dominick Grift. 2012-10-19 08:17:35 -04:00
Dominick Grift e74b098ca4 Changes to the modutils policy module 
modutils_read_module_config() provides access to list modules_conf_t
directories so that we do not need a seperate
modutils_list_modules_config()

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 08:14:32 -04:00
Chris PeBenito afdb509245 Module version bump for changes from Dominick Grift and Sven Vermeulen. 2012-10-09 11:01:42 -04:00
Dominick Grift a63f5143ce Changes to the bootloader policy module 
Add bootloader_exec() for kdumpgui

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:26:15 -04:00
Dominick Grift c667fa4a7d Changes to the userdomain policy module 
Remove evolution and evolution alarm dbus chat from common user template
since callers of the evolution role are now allowed to dbus chat to
evolution and evolution alarm.

Common users need to be able to dbus chat with policykit and consolekit

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:25:29 -04:00
Sven Vermeulen 40c32b7a6a Allow search within postgresql var directory for the stream connect interface 
Domains that are granted postgresql_stream_connect() need to be able to search
through the postgresql_var_run_t directory (in which the socket is located).

Update the interface to use the stream_connect_pattern definition to simplify
the interface and make it more readable.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-09 10:21:09 -04:00
Dominick Grift 4ea2bc7eba Changes to the sysnetwork policy module 
dhcpc is a dbus_system_domain()

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:18:36 -04:00
Dominick Grift f3492a3a1e Declare a cslistener port type for phpfpm 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:05:35 -04:00
Dominick Grift 1dc2705388 Restricted Xwindows user domains run windows managers in the windows managers domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:03:34 -04:00
Chris PeBenito d7f7136953 Module version bump for cachefiles core support. 2012-10-04 08:25:19 -04:00
Chris PeBenito 1391285cf8 Rename cachefiles_dev_t to cachefiles_device_t. 2012-10-04 08:24:57 -04:00
Dominick Grift 298d840e46 Implement files_create_all_files_as() for cachefilesd 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-04 08:13:18 -04:00
Dominick Grift f8075ac60f Declare a cachfiles device node type 
Used by kernel to communicate with user space (cachefilesd)
Label the character file accordingly

Create a dev_rw_cachefiles_dev() for cachefilesd

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-04 08:13:11 -04:00
Chris PeBenito 8bd7b0e1b9 Module version bump for srvloc port definition from Dominick Grift. 2012-10-02 10:35:29 -04:00
Dominick Grift b123010082 svrloc port type declaration from slpd policy module 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-02 10:33:55 -04:00
Chris PeBenito e036d3d694 Module version bump for ipsec net sysctls reading from Miroslav Grepl. 2012-10-02 10:15:31 -04:00
Miroslav Grepl 672f146fec Allow ipsec to read kernel sysctl 2012-10-02 10:14:44 -04:00
Chris PeBenito 99d1e6b9f1 Module verision bump for Debian cert file fc update from Laurent Bigonville. 2012-10-02 10:12:08 -04:00
Laurent Bigonville e5c59868be Add Debian location for PKI files 2012-10-02 10:10:59 -04:00
Chris PeBenito 9294b7d11f Module version bump for cfengine fc change from Dominick Grift. 2012-10-02 10:10:18 -04:00
Dominick Grift 111b0b3176 Remove var_log_t file context spec 
The /var/cfengine/output location will be labeled in the forthcoming
cfengine policy module that will be ported from Fedora

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-02 10:09:33 -04:00
Chris PeBenito 75c6d0b8c3 Module version bump for kmod fc from Laurent Bigonville. 2012-10-02 10:08:41 -04:00
Chris PeBenito 071537fab5 split kmod fc into two lines. 2012-10-02 10:08:09 -04:00
Laurent Bigonville e57cb31d34 Add insmod_exec_t label for kmod executable 
lsmod, rmmod, insmod, modinfo, modprobe and depmod are now symlinks to
the kmod executable
 2012-10-02 09:59:28 -04:00
Chris PeBenito 7b4f78195f Update contrib. 2012-10-01 13:27:36 -04:00