nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,787 Commits 1 Branch 0 Tags 16 MiB
2b3473c40c
Commit Graph

453 Commits

Author SHA1 Message Date
Dominick Grift
b21846594d su: wants to read inits script keyring. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:30:54 -04:00
Dominick Grift
a576078738 su: redundant, init_dontaudit_use_script_ptys($1_su_t) 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:30:48 -04:00
Chris PeBenito
befc7ec99f Module version bump for Dominick's consoletype cleanup. 2010-10-11 09:27:27 -04:00
Dominick Grift
bfd28e1a89 consoletype: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:13:47 -04:00
Dominick Grift
6ea380d622 consoletype: needs to use system dbus file descriptors. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:13:47 -04:00
Chris PeBenito
c7908d1ee7 Module version bump for Dominick's sudo cleanup. 2010-10-08 14:33:04 -04:00
Dominick Grift
5e70e017a3 sudo: wants to get attributes of device_t filesystems. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 14:26:55 -04:00
Dominick Grift
e737d5d723 sudo: wants to get attributes of generic pts filesystems. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 09:26:14 -04:00
Chris PeBenito
6e293ffd2c Revert su default_t rule. 2010-10-08 09:15:17 -04:00
Chris PeBenito
89173d538f Module version bump for Dominick's su cleanup. 2010-10-08 08:54:01 -04:00
Dominick Grift
bd7d571195 su: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 08:47:03 -04:00
Dominick Grift
00a1438d82 su: wants to search callers keyring. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 08:47:03 -04:00
Dominick Grift
6a05763d51 su: do not audit attempts to search /root. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 08:47:02 -04:00
Chris PeBenito
bd51fa387c Module version bump for Dominick's shutdown cleanup. 2010-10-07 13:07:07 -04:00
Dominick Grift
a39e274f10 shutdown: search generic log directories. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
5718c0a59a shutdown: needs to connect to init with a unix stream socket. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
a9acfbd613 shutdown: for sudo. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
c56123dc72 shutdown: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
e4efefc4fe shutdown: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
08f1a0326d shutdown: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
051f74edc0 shutdown: Fedora change. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Chris PeBenito
3de55ab053 Module version bump for Dominick's rpm cleanup. 2010-10-06 09:04:31 -04:00
Dominick Grift
b9df0a9727 rpm: various changes both from fedora and myself. rpm: ntp post install scrript want to restart ntpd. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 09:03:32 -04:00
Dominick Grift
b7c851c66b rpm: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Dominick Grift
dcba9161a6 rpm: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Dominick Grift
34959a2210 rpm: (brace) expansion. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Dominick Grift
d60649d9a1 rpm: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Chris PeBenito
29b1bff0e1 Module version bump for Dominick's console cleanup. Also fix rule ordering. 2010-10-06 08:42:23 -04:00
Dominick Grift
5ec14d95fb consoletype: in fedora13 /dev/console is not labeled properly early in the boot process. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:38:40 -04:00
Dominick Grift
019ffc7d1d consoletype: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:38:39 -04:00
Chris PeBenito
c1af955d07 Module version bump for Dominick's quota cleanup. 2010-10-06 08:35:25 -04:00
Dominick Grift
5f716ead5c quota: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:28:31 -04:00
Dominick Grift
0b217af214 quota: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:28:30 -04:00
Chris PeBenito
6d5cc8a096 Module version bump for Dominick's usermanage cleanup. 2010-10-05 15:27:06 -04:00
Dominick Grift
88c635d040 usermanage: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:26:42 -04:00
Dominick Grift
e615cc410e usermanage: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:26:41 -04:00
Dominick Grift
4be6935276 usermanage: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:26:41 -04:00
Dominick Grift
bab33c7b83 usermanage: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:26:41 -04:00
Chris PeBenito
ae8f23fd6f Module version bump for Dominick's tzdata cleanup. 2010-10-05 15:21:52 -04:00
Dominick Grift
b1e1e93b9f tzdata: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:17:10 -04:00
Chris PeBenito
e7ee065485 Module version bump for Dominick's netutils cleanup. 2010-10-05 15:11:23 -04:00
Dominick Grift
b306b5acaa netutils: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:11:00 -04:00
Dominick Grift
696a65867a netutils: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:11:00 -04:00
Dominick Grift
9d5094a3f8 netutils: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:11:00 -04:00
Chris PeBenito
cacbc6b186 Module version bump for Dominick's logrotate cleanup. 2010-10-05 15:08:54 -04:00
Dominick Grift
a1ac7d4fe3 logrotate: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:08:22 -04:00
Chris PeBenito
6a799b6bdc Module version bump for Dominick's cleanup. 2010-10-05 15:07:08 -04:00
Dominick Grift
ecab2ccd69 brctl: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:05:35 -04:00
Dominick Grift
8f5cb4e977 brctl: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:05:20 -04:00
Dominick Grift
8f43f0294d brctl: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 15:05:05 -04:00
Chris PeBenito
e5c41507c7 Module version bump for Dominick's bootloader cleanups. 2010-10-05 14:00:20 -04:00
Dominick Grift
23f4caad54 bootloader: permission set. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 13:59:05 -04:00
Dominick Grift
eac0de8785 bootloader: unused. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 13:57:42 -04:00
Chris PeBenito
9e41622e49 Remove comment due to ace98b7. 2010-10-05 13:56:40 -04:00
Dominick Grift
ace98b78df bootloader: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-05 13:54:07 -04:00
Chris PeBenito
e29f6bf08a Module version bump and Changelog for 329138b and 413aac1. 2010-10-01 09:50:50 -04:00
Dominick Grift
413aac13de Allow common users to manage and relabel Alsa home files. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-01 09:41:22 -04:00
Chris PeBenito
fee48647ac Module version bump for c17ad38 5271920 2a2b6a7 01c4413 c4fbfae a831710 
67effb0 483be01 c6c63f6 b0d8d59 5b082e4 b8097d6 689d954 5afc3d3 f3c5e77
a59e50c cf87233 17759c7 dc1db54 e9bf16d 4f95198 bf40792 622c63b c20842c
dc7cc4d 792d448
 2010-09-15 10:42:34 -04:00
Jeremy Solt
f3c5e77754 certwatch patch from Dan Walsh 
Not including userdom_dontaudit_list_admin_dir - still no admin_home_t in refpolicy
 2010-09-15 09:14:54 -04:00
Jeremy Solt
5afc3d3589 firstboot patch from Dan Walsh 
Not including gnome_admin_home_gconf_filetrans - no admin_home_t in refpolicy
 2010-09-15 09:14:54 -04:00
Jeremy Solt
689d95422f smoltclient patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Chris PeBenito
da12b54802 Module version bumps for cert patch. 2010-09-10 11:31:22 -04:00
Chris PeBenito
e9d6dfb8b1 Fix missed deprecated interface usage from the cert patch. Add back a few rolecap tags. 2010-09-10 11:31:00 -04:00
Chris PeBenito
8fbea561bb Module version bump for 8296eb2. 2010-09-10 08:51:54 -04:00
Chris PeBenito
9c2c77403f Remove unallocated tty access in amanda since it was originally there for the old targeted policy, and now all roles have a user tty type. 2010-09-09 09:32:31 -04:00
Dominick Grift
36c6e47384 Clean up Anaconda policy. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-09-09 08:14:56 -04:00
Dominick Grift
e02146370a Clean up Amtu module. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-09-09 08:14:09 -04:00
Dominick Grift
8296eb2261 Clean up Amanda module. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-09-09 08:13:13 -04:00
Chris PeBenito
28d96f0e39 Module version bumps for b7ceb34 5675107 e411968 eca7eb3. 2010-09-03 13:09:40 -04:00
Chris PeBenito
eca7eb3b47 Rearrange alsa interfaces. 2010-09-03 11:56:10 -04:00
Dominick Grift
e411968dff Implement alsa_home_t for asoundrc. Clean up Alsa module. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-09-03 11:23:06 -04:00
Chris PeBenito
785ee7988c Module version bump and changelog entry for conditional mmap_zero patch. 2010-09-01 10:08:09 -04:00
Dominick Grift
623e4f0885 1/1] Make the ability to mmap zero conditional where this is fapplicable. 
Retry: forgot to include attribute mmap_low_domain_type attribute to domain_mmap_low()	:

Inspired by similar implementation in Fedora.
Wine and vbetool do not always actually need the ability to mmap a low area of the address space.
In some cases this can be silently denied.

Therefore introduce an interface that facilitates "mmap low" conditionally, and the corresponding boolean.
Also implement booleans for wine and vbetool that enables the ability to not audit attempts by wine and vbetool to mmap a low area of the address space.

Rename domain_mmap_low interface to domain_mmap_low_uncond.

Change call to domain_mmap_low to domain_mmap_low_uncond for xserver_t. Also move this call to distro redhat ifndef block because Redhat does not need this ability.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-09-01 09:41:56 -04:00
Chris PeBenito
76a9fe96e4 Module version bumps and changelog for devtmpfs patchset. 2010-08-25 11:19:27 -04:00
Jeremy Solt
2fc79f1ef4 Early devtmpfs access 
dontaudit attempts to read/write device_t chr files occurring before udev relabel
allow init_t and initrc_t read/write on device_t chr files (necessary to boot without unconfined)

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
 2010-08-25 11:01:27 -04:00
Chris PeBenito
19ff03977d Fix usermanage_kill_passwd() parameter doc. 2010-08-05 08:56:31 -04:00
Dominick Grift
77e4b55f70 Admin layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 08:46:44 -04:00
Chris PeBenito
d0eebed0b7 Move accountsd to services. 2010-08-03 09:31:53 -04:00
Jeremy Solt
c4834a02d2 accountsd policy from Dan Walsh 
Edits:
 - Removed accountsd_manage_var_lib
 - Removed optional block for xserver - these interfaces didn't exist
 - It looks like sys_ptrace is needed because it reads /proc/pid/loginuid
 - Whitespace and style fixes
 2010-08-03 09:27:24 -04:00
Chris PeBenito
a7ee7f819a Docs standardizing on the role portion of run interfaces. Additional docs cleanup. 2010-08-03 09:20:22 -04:00
Chris PeBenito
a72e42f485 Interface documentation standardization patch from Dan Walsh. 2010-08-02 09:22:09 -04:00
Chris PeBenito
64ef2df368 Module version bump for 5563d4c. 2010-07-22 09:13:11 -04:00
Jeremy Solt
5563d4c4d8 Removing seutil_domtrans_setsebool from anaconda patch - it doesn't exist 2010-07-22 08:49:32 -04:00
Jeremy Solt
b0a6f1b7c2 anaconda patch from Dan Walsh 
- Did not include the change to unconfined_domain_noaudit
 2010-07-22 08:49:32 -04:00
Chris PeBenito
b70dfcdf8f RPM patch from Dan Walsh. 2010-07-08 10:53:28 -04:00
Chris PeBenito
2d839c6791 Whitespace fixes in RPM. 2010-07-08 10:12:24 -04:00
Chris PeBenito
7e265a8abb Add shutdown from Dan Walsh. 2010-07-07 11:10:56 -04:00
Chris PeBenito
3bcfe5beb7 Usermanage patch from Dan Walsh. 
Broken leaks of sockets

useradd runs semanage for -Z.

passwd_t needs sys_nice

useradd run within a samba_controler needs to append to the samba log.
 2010-07-06 10:56:20 -04:00
Chris PeBenito
ab62f3f1b1 Module version bump for a7521af. 2010-07-01 10:48:11 -04:00
Jeremy Solt
a7521af67d firstboot patch from Dan Walsh 
- Did not include gnome_admin_home_gconf_filetrans
- Whitespace fixes
 2010-07-01 10:36:31 -04:00
Chris PeBenito
ab4f820548 Module version bump for b5d89d0. 2010-06-29 11:03:56 -04:00
Jeremy Solt
b5d89d0325 vpn patch from Dan Walsh 
fixed gen_require in vpn_relabelfrom_tun_socket interface (wrong type)
removed userdom_read_home_certs (not in refpolicy)
 2010-06-29 11:02:45 -04:00
Chris PeBenito
e08ac5acb3 Vbetool patch from Dan Walsh. 
vbetool needs mls overrides
 2010-06-18 14:56:27 -04:00
Chris PeBenito
3835c39a13 Sudo patch from Dan Walsh. 
sudo gets execed by apps that leak sockets
 2010-06-18 14:43:22 -04:00
Chris PeBenito
f7e3410aed Su patch from Dan Walsh. 
dontaudit leaked sockets
 2010-06-18 14:32:42 -04:00
Chris PeBenito
b9be5cccf1 Shorewall patch from Dan Walsh. 
Shorewall execs hostname
 2010-06-18 14:23:46 -04:00
Chris PeBenito
5116faa198 Quota patch from Dan Walsh. 
Quata needs to setshed on kernel processes
 2010-06-18 14:14:21 -04:00
Chris PeBenito
a9ef84b578 Prelink patch from Dan Walsh. 
Prelink has new directory under /var/lib

dontaudit leaks from domains that transition

cron job looks at all mount points.
 2010-06-18 14:07:53 -04:00
Chris PeBenito
9a4d292902 Netutils patch from Dan Walsh. 
ping gets leaked log descriptor from nagios.

Label send_arp as ping_exec_t
 2010-06-17 10:16:19 -04:00
Chris PeBenito
10c0104066 Kismet patch from Dan Walsh. 
Kismet searches user_home_dirs for kismet_home_t content.
 2010-06-17 08:24:21 -04:00
Chris PeBenito
e89f04fd17 Mcelog patch from Dan Walsh. 
mcelog needs mls override
 2010-06-17 08:23:48 -04:00
Chris PeBenito
0e30bca6d9 Consoletype patch from Dan Walsh. 
I am sick of every app in the known universe leaking socket descriptors.
  Dontaudit by default

consoletype is handed a write for hal log on resume from hibernate.
 2010-06-17 08:23:20 -04:00
Chris PeBenito
88a574d373 Alsa patch from Dan Walsh 
Alsa trys to talk to all types of terminals.  Dontaudit this access.
 2010-06-17 08:22:43 -04:00
Chris PeBenito
4db7790c60 Acct patch from Dan Walsh. 
acct needs to use generic ptys
 2010-06-17 08:22:17 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
2a29628e40 Fix duplicate lines in kudzu. 2010-05-26 08:26:50 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
91cbcc6602 Fix deprecated interface usage in rhel4 block in su.if. 2010-05-24 15:09:18 -04:00
Chris PeBenito
3d95ca2d82 Module version bump for 904f3d8. 2010-05-24 13:08:09 -04:00
Chris PeBenito
213d35a07c Module version bump for 9e28f74. 2010-05-24 13:08:09 -04:00
Chris PeBenito
c789f82bc5 Module version bump for d5170e5. 2010-05-24 13:08:09 -04:00
Chris PeBenito
d53a972879 Module version bump for cb1df6a. 2010-05-24 13:08:09 -04:00
Jeremy Solt
d8642cad29 readahead patch from Dan Walsh 
Edits:
 - Removed files_dontaudit_read_security_files and fs_dontaudit_read_tmpfs_blk_dev interface calls
 2010-05-24 13:08:08 -04:00
Chris PeBenito
ff1cae1f5e Move line in logrotate; module version bump. 2010-05-24 13:08:08 -04:00
Jeremy Solt
b8c9879a8c logrotate patch from Dan Walsh 2010-05-24 13:08:08 -04:00
Jeremy Solt
fdc0d0f77c vpn patch from Dan Walsh 
Edits:
 - Removed userdom_read_home_certs
 2010-05-24 13:08:08 -04:00
Jeremy Solt
2483d7ae56 Replace apache_delete_cache with apache_delete_cache_files in tmpreaper.te 2010-05-24 13:08:07 -04:00
Jeremy Solt
8daddcf37e tmpreaper patch from Dan Walsh 2010-05-24 13:08:07 -04:00
Jeremy Solt
7605d2738c Remove call to nagios_rw_inherited_tmp_files 2010-05-24 13:08:07 -04:00
Jeremy Solt
44dc1b9c21 netutils patch from Dan Walsh 
Edits:
 - Dropping term_use_all_terms and user_ping tunables for ping and traceroute
 - Whitespace fixes
 2010-05-24 13:08:07 -04:00
Chris PeBenito
9fe1b540b8 Prelink patch from Dan Walsh. 2010-05-20 08:54:51 -04:00
Chris PeBenito
16070400a8 RPM patch from Dan Walsh. 2010-05-11 11:11:40 -04:00
Chris PeBenito
4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito
c6491af860 Module version bump for d12f18e. 2010-03-16 14:34:50 -04:00
Jeremy Solt
d12f18e452 Change kernel_load_module to kernel_request_load_module from Dan Walsh 2010-03-16 13:44:52 -04:00
Chris PeBenito
fad6e761bf Whitespace fix for mcelog. 2010-03-16 13:15:38 -04:00
Chris PeBenito
580279da88 Module version bump for 74b51e6. 2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7 Whitespace fixes for smoltclient. 2010-03-16 13:11:53 -04:00
Jeremy Solt
1484157201 mcelog policy from Dan Walsh 
Me: Removed permissive line, and fixed a couple style issues
 2010-03-16 11:47:07 -04:00
Jeremy Solt
74b51e6db2 Firstboot sends dbus messages from Dan Walsh 
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
 2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd Policy for smolt sendProfile client from Dan Walsh 2010-03-16 11:37:56 -04:00
Chris PeBenito
37e2499ed1 Module version bump for 1d3d00b. 2010-03-12 11:43:09 -05:00
Chris PeBenito
9e506eb236 Rearrange lines in alsa an mysql. 2010-03-12 08:59:23 -05:00
Jeremy Solt
1d3d00b279 Manage alsa writable config files interface from Dan Walsh 
Moved term_dontaudit_use_console for style.
 2010-03-12 08:54:29 -05:00
Chris PeBenito
547d62ea9e Module version bump for ddae1cc. 2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec Creates sock files in /tmp, reads network state. - From Dan Walsh 
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
 2010-03-09 09:32:23 -05:00
Chris PeBenito
6f9c3c4895 Module version bump for 42fa15b. 2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa Module version bump for 3fcdc39. 2010-03-08 10:02:58 -05:00
Chris PeBenito
e2e1b6721b Minor style fixes. 2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75 Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh 2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764 shorewall log file from Dan Walsh 2010-03-08 09:34:37 -05:00
Chris PeBenito
fa03ecc046 Shorewall patch from Dan Walsh. 2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378 Vbetool patch from Dan Walsh. 2010-02-19 11:34:28 -05:00
Chris PeBenito
29b580ce8f Add sectoolm by Miroslav Grepl. 2010-02-19 09:39:06 -05:00
Chris PeBenito
6a9da24987 Useradd home dir creation fix from Gentoo. 2010-02-17 20:34:23 -05:00
Chris PeBenito
15d80e3646 Misc portage fixes. 2010-02-17 20:25:39 -05:00
Chris PeBenito
05bd2f9837 Portage fixes for installing SELinux-aware programs. 2010-02-17 20:23:41 -05:00
Chris PeBenito
1322a1af4d Remove redundant conditional user_ping terminal rules. 2010-02-11 14:35:38 -05:00
Chris PeBenito
c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito
ed03a5b916 Sudo patch from Dan Walsh. 2010-02-11 09:15:45 -05:00
Chris PeBenito
ca5dc2f1cb Consoletype patch from Dan Walsh. 2010-02-11 08:56:53 -05:00
Chris PeBenito
d913e793ae Kismet and tzdata patches from Dan Walsh. 2009-11-25 15:12:52 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50 additional cleanup for e877913. 2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf adding puppet configuration management system 
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2009-11-11 08:37:16 -05:00
Chris PeBenito
6af53d08ed rearrange readahead rules. 2009-09-09 09:53:28 -04:00
Chris PeBenito
c1e5b195f7 readahead patch from dan. 2009-09-09 09:45:34 -04:00
Chris PeBenito
163ddfaa80 prelink patch from dan. 2009-09-09 08:18:51 -04:00
Chris PeBenito
625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito
b2324fa76d certwatch patch from dan. 2009-09-01 08:50:39 -04:00
Chris PeBenito
b515ab0182 mrtg patch from dan. 2009-09-01 08:44:20 -04:00
Chris PeBenito
a9e9678fc7 kismet patch from dan. 2009-08-31 09:38:47 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls 
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
 2009-08-31 08:36:06 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
9c47227c7a fix ordering of interface calls in sudo. 2009-08-05 09:48:46 -04:00
Chris PeBenito
3162277ade alsa file location update for debian, from Manoj. 2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0 whitespace fixes in apt. 2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d clean up 6a192f70d4 2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4 Update apt/aptitude policy to add support for lock/log files 
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
 2009-07-29 15:00:39 -04:00
Chris PeBenito
41ea887598 sudo patch from dan. 2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814 readahead patch from dan. 2009-07-28 10:08:02 -04:00
Chris PeBenito
5be35f2acd tmpreaper patch from dan. 2009-07-27 09:11:38 -04:00
Chris PeBenito
adea587572 4 patches from dan. 2009-07-20 11:34:46 -04:00
Chris PeBenito
10b03f376b three debian patches from manoj 2009-07-14 09:05:59 -04:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
c7dc1c7222 trunk: Allow unix_update to change the security attributes associate with files so 
that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
 2009-06-18 13:57:26 +00:00
Chris PeBenito
30425aa876 trunk: 1 patch from dan. 2009-06-12 15:30:15 +00:00
Chris PeBenito
a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito
63f0a71c8a trunk: 9 patches from dan. 2009-06-01 16:03:42 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
da04234f32 trunk: 5 patches from dan. 2009-03-10 19:32:04 +00:00
Chris PeBenito
9e7a338509 trunk: su fixes from clip. 2009-01-13 19:44:23 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
59d599642e trunk: fix certwatch version number. 2009-01-06 19:33:24 +00:00
Chris PeBenito
17ec8c1f84 trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
Chris PeBenito
6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
2cca6b79b4 trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
Chris PeBenito
88cf0a9c2b trunk: whitespace fix; collapse multiple blank lines into one. 2008-10-17 15:29:51 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
aea3f28e40 trunk: Remove hierarchy from portage module as it is not a good example of hieararchy. 2008-10-15 19:56:33 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
74993c4dae trunk: 8 patches from dan. 2008-10-13 15:06:23 +00:00