nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,533 Commits 1 Branch 0 Tags 16 MiB
5b171c223a
Commit Graph

77 Commits

Author SHA1 Message Date
Chris PeBenito
445cbed7c7 Bump module versions for release. 2019-02-01 15:03:42 -05:00
Chris PeBenito
e6a67f295c various: Module name bump. 2019-01-12 15:03:59 -05:00
Chris PeBenito
1ff4b35ec2 iptables: Module version bump. 2019-01-07 18:48:44 -05:00
Chris PeBenito
d301e83161 mozilla, devices, selinux, xserver, init, iptables: Module version bump. 2018-07-10 20:11:40 -04:00
Chris PeBenito
65e8f758ca Bump module versions for release. 2018-07-01 11:02:33 -04:00
Chris PeBenito
94e3f48a8e iptables: Module version bump. 2018-03-09 17:09:50 -05:00
Miroslav Grepl
b0b4bc947c xtables-multi wants to getattr of the proc fs 2018-03-01 12:32:22 +01:00
Chris PeBenito
aa0eecf3e3 Bump module versions for release. 2017-08-05 12:59:42 -04:00
Chris PeBenito
6293813020 Module version bump for patches from cgzones. 2017-06-12 18:48:58 -04:00
cgzones
ce7aa47ff5 iptables: update 
v2:
 - do not remove interfaces superseded by auth_use_nsswitch()
 2017-06-12 18:42:53 -04:00
Chris PeBenito
a599f28196 Module version bump for /usr/bin fc fixes from Nicolas Iooss. 2017-05-04 08:27:46 -04:00
Chris PeBenito
c2b04d1ea2 kmod, lvm, brctl patches from Russell Coker 
Patches for modutils, at least one of which is needed to generate an initramfs
on Debian.

Patch to allow lvm to talk to fifos from dpkg_script_t for postinst scripts
etc.

Patch for brctl to allow it to create sysfs files.
 2017-04-18 21:17:36 -04:00
Chris PeBenito
4d028498d8 Module version bumps for fixes from cgzones. 2017-03-05 10:48:42 -05:00
cgzones
4b79a54b41 modutils: adopt callers to new interfaces 2017-03-03 12:28:17 +01:00
Chris PeBenito
9f99cfb771 Network daemon patches from Russell Coker. 2017-02-25 11:20:19 -05:00
Chris PeBenito
1720e109a3 Sort capabilities permissions from Russell Coker. 2017-02-15 18:47:33 -05:00
Chris PeBenito
2e7553db63 Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
Chris PeBenito
69ede859e8 Bump module versions for release. 2017-02-04 13:30:53 -05:00
Chris PeBenito
67c435f1fc Module version bump for fc updates from Nicolas Iooss. 2016-12-28 14:38:05 -05:00
Chris PeBenito
f850ec37df Module version bumps for /run fc changes from cgzones. 2016-12-22 15:54:46 -05:00
Chris PeBenito
34055cae87 Bump module versions for release. 2016-10-23 16:58:59 -04:00
Chris PeBenito
7fd44b8fb8 Module version bump for nftables fc entry from Jason Zaman. 2016-05-16 09:20:30 -04:00
Chris PeBenito
b5e8ec6346 Module version bump for iptables/firewalld patch from Laurent Bigonville. 2016-02-16 09:48:37 -05:00
Laurent Bigonville
a54d52058d Allow {eb,ip,ip6}tables-restore to read files in /run/firewalld 
Since version 0.4.0, firewalld uses *tables-restore to speedup the
load of the rules
 2016-02-13 10:06:58 +01:00
Chris PeBenito
137cca377d Module version bump for iptables fc entries from Laurent Bigonville and Lukas Vrabec. 2016-02-10 10:36:09 -05:00
Chris PeBenito
d35f6b7c58 Module version bump for ipset fc entry from Laurent Bigonville. 2016-02-08 08:33:08 -05:00
Chris PeBenito
c23353bcd8 Bump module versions for release. 2015-12-08 09:53:02 -05:00
Chris PeBenito
17694adc7b Module version bump for systemd additions. 2015-10-23 14:53:14 -04:00
Chris PeBenito
f7286189b3 Add systemd units for core refpolicy services. 
Only for services that already have a named init script.

Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
 2015-10-23 10:17:46 -04:00
Chris PeBenito
acabb517e6 Module version bump for admin interface changes from Jason Zaman. 2015-06-09 08:39:18 -04:00
Chris PeBenito
a38c3be208 Module version bump for updated netlink sockets from Stephen Smalley 2015-05-22 08:38:53 -04:00
Stephen Smalley
58b3029576 Update netlink socket classes. 
Define new netlink socket security classes introduced by kernel commit
223ae516404a7a65f09e79a1c0291521c233336e.

Note that this does not remove the long-since obsolete
netlink_firewall_socket and netlink_ip6_fw_socket classes
from refpolicy in case they are still needed for legacy
distribution policies.

Add the new socket classes to socket_class_set.
Update ubac and mls constraints for the new socket classes.
Add allow rules for a few specific known cases (netutils, iptables,
netlabel, ifconfig, udev) in core policy that require access.
Further refinement for the contrib tree will be needed.  Any allow
rule previously written on :netlink_socket may need to be rewritten or
duplicated for one of the more specific classes.  For now, we retain the
existing :netlink_socket rules for compatibility on older kernels.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2015-05-22 08:29:03 -04:00
Chris PeBenito
10ff4d0fa3 Bump module versions for release. 2014-03-11 08:16:57 -04:00
Chris PeBenito
b339b85001 Module version bump for patches from Dominick Grift. 2013-12-06 09:49:41 -05:00
Dominick Grift
e784e78825 iptables: calls to firewalld interfaces from Fedora. The firewalld_dontaudit_rw_tmp_files(iptables_t) was confirmed on Debian. 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2013-12-06 08:16:49 -05:00
Chris PeBenito
d174521a64 Bump module versions for release. 2013-04-24 16:14:52 -04:00
Chris PeBenito
f1aa23dc47 Add conntrack fc entry. 
This tool is for maintaining the netfilter connection tracking.
 2013-04-05 09:45:04 -04:00
Chris PeBenito
f11752ff60 Module version bump for iptables fc entry from Sven Vermeulen and inn log from Dominick Grift. 2012-11-27 08:53:57 -05:00
Chris PeBenito
f65edd8280 Bump module versions for release. 2012-02-15 14:32:45 -05:00
Chris PeBenito
7d6b1e5889 Module version bump and changelog for role attributes usage. 2011-09-21 09:16:34 -04:00
Chris PeBenito
a858f08e5b Add role attributes in iptables. 2011-09-21 08:27:24 -04:00
Chris PeBenito
003361c264 Module version bump for xtables-multi patch from Sven Vermeulen. 2011-08-24 08:55:00 -04:00
Chris PeBenito
aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito
127d617b31 Pull in some changes from Fedora policy system layer. 2011-04-14 11:36:56 -04:00
Chris PeBenito
1ca577db8c Shorewall patch from Miroslav Grepl. 2011-03-21 09:42:12 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito
7491a9ed62 Iptables and modutils patches from Dan Walsh. 2009-12-01 09:23:11 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00