selinux-refpolicy

Author	SHA1	Message	Date
Laurent Bigonville	6a62fd0acb	Label nut drivers that are installed in /lib/nut on Debian as bin_t	2013-01-23 07:12:48 -05:00
Laurent Bigonville	20e47b2f4e	Label executables under /usr/lib/gnome-settings-daemon/ as bin_t On Debian, part of gnome-settings-daemon is installed in that directory	2013-01-23 07:12:34 -05:00
Laurent Bigonville	ef854630b4	Label var_lock_t as a mountpoint In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs mount.	2013-01-23 07:10:13 -05:00
Laurent Bigonville	bb00509804	Label executables in /usr/lib/NetworkManager/ as bin_t	2013-01-23 07:09:24 -05:00
Laurent Bigonville	4ae3d78602	Label /var/run/motd.dynamic as initrc_var_run_t	2013-01-23 07:08:06 -05:00
Laurent Bigonville	b40dc4f657	Label /var/run/shm as tmpfs_t for Debian In Debian, /dev/shm is a symlink to /var/run/shm. Label that mountpoint the same way.	2013-01-23 07:07:28 -05:00
Chris PeBenito	e0f7ab0a8a	Module version bump for zfs labeling from Matthew Thode.	2012-12-07 13:23:41 -05:00
Matthew Thode	94c2ae8771	Implement zfs support This is an OpenPGP/MIME signed message (RFC 2440 and 3156) Just adding zfs to the list of defined filesystems in filesystem.te Signed-off-by: Matthew Thode <mthode@mthode.org>	2012-12-07 13:07:15 -05:00
Chris PeBenito	451279bdbc	Module version bump for mcs_constrained from Dominick Grift.	2012-11-28 16:26:27 -05:00
Chris PeBenito	910f3f87ac	Move mcs_constrained() impementation.	2012-11-28 16:26:05 -05:00
Dominick Grift	c2f056b2f6	Implement mcs_constrained_type This process is not allowed to interact with subjects or operate on objects that it would otherwise be able to interact with or operate on respectively. This is, i think, to make sure that specified processes cannot interact with subject or operate on objects regardless of its mcs range. It is used by svirt and probably also by sandbox Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-11-28 16:12:25 -05:00
Chris PeBenito	b2cf9398df	Module version bump for Gentoo openrc fixes for /run from Sven Vermeulen.	2012-10-31 11:49:56 -04:00
Chris PeBenito	6f1dfe762a	Rearrange files interfaces.	2012-10-31 11:49:23 -04:00
Sven Vermeulen	d981fce3e1	Update files_manage_generic_locks with directory permissions Currently, the files_manage_generic_locks only handles the lock files. If a domain needs to manage both lock files and the lock directories (like specific subdirectories in /var/lock that are not owned by a single other domain, such as Gentoo's /var/lock/subsys location) it also needs the manage permissions on the directory. This is to support OpenRC's migration of /var/lock to /run/lock which otherwise fails: * Migrating /var/lock to /run/lock cp: cannot create directory '/run/lock/subsys': Permission denied rm: cannot remove '/var/lock/subsys': Permission denied Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>	2012-10-31 11:36:41 -04:00
Sven Vermeulen	5751a33f27	Introduce files_manage_all_pids interface This interface will be used by domains that need to manage the various pidfile content (*_var_run_t). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>	2012-10-31 11:36:41 -04:00
Chris PeBenito	af2496ea2e	Module version bump/contrib sync.	2012-10-30 16:12:14 -04:00
Chris PeBenito	a94ff9d100	Rearrange devices interfaces.	2012-10-30 16:11:32 -04:00
Dominick Grift	4c68e48950	For virtd Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 15:39:20 -04:00
Chris PeBenito	104456aa17	Module version bump for interfaces used by virt from Dominick Grift.	2012-10-30 14:17:25 -04:00
Chris PeBenito	1673ea6474	Rearrange interfaces in files, clock, and udev.	2012-10-30 14:16:30 -04:00
Dominick Grift	fc749312f5	For virtd lxc Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 13:58:02 -04:00
Dominick Grift	f980fd9208	For virtd lxc Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 13:58:02 -04:00
Dominick Grift	f4a0be2dfc	For virtd_lxc Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 13:58:02 -04:00
Dominick Grift	0122830bd9	For virtd_lxc Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 13:58:02 -04:00
Dominick Grift	e04ad5fe92	For virtd lxc Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 13:58:02 -04:00
Dominick Grift	193760f130	For svirt_lxc_domain Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-30 13:58:02 -04:00
Chris PeBenito	b7bc3d1506	Module version bump for kernel_stream_connect() from Dominick Grift.	2012-10-19 09:18:53 -04:00
Chris PeBenito	2dfd2b93a9	Move kernel_stream_connect() declaration.	2012-10-19 09:18:19 -04:00
Dominick Grift	07c2944493	Changes to the kernel policy module Interface is needed by at least plymouth Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-19 09:03:37 -04:00
Mika Pflüger	8b1aa69f1f	Debian locations of gvfs and kde4 libexec binaries in /usr/lib	2012-10-19 08:40:16 -04:00
Chris PeBenito	e4f0112175	Module version bump for dhcp6 ports, from Russell Coker.	2012-10-19 08:39:02 -04:00
Russell Coker	f9bee5a60b	Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control Client control is used by the wide dhcp6 client, which can be controlled via dhcp6ctl. This works by communicating over port 5546.	2012-10-19 08:19:28 -04:00
Chris PeBenito	afdb509245	Module version bump for changes from Dominick Grift and Sven Vermeulen.	2012-10-09 11:01:42 -04:00
Dominick Grift	f3492a3a1e	Declare a cslistener port type for phpfpm Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-09 10:05:35 -04:00
Chris PeBenito	d7f7136953	Module version bump for cachefiles core support.	2012-10-04 08:25:19 -04:00
Chris PeBenito	1391285cf8	Rename cachefiles_dev_t to cachefiles_device_t.	2012-10-04 08:24:57 -04:00
Dominick Grift	298d840e46	Implement files_create_all_files_as() for cachefilesd Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-04 08:13:18 -04:00
Dominick Grift	f8075ac60f	Declare a cachfiles device node type Used by kernel to communicate with user space (cachefilesd) Label the character file accordingly Create a dev_rw_cachefiles_dev() for cachefilesd Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-04 08:13:11 -04:00
Chris PeBenito	8bd7b0e1b9	Module version bump for srvloc port definition from Dominick Grift.	2012-10-02 10:35:29 -04:00
Dominick Grift	b123010082	svrloc port type declaration from slpd policy module Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-10-02 10:33:55 -04:00
Chris PeBenito	5b58ce70fd	Module version bump for Debian file context updates from Laurent Bigonville.	2012-09-17 11:08:42 -04:00
Laurent Bigonville	da349a2cfa	Add Debian location for udisks helpers	2012-09-17 10:31:39 -04:00
Laurent Bigonville	31daa917db	Add Debian locations for GDM 3	2012-09-17 10:31:38 -04:00
Chris PeBenito	0a0d071937	Module version bump for ports update from Dominick Grift.	2012-09-17 10:30:26 -04:00
Dominick Grift	53c8224fc4	Declare port types for ports used by Fedora but use /etc/services for port names rather than using fedora port names. If /etc/services does not have a port name for a port used by Fedora, skip for now. Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-09-17 10:06:29 -04:00
Chris PeBenito	49a65c0e6f	Module version bump for loop-control patch.	2012-09-05 13:45:48 -04:00
Dominick Grift	d204c4cd07	Declare a loop control device node type and label /dev/loop-control accordingly Signed-off-by: Dominick Grift <dominick.grift@gmail.com>	2012-09-05 13:42:18 -04:00
Chris PeBenito	4a865b3830	Module version bump for lost+found labeling in /var/log from Guido Trentalancia.	2012-08-29 10:49:23 -04:00
Guido Trentalancia	06e2744b23	add lost+found filesystem labels to support NSA security guidelines Add lost+found filesystem label to /var/log and /var/log/audit. Signed-off-by: Guido Trentalancia <guido@trentalancia.com>	2012-08-29 10:41:32 -04:00
Chris PeBenito	c1880113bc	Module version bump for /dev/mei type and label from Dominick Grift.	2012-08-23 09:39:13 -04:00

1 2 3 4 5 ...

438 Commits