nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,088 Commits 1 Branch 0 Tags 16 MiB
8ef3a91347
Commit Graph

6088 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kenton Groombridge
8ef3a91347 spamassassin, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0ac3f4ea2c rssh, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
34c7853f00 razor, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
1339b7db0c pyzor, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0a78bb05eb pulseaudio, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
9554af912d openoffice, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b3b8942040 mta, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
ffdbf9c86e mplayer, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
f5f0af2c24 mozilla, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
34f7b026ea lpd, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
8bdab0397c libmtp, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0f650e0dc5 java, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b7980a45fc irc, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
56a50fb56c gpg, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
7cd14e0c49 gnome, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
d5246d98aa games, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
ab30d35882 evolution, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
8875024efc dirmngr, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
95cf374eee cron, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
4d7eb76fb9 chromium, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
99c2c94507 cdrecord, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
afa5769b4c bluetooth, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
386d00de34 authlogin, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b90d40db67 xserver, roles, various: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
dd7abf1f47 xscreensaver, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:33 -04:00
Kenton Groombridge
a3f02b2f6c syncthing, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:24 -04:00
Kenton Groombridge
3d11a43da1 sudo, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
562d61bda9 ssh, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
86462c81ec postgresql, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
48a7d3db51 git, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
150353158a screen, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
76a6ee4fb9 apache, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:12 -04:00
Chris PeBenito
e49243a08f authlogin: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-10-08 10:41:12 -04:00
Chris PeBenito
b51a297af5 Merge pull request #411 from besser82/topic/besser82/tcb 2021-10-08 10:40:53 -04:00
Björn Esser
bc88a1ca4b
authlogin: add fcontext for tcb 
tcb is an alternative password shadowing scheme used by some Linux
distributions, like ALT Linux, Mandriva, OWL, and some others.

The /etc/tcb directory tree is used to store a single shadow file
inside of a subdirectory created for every local user.

The tcb_chkpwd binary is meant to provide the same functionality
as the unix_chkpwd binary.

The tcb_convert and tcb_uncovert binaries are used for conversions
from a UNIX shadow file to the tcb password shadowing scheme and
vice-versa.

Signed-off-by: Björn Esser <besser82@fedoraproject.org>
 2021-10-08 00:58:37 +02:00
Chris PeBenito
2ef2028c57 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-10-05 14:59:44 -04:00
Chris PeBenito
6e8ba12dcb Merge pull request #410 from pedrxd/nginxcache 2021-10-05 14:59:06 -04:00
Chris PeBenito
6c1f5fb926 Merge pull request #406 from 0xC0ncord/git-type 2021-10-05 14:58:17 -04:00
Chris PeBenito
0f2ed8ae16 filesystem: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-10-05 14:49:56 -04:00
Gao Xiang
a885f70d50 Add erofs as a SELinux capable file system 
EROFS supported the security xattr handler from Linux v4.19.
Add erofs to the filesystem policy now.

Reported-by: David Michael <fedora.dm0@gmail.com>
Signed-off-by: Gao Xiang <xiang@kernel.org>
 2021-10-05 14:49:16 -04:00
Pedro
26db30a650
File context for nginx cache files 
Signed-off-by: Pedro <peruvapedro99@gmail.com>
 2021-10-04 14:48:10 +02:00
Kenton Groombridge
64e637d895 git, roles: add policy for git client 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-01 13:19:52 -04:00
Chris PeBenito
338d05482a wireguard: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-28 13:14:34 -04:00
Chris PeBenito
247b1300ad Merge pull request #408 from ffontaine/master 2021-09-28 13:13:52 -04:00
Chris PeBenito
f60be8247a
Merge pull request #409 from yizhao1/fix 
rpc: remove obsolete comment line
 2021-09-28 11:55:31 -04:00
Yi Zhao
5968e9eae0 rpc: remove obsolete comment line 
There is no fs_manage_nfsd_fs interface.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-09-27 11:25:45 +08:00
Fabrice Fontaine
67394d078c policy/modules/services/wireguard.te: make iptables optional 
Make iptables optional to avoid the following build failure raised since
version 2.20210908 and
7f1a7b1cac:

 Compiling targeted policy.33
 env LD_LIBRARY_PATH="/tmp/instance-0/output-1/host/lib:/tmp/instance-0/output-1/host/usr/lib" /tmp/instance-0/output-1/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
 policy/modules/services/wireguard.te:66:ERROR 'type iptables_exec_t is not within scope' at token ';' on line 591892:
 #line 66
	allow wireguard_t iptables_exec_t:file { getattr open map read execute ioctl };
 checkpolicy:  error(s) encountered while parsing configuration
 make[1]: *** [Rules.monolithic:79: policy.33] Error 1

Fixes:
 - http://autobuild.buildroot.org/results/a4223accc6adb70b06fd4e74ca4f28484446b6fa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2021-09-22 23:55:59 +02:00
Kenton Groombridge
4264f9050a userdomain: add interface to allow mapping all user home content 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-09-20 22:01:01 -04:00
Kenton Groombridge
261768bf10 ssh: add interface to execute and transition to ssh client 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-09-20 22:00:56 -04:00
Chris PeBenito
b19be25429 systemd, userdomain, wm: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-14 13:55:26 -07:00