nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,088 Commits 1 Branch 0 Tags 16 MiB
8ef3a91347
Commit Graph

239 Commits

Author SHA1 Message Date
Kenton Groombridge
8ef3a91347 spamassassin, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0ac3f4ea2c rssh, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
34c7853f00 razor, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
1339b7db0c pyzor, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0a78bb05eb pulseaudio, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
9554af912d openoffice, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b3b8942040 mta, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
ffdbf9c86e mplayer, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
f5f0af2c24 mozilla, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
34f7b026ea lpd, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
8bdab0397c libmtp, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0f650e0dc5 java, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b7980a45fc irc, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
56a50fb56c gpg, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
7cd14e0c49 gnome, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
d5246d98aa games, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
ab30d35882 evolution, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
8875024efc dirmngr, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
95cf374eee cron, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
4d7eb76fb9 chromium, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
99c2c94507 cdrecord, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
afa5769b4c bluetooth, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
386d00de34 authlogin, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b90d40db67 xserver, roles, various: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
dd7abf1f47 xscreensaver, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:33 -04:00
Kenton Groombridge
a3f02b2f6c syncthing, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:24 -04:00
Kenton Groombridge
3d11a43da1 sudo, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
562d61bda9 ssh, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
86462c81ec postgresql, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
48a7d3db51 git, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
150353158a screen, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Kenton Groombridge
76a6ee4fb9 apache, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:12 -04:00
Chris PeBenito
2ef2028c57 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-10-05 14:59:44 -04:00
Kenton Groombridge
64e637d895 git, roles: add policy for git client 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-01 13:19:52 -04:00
Chris PeBenito
4248e38824 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-08 10:53:44 -04:00
Chris PeBenito
19924201dc dmesg, devices, sysadm: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-07-08 09:45:15 -04:00
Jonathan Davies
27325c9beb sysadm.te: Allow sysadm_t to read/write Xen character devices so 
userspace tooling works.

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-07-06 15:54:35 +01:00
Markus Linnala
9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 12:19:25 +03:00
Chris PeBenito
c9913a0e8c various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-05-19 08:46:41 -04:00
Chris PeBenito
0ecd14f47a staff, sysadm, unprivuser: Move lines. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-05-19 08:45:36 -04:00
Yi Zhao
7ee15a0681 roles: move dbus_role_template to userdom_common_user_template 
After commit cc8374fd24 (various: systemd
user fixes and additional support), the dbus_role_template is required
for all roles. Move it to userdom_common_user_template.

Before the patch if set DISTRO=redhat:
root@qemux86-64:~# ps xZ | grep "systemd --user"
root:sysadm_r:sysadm_t  240 ? Ss 0:00 /lib/systemd/systemd --user

After the patch:
root@qemux86-64:~# ps xZ | grep "systemd --user"
root:sysadm_r:sysadm_systemd_t  218 ? Ss 0:00 /lib/systemd/systemd --user

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-05-19 10:00:33 +08:00
Chris PeBenito
cd783138ac logging, secadm, staff, sysadm: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-04-26 13:55:03 -04:00
Chris PeBenito
149ee62c7b Merge pull request #368 from jpds/admin-log-watch 2021-04-26 13:54:23 -04:00
Jonathan Davies
431f03f3b9 roles: Added log watching permissions to secadm and sysadm. 
Signed-off-by: Jonathan Davies <jd+github@upthedownstair.com>
 2021-04-25 19:15:08 +01:00
Jonathan Davies
63eb925698 staff.te: Allow staff access to the virt stream, needed for when the 
sockets are access remotely over SSH.

Signed-off-by: Jonathan Davies <jd+github@upthedownstair.com>
 2021-04-24 17:14:06 +01:00
Chris PeBenito
ea9ce5970a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-04-15 16:01:13 -04:00
Kenton Groombridge
8eff2c5998 sysadm, systemd: various fixes 
Allow sysadm to communicate with logind over dbus and add missing rules
for systemd-logind.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-04-08 10:35:17 -04:00
Chris PeBenito
3a22e9279c various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-19 15:17:54 -04:00
Chris PeBenito
93fda6e15d Merge pull request #357 from 0xC0ncord/feature/systemd_user_service 2021-03-19 15:14:24 -04:00
Kenton Groombridge
cc8374fd24
various: systemd user fixes and additional support 
This finishes up a lot of the work originally started on systemd --user
support including interacting with user units, communicating with the
user's systemd instance, and reading the system journal.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-03-18 15:58:17 -04:00