nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,566 Commits 1 Branch 0 Tags 16 MiB
b40dc4f657
Commit Graph

69 Commits

Author SHA1 Message Date
Chris PeBenito
b7bc3d1506 Module version bump for kernel_stream_connect() from Dominick Grift. 2012-10-19 09:18:53 -04:00
Chris PeBenito
3516535aa6 Bump module versions for release. 2012-07-25 14:33:06 -04:00
Chris PeBenito
b72101a116 Module version bump and changelog for non-auth file attribute to eliminate set expressions, from James Carter. 2012-05-04 09:14:00 -04:00
James Carter
624e73955d Changed non-contrib policy to use the new non_auth_file_type interfaces 
Replaced calls to interfaces allowing access to all files except
auth_file_type files with calls to interfaces allowing access to
non_auth_file_type files.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
 2012-05-04 08:47:49 -04:00
Chris PeBenito
2e83467903 Module version bump and changelog for virt updates from Sven Vermeulen. 2012-04-23 10:43:15 -04:00
Chris PeBenito
94d8bd2904 Module version bump for mountpoint patches from Sven Vermeulen. 2012-04-23 09:33:17 -04:00
Sven Vermeulen
26cfbe5317 Marking debugfs and securityfs as mountpoints 
The locations for debugfs_t (/sys/kernel/debug) and security_t
(/selinux or /sys/fs/selinux) should be marked as mountpoints as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-04-23 09:21:15 -04:00
Chris PeBenito
f65edd8280 Bump module versions for release. 2012-02-15 14:32:45 -05:00
Chris PeBenito
1c5dacd2c0 Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod. 
Based on a patch from Dan Walsh.
 2011-09-13 14:45:14 -04:00
Chris PeBenito
aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito
6e742c4c63 Module version bump for NFS over TCP patchset. 2011-07-22 07:18:13 -04:00
Sven Vermeulen
bdc0c3985b Allow kernel to access NFS/RPC TCP 
Allow kernel_t to access the nfsd_t' tcp_sockets.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-07-22 07:03:51 -04:00
Chris PeBenito
a29c7b86e1 Module version bump and Changelog for auth file patches from Matthew Ife. 2011-07-18 13:48:05 -04:00
Matthew Ife
4ff4e1c505 Replace deprecated *_except_shadow macro calls with *_except_auth_files calls. 2011-07-18 13:40:38 -04:00
Chris PeBenito
cca4b7e619 Fix ring buffer rules capability2 usage. 2011-04-18 13:06:31 -04:00
Chris PeBenito
ed17ee5394 Pull in additional changes in kernel layer from Fedora. 2011-03-31 09:49:01 -04:00
Chris PeBenito
54e9d3ca75 Module version bump and changelog for KaiGai's database object classes patch. 2011-01-14 10:35:52 -05:00
Chris PeBenito
826d014241 Bump module versions for release. 2010-12-13 09:12:22 -05:00
Chris PeBenito
52f38d23c9 Module version bump for Chris Richards' mount patchset. 2010-11-11 09:48:01 -05:00
Chris PeBenito
76a9fe96e4 Module version bumps and changelog for devtmpfs patchset. 2010-08-25 11:19:27 -04:00
Jeremy Solt
d6e1ef29cd Move devtmpfs to devices from filesystem 
Move devtmpfs to devices module (remove from filesystem module)
Make device_t a filesystem
Add interface for associating types with device_t filesystem (dev_associate)
Call dev_associate from dev_filetrans
Allow all device nodes associate with device_t filesystem
Remove dev_tmpfs_filetrans_dev from kernel_t
Remove fs_associate_tmpfs(initctl_t) - redundant, it was in dev_filetrans, now in dev_associate
Mounton interface, to allow the kernel to mounton device_t

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
 2010-08-25 11:01:22 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Dominick Grift
c0c635b3f3 cgroup in filesystem. 
Move cgroup_t declarations from kernel.te to filesystem.te
Redo cgroup interfaces in filesystem.if
Add file context specification for /cgroup mountpoint to filesystem.fc

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-06-08 08:38:18 -04:00
Chris PeBenito
60f04fcb7a Kernel patch from Dan Walsh. 
Add ability to dontaudit requiests to load kernel modules.  If you
disable ipv6 every confined app that does ip, tries to get the kernel to
load the module.

Better handling of unlabeled files by the kernel interfaces
 2010-06-07 11:08:35 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
03a6e03926 Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t. 2010-05-03 11:17:16 -04:00
Chris PeBenito
0417386142 Kernel patch from Dan Walsh. 2010-03-17 11:16:25 -04:00
Chris PeBenito
e21162e471 Kdump reads the kernel core. 2009-11-25 10:04:40 -05:00
Chris PeBenito
e276b8e5d0 Add kernel patch from Dan Walsh 2009-11-19 09:25:38 -05:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
a65fd90a50 trunk: 6 patches from dan. 2009-06-11 15:00:48 +00:00
Chris PeBenito
7722c29e88 trunk: Enable network_peer_controls policy capability from Paul Moore. 2009-02-03 15:45:30 +00:00
Chris PeBenito
c1262146e0 trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00
Chris PeBenito
668b3093ff trunk: change network interface access from all to generic network interfaces. 2009-01-06 20:24:10 +00:00
Chris PeBenito
ff8f0a63f4 trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
Chris PeBenito
cfcf5004e5 trunk: bump versions for release. 2008-07-02 14:07:57 +00:00
Chris PeBenito
c54eb87d43 trunk: two small updates from dan. 2008-06-18 13:15:25 +00:00
Chris PeBenito
e8cb08aefa trunk: add sepostgresql policy from kaigai kohei. 2008-06-10 15:33:18 +00:00
Chris PeBenito
67b6207a9e trunk: trivial kernel patch from dan. 2008-06-07 13:53:29 +00:00
Chris PeBenito
308baad28c trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore. 2008-05-26 18:38:06 +00:00
Chris PeBenito
4416c416fa trunk: Module loading now requires setsched on kernel threads. 2008-05-22 18:39:03 +00:00
Chris PeBenito
8152a78836 trunk: 7 patches from dan. 2008-04-04 17:08:34 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
7d4161cdc9 trunk: 3 patches from dan. 2007-10-29 22:08:34 +00:00
Chris PeBenito
495df41602 trunk: 11 patches from dan. 2007-10-29 18:35:32 +00:00
Chris PeBenito
ef659a476e Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
Chris PeBenito
12e9ea1ae3 trunk: module version bumps for previous commit. 2007-10-02 17:15:07 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
3480f3f239 trunk: bump version numbers for release. 2007-09-28 13:58:24 +00:00