nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,859 Commits 1 Branch 0 Tags 16 MiB
ff983a6239
Commit Graph

351 Commits

Author SHA1 Message Date
Chris PeBenito
ff983a6239 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-03 08:38:26 -05:00
Chris PeBenito
4436cd0d6d various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 13:58:24 -05:00
Russell Coker
8b4f1e3384 misc apps and admin patches 
Send again without the section Dominick didn't like.  I think it's ready for inclusion.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-02-02 13:29:48 -05:00
Chris PeBenito
cfb48c28d0 screen: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 08:47:55 -05:00
Jonathan Davies
9ec80c1b2f apps/screen.te: Allow screen to search xdg directories. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-02-01 21:42:12 +00:00
Jonathan Davies
2bdfc5c742 apps/screen.fc: Added fcontext for tmux xdg directory. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-01-29 14:56:29 +00:00
Chris PeBenito
072c0a9458 userdomain, gpg: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-29 08:35:12 -05:00
Dave Sugar
09bd4af708 Work with xdg module disabled 
These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block

Signed-off-by: Dave Sugar <dsugar@tresys.com>
 2021-01-28 18:13:33 -05:00
Chris PeBenito
87ffc9472a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-25 09:48:59 -05:00
Russell Coker
da9b6306ea more Chrome stuff 
Patches for some more Chrome stuff

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-01-25 09:36:56 -05:00
Chris PeBenito
221813c947 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-25 08:27:35 -05:00
Chris PeBenito
cb93093f4e Merge pull request #335 from pebenito/drop-dead-modules 2021-01-25 08:22:09 -05:00
Chris PeBenito
0f6c861dfb various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 09:51:56 -05:00
Chris PeBenito
437e0c4b97 chromium: Move naclhelper lines. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 08:39:53 -05:00
Chris PeBenito
34a8c10cb9 chromium: Whitespace changes. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 08:39:45 -05:00
Russell Coker
31a2b463f7 base chrome/chromium patch fixed 
This patch is the one I described as "another chromium patch" on the 10th of
April last year, but with the issues addressed, and the
chromium_t:file manage_file_perms removed as requested.

I believe it's ready for inclusion.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-01-19 08:39:40 -05:00
Chris PeBenito
7b15003eae Remove modules for programs that are deprecated or no longer supported. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-14 17:14:30 -05:00
Chris PeBenito
bb471c3f1c various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-13 15:20:47 -05:00
Chris PeBenito
6c69f6e3de udev: Drop udev_tbl_t. 
This usage under /dev/.udev has been unused for a very long time and
replaced by functionality in /run/udev.  Since these have separate types,
take this opportunity to revoke these likely unnecessary rules.

Fixes #221

Derived from Laurent Bigonville's work in #230

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-13 15:12:11 -05:00
Chris PeBenito
72e221fd4d various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-08-28 15:30:52 -04:00
Chris PeBenito
74b37e16db Merge pull request #301 from bauen1/fix-selint-s-010 2020-08-28 15:26:47 -04:00
bauen1
fa59d0e9bc
selint: fix S-010 
Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-08-28 17:39:09 +02:00
Chris PeBenito
d387e79989 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-08-18 09:09:10 -04:00
Yi Zhao
8322f0e0d9 Remove duplicated rules 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2020-08-14 10:55:31 +08:00
Chris PeBenito
fbc60f2319
Merge pull request #296 from cgzones/diff-check 
whitespace cleanup
 2020-08-13 09:19:48 -04:00
Christian Göttsche
72b2c66256 whitespace cleanup 
Remove trailing white spaces and mixed up indents

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-08-13 14:34:57 +02:00
Christian Göttsche
3bb507efa6 Fix several misspellings 
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-08-13 14:08:58 +02:00
Chris PeBenito
613708cad6 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-07-04 09:30:45 -04:00
Chris PeBenito
0992763548 Update callers for "pid" to "runtime" interface rename. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-28 16:03:45 -04:00
Chris PeBenito
be04bb3e7e Rename "pid" interfaces to "runtime" interfaces. 
Rename interfaces to bring consistency with previous pid->runtime type
renaming.  See PR #106 or 69a403cd original type renaming.

Interfaces that are still in use were renamed with a compatibility
interface.  Unused interfaces were fully deprecated for removal.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-28 14:33:17 -04:00
Chris PeBenito
71002cdfe0 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-15 08:57:44 -04:00
Chris PeBenito
91087f8ff1 Merge pull request #274 from bauen1/remove-dead-weight 2020-06-15 08:56:42 -04:00
bauen1
77f891c7bf
Remove the ada module, it is unecessary and not touched since ~2008 
It is only used to allow the compiler execmem / execstack but we have
unconfined_execmem_t for that.

Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-06-15 14:47:14 +02:00
bauen1
cb2d84b0d1
gpg: don't allow gpg-agent to read /proc/kcore 
This was probably a typo and shouldn't have been merged.

Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-06-15 14:45:07 +02:00
bauen1
a5c3c70385
thunderbird: label files under /tmp 
Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-06-15 14:43:17 +02:00
Chris PeBenito
309f655fdc various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-10 15:02:27 -04:00
Topi Miettinen
1d8333d7a7
Remove unlabeled packet access 
When SECMARK or Netlabel packet labeling is used, it's useful to
forbid receiving and sending unlabeled packets. If packet labeling is
not active, there's no effect.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-06-03 23:16:19 +03:00
Chris PeBenito
5b171c223a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-05-14 10:32:30 -04:00
Christian Göttsche
57d570f01c chromium/libraries: move lib_t filecontext to defining module 
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-05-12 20:09:44 +02:00
Christian Göttsche
31153edcb4 chromium: drop dead conditional block 
The condition `use_alsa` is nowhere defined, and the contained interface
`alsa_domain` does not exist.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-05-11 21:42:50 +02:00
Chris PeBenito
4ae3713c45 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-05-04 08:55:09 -04:00
Daniel Burgener
5ba931d49d Fix a few places where command line applications were only granted one of tty or pty permissions and could be used from either 
Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
 2020-04-30 14:53:31 -04:00
Chris PeBenito
d401ff2a21 systemd, ssh, wm: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-04-24 10:22:30 -04:00
Topi Miettinen
352249fc05
wm: add KWin 
Add KWin to list of window managers and allow it to mmap wm_tmpfs_t
files to avoid a crash. Related audit event:
type=AVC msg=audit(04/24/2020 15:39:25.287:679) : avc:  denied  { map } for  pid=1309 comm=kwin_x11 path=/memfd:JSVMStack:/lib/x86_64-linux-gnu/libQt5Qml.so.5 (deleted) dev="tmpfs" ino=45261 scontext=user_u:user_r:user_wm_t:s0 tcontext=user_u:object_r:wm_tmpfs_t:s0 tclass=file permissive=0

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-24 16:19:51 +03:00
Chris PeBenito
24e1e2c8a3 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-04-21 11:03:01 -04:00
Chris PeBenito
549bb857c0 Merge pull request #220 from dburgener/fix-macro-usage 2020-04-21 11:01:59 -04:00
Daniel Burgener
410a682138 Fix mismatches between object class and permission macro. 
In many cases, this won't result in a change in the actual policy generated, but if the definitions of macros are changed going forward, the mismatches could cause issues.

Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
 2020-04-20 15:46:33 -04:00
Chris PeBenito
acd45b66b4 mozilla, mailman, init, modutils: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-04-14 14:16:49 -04:00
bauen1
a4903dbf5b
mozilla: allow firefox to use user namespaces for sandboxing 
Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-04-14 19:34:54 +02:00
Chris PeBenito
5a9e52f328 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-04-09 09:41:05 -04:00