nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,341 Commits 1 Branch 0 Tags 16 MiB
1c5c70d4ab
Commit Graph

4341 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
1c5c70d4ab init: Move interface and whitespace change. 2017-02-25 08:39:58 -05:00
Chris PeBenito
5acda8076f init: Rename init_search_pid_dirs() to init_search_pids(). 2017-02-25 08:38:16 -05:00
Russell Coker
35bd01104a new init interfaces for systemd 
These are needed by several patches I'm about to send.

Description: some new interfaces for init/systemd
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-02-24
 2017-02-25 08:19:39 -05:00
Chris PeBenito
7cc502dfe5 mailman: Fixes from Russell Coker. 2017-02-23 20:59:14 -05:00
Russell Coker
d504e1ef1b rw_inherited_file_perms 
This patch defines rw_inherited_file_perms.  It's needed by a few patches
I'm going to send soon so I need to get it in before they go in.

Also it's generally a good thing to have.  We should reconsider some of the
other policy for whether it should use this.
 2017-02-23 20:52:04 -05:00
Chris PeBenito
c12d16435b Xen fixes from Russell Coker. 2017-02-23 20:32:17 -05:00
Chris PeBenito
c3c767bae2 Module version bump for CI fixes. 2017-02-23 20:32:10 -05:00
Chris PeBenito
65e60689d4 Fix CI errors. 2017-02-23 20:16:40 -05:00
Chris PeBenito
2087bde934 Systemd fixes from Russell Coker. 2017-02-23 20:03:23 -05:00
Chris PeBenito
485929b762 Module version bump for ntp fixes from cgzones. 2017-02-22 19:01:20 -05:00
Chris PeBenito
389e3c954f Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy 2017-02-22 18:37:29 -05:00
cgzones
17753638ca add init_daemon_lock_file() 
needed for ntp
 2017-02-21 15:07:47 +01:00
Chris PeBenito
14cc33cba9 alsa, vnstat: Updates from cgzones. 2017-02-20 12:14:23 -05:00
Chris PeBenito
498fb3c6e8 Module version bump for cgroups systemd fix from cgzones. 2017-02-20 11:21:00 -05:00
Chris PeBenito
e72556c6dd Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy 2017-02-20 11:13:07 -05:00
Chris PeBenito
132db642bd Module version bump for selinuxutil and systmd changes from cgzones. 2017-02-20 10:57:50 -05:00
Chris PeBenito
34cfce5410 Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy 2017-02-20 10:53:56 -05:00
Chris PeBenito
e52b701f59 Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy 2017-02-20 10:43:18 -05:00
Chris PeBenito
3b1909d1d1 fetchmail, mysql, tor: Misc fixes from Russell Coker. 2017-02-20 10:33:23 -05:00
Chris PeBenito
b5497053e9 monit: Fix build error. 
Uncovered by Travis-CI.
 2017-02-20 08:43:12 -05:00
Chris PeBenito
ede0dadc05 Monit policy from Russell Coker and cgzones. 2017-02-19 16:39:35 -05:00
Chris PeBenito
53fb3a3ba4 dpkg: Updates from Russell Coker. 2017-02-19 16:13:14 -05:00
Chris PeBenito
2fcce0a88f Merge branch 'master' of github.com:TresysTechnology/refpolicy 2017-02-18 14:02:36 -05:00
Chris PeBenito
4c16ca2d66 Only display the WERROR notice if there actually are errors. 2017-02-18 13:59:33 -05:00
Chris PeBenito
14566f96a9 Module version bump for hostname fix from cgzones. 2017-02-18 13:58:29 -05:00
Chris PeBenito
36fa3d8916 Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy 2017-02-18 13:32:23 -05:00
cgzones
8266424bcb systemd_cgroups_t: fix denials 2017-02-18 18:41:45 +01:00
Chris PeBenito
7d9a3be9f0 Merge pull request #98 from cgzones/admin_process_pattern 
add admin_process_pattern macro
 2017-02-18 12:38:23 -05:00
Chris PeBenito
3726cd58f6 Module version bump for changes from cgzones. 2017-02-18 12:28:38 -05:00
Chris PeBenito
abe9e18f73 Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy 2017-02-18 11:54:16 -05:00
Chris PeBenito
e96c357b79 Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy 2017-02-18 11:51:40 -05:00
Chris PeBenito
8b6525e992 Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy 2017-02-18 11:39:05 -05:00
Chris PeBenito
959f78de99 Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy 2017-02-18 11:34:23 -05:00
Chris PeBenito
74d6a63ff9 mon: Fix deprecated interface usage. 2017-02-18 11:21:34 -05:00
Chris PeBenito
c784507bce Travis-CI: Terminate build immediately on error. 
See travis-ci/travis-ci#1066.
 2017-02-18 10:37:35 -05:00
Chris PeBenito
1af24ad32b Fix Travis-CI WERROR support. 2017-02-18 10:25:48 -05:00
Chris PeBenito
dd03d589e2 Implement WERROR build option to treat warnings as errors. 
Add this to all Travis-CI builds.
 2017-02-18 10:20:20 -05:00
Chris PeBenito
cb35cd587f Little misc patches from Russell Coker. 2017-02-18 09:39:01 -05:00
cgzones
dd4cfd8a77 add admin_process_pattern macro 
useful for MODULE_admin interfaces
 2017-02-17 16:26:22 +01:00
cgzones
7ff92a886a files: no default types for /run and /var/lock 
encourage private types for /run and /var/lock by not providing default contexts anymore
 2017-02-16 17:14:38 +01:00
cgzones
da1ea093cb corecommands: label some binaries as bin_t 2017-02-16 17:05:26 +01:00
cgzones
61b72e0796 selinuxutil: adjustments 
* no negative permission matching for newrole_t:process
* do not label /usr/lib/selinux as policy_src_t, otherwise semodule can not run /usr/lib/selinux/hll/pp
* reorder label for /run/restorecond.pid
* fix systemd related denials
 2017-02-16 16:53:06 +01:00
cgzones
d9fcbdfbb3 hostname: small adjustments 
* reorder process - capabilities statements
* remove unsighted debian block
 2017-02-16 16:39:50 +01:00
cgzones
60983561be sysadm: fix denials 
allow to read kmesg and the selinux policy
 2017-02-16 16:00:14 +01:00
cgzones
7539f65bc2 setfiles: allow getattr to kernel pseudo fs 
userdomains should not alter labels of kernel pseudo filesystems, but allowing setfiles/restorecon(d) to check the contexts helps spotting incorrect labels
 2017-02-16 15:26:29 +01:00
Chris PeBenito
d9980666a4 Update contrib. 2017-02-15 19:08:32 -05:00
Russell Coker
5a6251efc6 tiny mon patch 
When you merged the mon patch you removed the ability for mon_t to execute
lib_t files.

The following patch re-enables the ability to execute alert scripts.
 2017-02-15 18:51:39 -05:00
Chris PeBenito
1720e109a3 Sort capabilities permissions from Russell Coker. 2017-02-15 18:47:33 -05:00
Chris PeBenito
629b8af1e1 Update contrib. 2017-02-13 20:00:52 -05:00
Russell Coker
69215f0664 inherited file and fifo perms 
The following patch defines new macros rw_inherited_fifo_file_perms and
rw_inherited_term_perms for the obvious reason.

I've had this in Debian for a while and some Debian policy relies on it.

I think it's appropriate to include this before including any policy that
relies on it because it's an obvious foundation for writing good policy.

We could have inherited perms macros for other object types, but terminals
and fifos are the main ones that get inherited.  The next best candidate
for such a macro is a sock_file, and that's largely due to systemd setting
programs stdout/stderr to unix domain sockets.
 2017-02-12 13:55:25 -05:00