nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,331 Commits 1 Branch 0 Tags 16 MiB
288b8ab6b2
Commit Graph

3331 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Walsh
288b8ab6b2 Add port for glance policy 2011-12-15 08:33:10 -05:00
Chris PeBenito
64a0271ffd Module version bump and changelog for slim and lxdm file contexts to xserver, from Sven Vermeulen. 2011-12-13 11:17:23 -05:00
Chris PeBenito
89e1cadd02 Whitespace fix in xserver. 2011-12-13 11:17:00 -05:00
Sven Vermeulen
6f0ac6d737 Supporting lxdm and slim 
Update the xserver file contexts to support the slim and lxdm services.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-12-13 10:48:16 -05:00
Chris PeBenito
3cbb3701cd Module version bumps for debian fc patch from Russell Coker. 2011-11-16 15:31:48 -05:00
Chris PeBenito
e78ada8605 Debian file locations patch from Russell Coker. 2011-11-16 15:29:18 -05:00
Chris PeBenito
e5b14e7e3a Add optional file name to filetrans_pattern. 2011-11-02 08:48:25 -04:00
Chris PeBenito
ba817fccd9 Add userdom interfaces for user application domains, user tmp files, and user tmpfs files. 2011-10-28 08:49:19 -04:00
Chris PeBenito
e2fa4f2e8c Add user application, tmp and tmpfs file interfaces. 2011-10-28 08:48:10 -04:00
Chris PeBenito
4d91cc95c7 Module version bump and Changelog for asterisk admin updates from Sven Vermeulen. 2011-10-25 09:43:13 -04:00
Sven Vermeulen
ecf83667ab Allow sysadm to interact with asterisk 
When administering asterisk, one often ran command is "asterisk -r"
which yields the asterisk CLI (when the asterisk server is running). To
be able to run this, you need asterisk_stream_connect privileges.

Assign these privileges to the sysadm_r

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-10-25 09:40:12 -04:00
Chris PeBenito
458ab7d2ba Fix makefiles to install files with the correct DAC permissions if the umask is not 022. 
trac ticket #50
 2011-10-19 10:59:16 -04:00
Chris PeBenito
a8ad9ba250 Remove deprecated support macros. 2011-10-14 13:01:21 -04:00
Chris PeBenito
6b63ed7481 Remove deprecated permission sets. 
These were deprecated on or around October 9, 2007.
 2011-10-14 10:24:18 -04:00
Chris PeBenito
dd49083624 Remove deprecated send_audit_msgs_pattern(). 
This was deprecated June 12, 2007.
 2011-10-14 10:23:05 -04:00
Chris PeBenito
b928020970 Remove deprecated optional_policy usage. 
This was deprecated July 25, 2006.
 2011-10-14 10:22:16 -04:00
Chris PeBenito
d1af485661 Remove rolemap and per-role template support. 
This support was deprecated and unused in Reference Policy November 5 2008.
 2011-10-14 08:52:21 -04:00
Chris PeBenito
f82712416e Add m4 diverts in corenetwork generation code to clean up resultant files. 2011-10-04 16:00:08 -04:00
Chris PeBenito
332c3a5fc4 Fix corenetwork port declaration to choose either reserved or unreserved. 
This changes the port declarations for cases where a type is used for
ports above and below 1024.  The old code would give both the reserved
and unreserved port attribute.  This new code only gives the reserved
port attribute.
 2011-10-04 15:31:08 -04:00
Chris PeBenito
7b98e4f436 Clean up stale TODOs. 2011-09-26 11:51:47 -04:00
Chris PeBenito
8e94109c52 Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions. 2011-09-26 10:44:27 -04:00
Chris PeBenito
aecd12c7b0 Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
Chris PeBenito
7d6b1e5889 Module version bump and changelog for role attributes usage. 2011-09-21 09:16:34 -04:00
Chris PeBenito
af1f9606c3 Add role attributes to usermanage. 2011-09-21 08:30:54 -04:00
Chris PeBenito
26761b31cd Add role attributes to bootloader. 2011-09-21 08:27:40 -04:00
Chris PeBenito
f9145eae44 Add role attributes to dhcpc. 2011-09-21 08:27:37 -04:00
Chris PeBenito
08cf443ff6 Add role attributes in newrole and run_init. 2011-09-21 08:27:34 -04:00
Chris PeBenito
e6453fa567 Add role attributes to mount. 2011-09-21 08:27:32 -04:00
Chris PeBenito
d3cca4f927 Add role attributes to update_modules in modutils. 2011-09-21 08:27:28 -04:00
Chris PeBenito
a858f08e5b Add role attributes in iptables. 2011-09-21 08:27:24 -04:00
Chris PeBenito
e3a043d18d Convert selinuxutil over to role attributes for semanage. 2011-09-21 08:26:58 -04:00
Chris PeBenito
2dd113f11c Move attribute_role decls to top of policy.conf/base.conf. 2011-09-21 08:26:56 -04:00
Chris PeBenito
c0cdc81ee5 Update INSTALL for new toolchain requirements. 2011-09-21 08:26:52 -04:00
Chris PeBenito
dfec2ce3a9 Opendkim self signal patch from Paul Howarth. 2011-09-20 10:17:22 -04:00
Chris PeBenito
bf8592ee42 Module version bump and changelog for milter ports patch from Paul Howarth. 2011-09-20 09:49:48 -04:00
Paul Howarth
d27a504b0e Add milter_port_t 
Add a milter_port_t for use with inet sockets for communication
between milters and MTAs.

There are no defined ports with this type: admins are expected
to use semanage to specify the ports being used for milters.
 2011-09-20 09:24:58 -04:00
Chris PeBenito
99a34d527e eparate portage fetch rules out of portage_run() and portage_domtrans() from Sven Vermeulen. 2011-09-14 12:48:13 -04:00
Chris PeBenito
370081cc60 Remove stray "A" from unconfined. 2011-09-14 12:46:56 -04:00
Sven Vermeulen
017b505110 Allow unconfined users to call portage features 
The unconfined user is currently not allowed to call portage-related
functions. However, in a targeted system (with unconfined domains
enabled), users (including administrators) should be allowed to
transition to the portage domain.

We position the portage-related calls outside the "ifdef(distro_gentoo)"
as other distributions support Portage as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-09-14 12:33:11 -04:00
Sven Vermeulen
c94b5e3d18 Allow sysadm_t to call all portage related services 
The system administrator (in sysadm_t) is the only "user" domain that is
allowed to call portage-related services. So it also gains the privilege
to execute portage tree management functions (and as such transition to
portage_fetch_t).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-09-14 12:33:07 -04:00
Chris PeBenito
a108d9db60 Enhance corenetwork network_port() macro to support ports that do not have a well defined port number, such as stunnel. 2011-09-14 12:17:22 -04:00
Chris PeBenito
eb6591ff84 Opendkim support in dkim module from Paul Howarth. 2011-09-14 10:06:32 -04:00
Chris PeBenito
82ee50ac21 Wireshark updates from Sven Vermeulen. 2011-09-14 09:00:39 -04:00
Chris PeBenito
1c5dacd2c0 Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod. 
Based on a patch from Dan Walsh.
 2011-09-13 14:45:14 -04:00
Chris PeBenito
f718181930 Module version bump for semanage permissive mode feature support. 2011-09-13 12:43:37 -04:00
Sven Vermeulen
f12ebf31e2 Support semanage permissive mode 
The semanage application supports a "semanage permissive" feature,
allowing certain domains to be marked for running permissive (rather
than the entire system).

To support this feature, we introduce a semanage_var_lib_t type for the
location where semanage will keep its permissive_<domain>.* files, and
allow semanage_t to work with fifo_files (needed for the command to
work).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-09-13 12:36:48 -04:00
Chris PeBenito
b7e70f900f Add contrib submodule. 2011-09-09 10:26:58 -04:00
Chris PeBenito
09248fa0db Move modules to contrib submodule. 2011-09-09 10:10:03 -04:00
Chris PeBenito
f07bc3f973 Module version and changelog for openrc and portage updates from Sven Vermeulen. 2011-09-06 14:02:12 -04:00
Chris PeBenito
6cd8334d12 Whitespace fixes in portage and init. 2011-09-06 14:00:58 -04:00