Commit Graph

3357 Commits

Author SHA1 Message Date
Chris PeBenito
26761b31cd Add role attributes to bootloader. 2011-09-21 08:27:40 -04:00
Chris PeBenito
f9145eae44 Add role attributes to dhcpc. 2011-09-21 08:27:37 -04:00
Chris PeBenito
08cf443ff6 Add role attributes in newrole and run_init. 2011-09-21 08:27:34 -04:00
Chris PeBenito
e6453fa567 Add role attributes to mount. 2011-09-21 08:27:32 -04:00
Chris PeBenito
d3cca4f927 Add role attributes to update_modules in modutils. 2011-09-21 08:27:28 -04:00
Chris PeBenito
a858f08e5b Add role attributes in iptables. 2011-09-21 08:27:24 -04:00
Chris PeBenito
e3a043d18d Convert selinuxutil over to role attributes for semanage. 2011-09-21 08:26:58 -04:00
Chris PeBenito
2dd113f11c Move attribute_role decls to top of policy.conf/base.conf. 2011-09-21 08:26:56 -04:00
Chris PeBenito
c0cdc81ee5 Update INSTALL for new toolchain requirements. 2011-09-21 08:26:52 -04:00
Chris PeBenito
dfec2ce3a9 Opendkim self signal patch from Paul Howarth. 2011-09-20 10:17:22 -04:00
Chris PeBenito
bf8592ee42 Module version bump and changelog for milter ports patch from Paul Howarth. 2011-09-20 09:49:48 -04:00
Paul Howarth
d27a504b0e Add milter_port_t
Add a milter_port_t for use with inet sockets for communication
between milters and MTAs.

There are no defined ports with this type: admins are expected
to use semanage to specify the ports being used for milters.
2011-09-20 09:24:58 -04:00
Chris PeBenito
99a34d527e eparate portage fetch rules out of portage_run() and portage_domtrans() from Sven Vermeulen. 2011-09-14 12:48:13 -04:00
Chris PeBenito
370081cc60 Remove stray "A" from unconfined. 2011-09-14 12:46:56 -04:00
Sven Vermeulen
017b505110 Allow unconfined users to call portage features
The unconfined user is currently not allowed to call portage-related
functions. However, in a targeted system (with unconfined domains
enabled), users (including administrators) should be allowed to
transition to the portage domain.

We position the portage-related calls outside the "ifdef(distro_gentoo)"
as other distributions support Portage as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-14 12:33:11 -04:00
Sven Vermeulen
c94b5e3d18 Allow sysadm_t to call all portage related services
The system administrator (in sysadm_t) is the only "user" domain that is
allowed to call portage-related services. So it also gains the privilege
to execute portage tree management functions (and as such transition to
portage_fetch_t).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-14 12:33:07 -04:00
Chris PeBenito
a108d9db60 Enhance corenetwork network_port() macro to support ports that do not have a well defined port number, such as stunnel. 2011-09-14 12:17:22 -04:00
Chris PeBenito
eb6591ff84 Opendkim support in dkim module from Paul Howarth. 2011-09-14 10:06:32 -04:00
Chris PeBenito
82ee50ac21 Wireshark updates from Sven Vermeulen. 2011-09-14 09:00:39 -04:00
Chris PeBenito
1c5dacd2c0 Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod.
Based on a patch from Dan Walsh.
2011-09-13 14:45:14 -04:00
Chris PeBenito
f718181930 Module version bump for semanage permissive mode feature support. 2011-09-13 12:43:37 -04:00
Sven Vermeulen
f12ebf31e2 Support semanage permissive mode
The semanage application supports a "semanage permissive" feature,
allowing certain domains to be marked for running permissive (rather
than the entire system).

To support this feature, we introduce a semanage_var_lib_t type for the
location where semanage will keep its permissive_<domain>.* files, and
allow semanage_t to work with fifo_files (needed for the command to
work).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-13 12:36:48 -04:00
Chris PeBenito
b7e70f900f Add contrib submodule. 2011-09-09 10:26:58 -04:00
Chris PeBenito
09248fa0db Move modules to contrib submodule. 2011-09-09 10:10:03 -04:00
Chris PeBenito
f07bc3f973 Module version and changelog for openrc and portage updates from Sven Vermeulen. 2011-09-06 14:02:12 -04:00
Chris PeBenito
6cd8334d12 Whitespace fixes in portage and init. 2011-09-06 14:00:58 -04:00
Chris PeBenito
ad3ed86a72 Rearrange lines in portage.te. 2011-09-06 13:59:36 -04:00
Chris PeBenito
ca4d39d31c Rename init_rc_exec() to init_exec_rc(). 2011-09-06 13:58:04 -04:00
Sven Vermeulen
9bcb813b57 Allow cron to execute portage commands
Many users use portage from within cron (for instance to update the
portage tree or even automatically update their system). As such, we
allow to run portage from the (system) cronjob domains.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:23:14 -04:00
Sven Vermeulen
49f1631fc0 Allow portage to call gpg
We allow portage to call gpg. However, this requires that the location
where the trustdb is stored is marked as a read/write type. The default
location used within Gentoo is /etc/portage/gpg, which would lead to
portage_conf_t. However, this type should remain a read-only type.

As such, we introduce a type called portage_gpg_t for this location and
grant portage_fetch_t the necessary rights on this type.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:23:07 -04:00
Sven Vermeulen
3274da931e Introduce gpg_exec interface
Some applications might want to execute gpg without requiring a
transition. A possible use case is to allow applications to validate
signatures (made by GnuPG). As long as the application doesn't need to
generate signatures itself and its trustdb is not marked as
gpg_secret_t, it suffices to grant it gpg_exec().

Note that it does require the application to have read/write rights in
the directory where the trustdb is stored (as gpg tries to generate lock
files where the trustdb file is located).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:59 -04:00
Sven Vermeulen
356c704f4d Introduce portage_fetch_t as an application domain
Enhance portage_fetch_t from an application type to a domain. Introduce
the proper portage_fetch_exec_t and add the necessary privileges to the
domain definition to allow portage_fetch_t to be used by Portage
management utilities like layman and emerge-webrsync.

We enhance portage_domtrans() to include portage_fetch_t support.
Providing a different interface (portage_fetch_domtrans) is possible
too, but since every application and role that needs to deal with
portage needs to deal with the fetching as well, and vice versa, we keep
this in portage_domtrans.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:52 -04:00
Sven Vermeulen
706d503e5b Allow the sysadm domain to execute rc
The /sbin/rc binary is used by the system administrator to manage
runlevels (add/delete), check runlevel state, etc. all which do not
require a transition to occur. Hence the /sbin/rc (now labeled
rc_exec_t) is allowed to be executed without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:44 -04:00
Sven Vermeulen
c5cbefb892 Gentoo integrated run_init support re-executes rc
When an init script is launched, Gentoo's integrated run_init support
will re-execute /sbin/rc (an all-in-one binary) for various functions.
The run_init_t domain here should not be allowed to transition yet, so
we allow it to execute /sbin/rc without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:37 -04:00
Sven Vermeulen
032b62f2ed Allow gcc-config to execute rc
The gcc-config application uses some functions (from
/etc/init.d/functions.sh) which are simple wrappers on top of
/sbin/rc. Since this script is sourced and the functions executed
from within gcc_config_t, we allow gcc-config to execute /sbin/rc
without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:31 -04:00
Sven Vermeulen
bce639cff4 Introduce rc_exec_t as file entry for initrc_t
Within Gentoo, the init system (openrc) uses a single binary (/sbin/rc)
for all its functions, be it executing init scripts, managing runlevels,
checking state, etc. This binary is not allowed to be labeled
initrc_exec_t as that would trigger domain transitions where this isn't
necessary (or even allowed).

A suggested solution is to use a separate type declaration for /sbin/rc
(rc_exec_t) which transitions where necessary.

This patch includes support for the /sbin/rc rc_exec_t type and declares
the init_rc_exec() interface which allows domains to execute the binary
without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-09-06 13:22:22 -04:00
Chris PeBenito
8ee51235f6 Allow user and role changes on dynamic transitions with the same constraints as regular transitions. 2011-09-02 09:59:26 -04:00
Chris PeBenito
74aaedde68 Whitespace fixes in rsync, samba, and mount. 2011-09-02 09:55:50 -04:00
Chris PeBenito
c7c9e0e04d Whitespace fix in unprivuser. 2011-09-02 09:20:54 -04:00
Chris PeBenito
102f084d96 New git service features from Dominick Grift.
* git user sessions
* repositories on CIFS/NFS
* inetd service
2011-09-02 09:20:23 -04:00
Chris PeBenito
ec70a331ff Corenetwork policy size optimization from Dan Walsh. 2011-08-26 09:03:25 -04:00
Chris PeBenito
697d0bbf4d Module version bump for puppet mount patch from Sven Vermeulen. 2011-08-25 07:57:06 -04:00
Sven Vermeulen
960b471754 Allow puppet to mount partitions
Puppet is a management utility to manage several dozens or even hundreds of
systems through a single application. Part of its job is to ensure that the
configuration and state of a system is as expected. Part of this is to ensure
that the proper mounts are available and, if not, mount them (or umount them).

This patch allows puppet_t to call mount.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-08-25 07:56:28 -04:00
Chris PeBenito
acf3f0e64d Fix typo in portage_dontaudit_use_fds. 2011-08-25 07:56:01 -04:00
Chris PeBenito
4a586153a1 Module version bump for load_policy dontaudit of leaked portage fds from Sven Vermeulen. 2011-08-25 07:46:26 -04:00
Chris PeBenito
7b4defd475 Move portage_dontaudit_use_fds() interface. 2011-08-25 07:45:08 -04:00
Chris PeBenito
8dc4e0f223 Whitespace fixes in selinuxutil. 2011-08-25 07:43:36 -04:00
Sven Vermeulen
5d77246f5f Do not audit the use of portage' filedescriptors from load_policy_t
During build and eventual activation of the base policy, the load_policy_t
domain attempts to use a portage file descriptor. However, this serves no
purpose (the loading is done correctly and everything is logged
appropriately).

Hence, we dontaudit this use.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-08-25 07:42:34 -04:00
Sven Vermeulen
137f7366ee Introduce portage_dontaudit_use_fds
Support the interface to not audit portage_t:fd use (file descriptors, leaked
or not)

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-08-25 07:42:34 -04:00
Chris PeBenito
68bbbbdec6 Change pppd_can_insmod to a Boolean so tunables and Booleans are not mixed. 2011-08-25 07:34:08 -04:00