Chris PeBenito
4d5b06428b
Bump module versions for release.
2018-01-14 14:08:09 -05:00
Chris PeBenito
8e19b3103e
mls, xserver, systemd, userdomain: Module version bump.
2017-12-12 20:25:32 -05:00
Chad Hanson
5a4f511ff4
Fix implementation of MLS file relabel attributes
...
This patch properly completes the implementation of the MLS file relabel attributes. In the previous patch [http://oss.tresys.com/pipermail/refpolicy/2016-July/008038.html ], a new attribute, mlsfilerelabetoclr, was created. There should have been a second attribute, mlsfilerelabel, created instead of overloading mlsfilewrite for this privilege. I concur with creating new attributes for this situation. I have created the patch below.
Signed-off-by: Chad Hanson <dahchanson@gmail.com>
2017-12-12 20:07:57 -05:00
Chris PeBenito
2037c8f294
kernel, mls, sysadm, ssh, xserver, authlogin, locallogin, userdomain: Module version bumps.
2017-11-04 14:16:20 -04:00
Jason Zaman
09ae441706
mls mcs: Add constraints for key class
...
Taken from fedoras policy
https://github.com/fedora-selinux/selinux-policy/blob/rawhide-base/policy/mls
https://github.com/fedora-selinux/selinux-policy/blob/rawhide-base/policy/mcs
2017-11-04 14:00:56 -04:00
cgzones
d8cb498284
remove trailing whitespaces
2016-12-06 13:45:13 +01:00
Chris PeBenito
34055cae87
Bump module versions for release.
2016-10-23 16:58:59 -04:00
Chris PeBenito
9f55b76f2a
Module version bump for MLS relabeling patch from Lukas Vrabec.
2016-07-27 18:37:56 -04:00
Lukas Vrabec
d4964ae808
Add new MLS attribute to allow relabeling objects higher than system low. This exception is needed for package managers when processing sensitive data.
...
Example of denial:
type=AVC msg=audit(1461664028.583:784): avc: denied { relabelto } for
pid=14322 comm="yum" name="libvirt" dev="dm-0" ino=670147
scontext=root:system_r:rpm_t:s0
tcontext=system_u:object_r:virt_cache_t:s0-s15:c0.c1023 tclass=dir
2016-07-27 18:32:24 -04:00
Chris PeBenito
672ea96b45
Module version bump for mlstrustedsocket from qqo.
2016-05-31 09:15:40 -04:00
qqo
aedd5c314d
Adds attribute mlstrustedsocket, along with the interface.
...
Sample AVC:
type=AVC msg=audit(1459979143.990:219): avc: denied { sendto } for pid=1935
comm="charon" path="/dev/log" scontext=system_u:system_r:initrc_t:s0-s3:c0.c31
tcontext=system_u:system_r:syslogd_t:s3:c0.c31 tclass=unix_dgram_socket permissive=0
This was discussed in 2010: http://oss.tresys.com/pipermail/refpolicy/2010-November/003444.html
2016-04-12 19:28:13 +03:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
16fd1fd814
trunk: MLS constraints for the x_selection class, from Eamon Walsh.
2009-06-05 13:36:19 +00:00
Chris PeBenito
e1a70f1dde
trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
...
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00
Chris PeBenito
0bfccda4e8
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
Chris PeBenito
0a14f3ae09
trunk: bump module version numbers for release.
2008-04-02 16:04:43 +00:00
Chris PeBenito
2c12b471ad
trunk: add core xselinux support.
2008-04-01 20:23:23 +00:00
Chris PeBenito
936f286c16
trunk: add mls constraints to dbus.
2008-01-03 20:37:25 +00:00
Chris PeBenito
3480f3f239
trunk: bump version numbers for release.
2007-09-28 13:58:24 +00:00
Chris PeBenito
d62c0881e2
Update MLS constraints from LSPP evaluated policy.
2007-08-24 14:14:29 +00:00
Chris PeBenito
2d0c9cecaf
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
Chris PeBenito
9760cbec2d
trunk: Database userspace object manager classes from KaiGai Kohei.
2007-08-09 13:15:07 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
f497b8df50
Christopher J. PeBenito wrote:
...
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
2006-11-01 15:42:22 +00:00
Chris PeBenito
a8671ae5b2
enhanced setransd support from darrel goeddel
2006-10-20 14:44:23 +00:00
Chris PeBenito
a52b4d4f23
bump versions to release numbers
2006-10-18 19:25:27 +00:00
Chris PeBenito
e070dd2df0
- Move range transitions to modules.
...
- Make number of MLS sensitivities, and number of MLS and MCS
categories configurable as build options.
2006-10-04 17:25:34 +00:00
Chris PeBenito
cf7af137c0
add mls fd constraints
2006-09-15 19:05:03 +00:00
Chris PeBenito
17de1b790b
remove extra level of directory
2006-07-12 20:32:27 +00:00