nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,115 Commits 1 Branch 0 Tags 16 MiB
6f7d03bd34
Commit Graph

44 Commits

Author SHA1 Message Date
Laurent Bigonville
ca6fefc3c8 Add lxc_contexts config file 
selinux_lxc_contexts_path() function in upstream libselinux points to
this config file. It is ATM used by libvirt.

The file from Fedora also contains sandbox_lxc_process and
sandbox_kvm_process parameters, but I cannot find where they are used,
keep them out of the file for the time being.
 2016-02-19 16:50:42 +01:00
Chris PeBenito
bf0cfe940a Add systemd build option. 2015-10-20 15:01:23 -04:00
Chris PeBenito
6624f9cf7a Drop RHEL4 and RHEL5 support. 2014-09-24 13:10:37 -04:00
Chris PeBenito
cce73689ea Always use the unknown permissions handling build option. 
This compile-time feature is in the minimum-required checkpolicy/checkmodule
for building the policy, so it should always be used.
 2014-06-19 10:52:14 -04:00
Chris PeBenito
0dc377caa4 Add file for placing default_* statements. 2014-04-28 10:00:36 -04:00
Chris PeBenito
f27f36ff15 Make the QUIET build option apply to clean and bare targets. 2014-01-16 11:25:42 -05:00
Chris PeBenito
3bf7fd504c Use python libselinux bindings to determine policy version. 
This eliminates the hardcoded /selinux in Rules.monolithic, which
broke when the filesystem mount was moved to /sys/fs/selinux.
 2013-06-06 09:27:40 -04:00
Chris PeBenito
d04cbbc8de Add /usr/lib to TEST_TOOLCHAIN LD_LIBRARY_PATH. 2012-09-17 09:30:59 -04:00
Sven Vermeulen
f78979eadd Adding default context rules for libvirt 
The libvirt infrastructure requires the availability of the context files.

In this patch, we add the defaults to the three predefined application
contexts (mls/mcs/standard).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-04-23 10:18:45 -04:00
Chris PeBenito
458ab7d2ba Fix makefiles to install files with the correct DAC permissions if the umask is not 022. 
trac ticket #50
 2011-10-19 10:59:16 -04:00
Chris PeBenito
d1af485661 Remove rolemap and per-role template support. 
This support was deprecated and unused in Reference Policy November 5 2008.
 2011-10-14 08:52:21 -04:00
Chris PeBenito
f82712416e Add m4 diverts in corenetwork generation code to clean up resultant files. 2011-10-04 16:00:08 -04:00
Chris PeBenito
f1aed68ac3 Support for file context path substitutions (file_contexts.subs). 
Install file_contexts.subs_dist out of Refpolicy. This is TYPE-agnostic
so the file goes in config/.  Populate the file with current substitutions.
 2011-07-28 13:12:28 -04:00
KaiGai Kohei
b98aba85d9 Add sepgsql_contexts into appconfig-* 
The attached patch adds sepgsql_contexts file into appconfig-*
directory. This configuration is used to initial labeling on
installation time for each database objects.
We can easily look up an appropriate label using selabel_loopup(3)
APIs. The 'sepgsql_contexts' is default for SE-PostgreSQL.

Thanks,
--
KaiGai Kohei <kaigai@ak.jp.nec.com>
 2011-01-04 13:27:40 -05:00
Chris PeBenito
db774a54a6 Add support for custom build options. 2010-09-30 14:53:44 -04:00
Chris PeBenito
0001e26f4f Increased default number of categories to 1024, from Russell Coker. 2010-06-28 09:04:24 -04:00
Chris PeBenito
0bf2bc9156 Fix Makefile info message for installing policy headers 
The Makefile is currently using the policy TYPE (standard|mls|mcs) rather
than the more informative NAME (eg strict, targeted, etc).  Fix the Makefile
to use NAME.
 2009-08-17 09:49:53 -04:00
Chris PeBenito
0f5e26b620 Add btrfs and ext4 to labeling targets. 2009-08-11 09:01:58 -04:00
Chris PeBenito
90286f4292 Fix infrastructure to expand macros in initrc_context when installing. 
The initrc_context file uses the mls_systemhigh macro and needs to be properly
expanded based on the build.conf settings.  Add makefile support to do this.
 2009-08-10 14:00:34 -04:00
Chris PeBenito
019dfaf9dc trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project. 2009-01-15 20:31:06 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
c07f9ccd18 trunk: Add file for enabling policy capabilities. 2008-04-18 14:21:01 +00:00
Chris PeBenito
2c12b471ad trunk: add core xselinux support. 2008-04-01 20:23:23 +00:00
Chris PeBenito
e276d50e21 trunk: Add iferror.m4 rather generate it out of the Makefiles. 2008-03-06 20:17:46 +00:00
Chris PeBenito
12cf805e1c trunk: add basic ubuntu support 2008-02-05 18:24:43 +00:00
Chris PeBenito
13e4e6e3c4 trunk: install securetty_types. 2008-01-17 14:17:26 +00:00
Chris PeBenito
b23e1c1c17 trunk: simplify appconfig file installation. 2008-01-17 14:10:36 +00:00
Chris PeBenito
350b6ab767 trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
Chris PeBenito
8acfcbcc2a trunk: Add support for setting the unknown permissions handling. 2007-09-27 13:41:09 +00:00
Chris PeBenito
96fc0a45be trunk: Fix XML building for external reference builds and headers builds. 2007-09-21 15:06:58 +00:00
Chris PeBenito
4231988555 trunk: add templates to tags generation 2007-06-28 13:13:55 +00:00
Chris PeBenito
56e1b3d207 - Move booleans and tunables to modules when it is only used in a single 
module.
- Add support for tunables and booleans local to a module.
 2007-03-26 18:41:45 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Chris PeBenito
8a2492a2df fix makefile to install root default contexts 2006-10-12 13:18:21 +00:00
Chris PeBenito
212832373e mkdir policy and file contexts dirs in make load of modular policy. 2006-10-10 15:09:59 +00:00
Chris PeBenito
e070dd2df0 - Move range transitions to modules. 
- Make number of MLS sensitivities, and number of MLS and MCS
  categories configurable as build options.
 2006-10-04 17:25:34 +00:00
Chris PeBenito
1a79cf0508 add -E to python commands 2006-09-13 19:10:53 +00:00
Chris PeBenito
bbcd3c97dd add main part of role-o-matic 2006-09-06 22:07:25 +00:00
Chris PeBenito
75beb95014 patch from dan Tue, 05 Sep 2006 17:06:06 -0400 2006-09-06 16:36:23 +00:00
Chris PeBenito
686f11c22c add corenetwork.if dependency on corenetwork.te.in, since it is used to build the .if file 2006-09-05 14:29:37 +00:00
Chris PeBenito
c634db20c6 fix makefile style so internal variables are lowercase 2006-08-31 17:28:35 +00:00
Chris PeBenito
cfd5c5e157 add variable for install, and do other helper pgm cleanup 2006-08-08 21:56:45 +00:00
Chris PeBenito
5a7c06fdd1 add support for netfilter_contexts 2006-08-07 17:25:09 +00:00
Chris PeBenito
17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00