Jeremy Solt
781393fbe9
radius patch from Dan Walsh
...
"radious execs ntml_auth
tmpfs /var/run"
2010-11-19 11:59:05 -05:00
Chris PeBenito
e6e42cd4c9
Module version bump for ulogd.
2010-11-19 11:39:51 -05:00
Chris PeBenito
b9a562446d
Move all ulogd networking into the mysql and postgres optionals.
2010-11-19 11:39:36 -05:00
Jeremy Solt
a00839dcc1
ulogd patch from Dan Walsh
...
"communicates with mysql and postgres via the network"
2010-11-18 13:26:19 -05:00
Chris PeBenito
8d4ee022e6
Module version bump for usbmuxd.
2010-11-17 11:00:12 -05:00
Jeremy Solt
e6b13f9e1e
usbmuxd patch from Dan Walsh
...
"Lots of stuff labeled var_run_t"
2010-11-17 11:00:12 -05:00
Chris PeBenito
289f1d3c32
Module version bump for uucp.
2010-11-17 10:21:17 -05:00
Jeremy Solt
e7d6384c07
uucp patch from Dan Walsh
...
"Executes ssh to setup connection"
2010-11-17 10:21:17 -05:00
Chris PeBenito
00ea7bbb84
Module version bump for varnishd.
2010-11-17 10:05:36 -05:00
Jeremy Solt
2e2f2cbe04
varnishd patch from Dan Walsh
...
"Kills it self
+ varnishd_read_lib_files(services_munin_plugin_t)"
2010-11-17 10:02:11 -05:00
Chris PeBenito
f920903264
Module version bump for hostname.
2010-11-17 09:30:44 -05:00
Chris PeBenito
8b61886e56
Module version bump for miscfiles.
2010-11-17 09:30:44 -05:00
Chris PeBenito
a2e8969d04
Additional miscfiles tweaks.
2010-11-17 09:30:44 -05:00
Jeremy Solt
d19a291e4e
system_miscfiles patch from Dan Walsh
...
"move cobbler, Allow policy to define certs."
2010-11-17 09:30:44 -05:00
Jeremy Solt
7121e45e00
hostname patch from Dan Walsh
...
"Hostname access Seems to attract leaks."
Edits:
- No dontaudit_leaks in refpolicy, dropped those interface calls, leaving only nis_use_ypbind
2010-11-17 09:30:44 -05:00
Chris PeBenito
9711c7bdb5
Add tun_socket ubac constraint and add tun_socket to socket_class_set.
2010-11-11 09:48:43 -05:00
Chris PeBenito
52f38d23c9
Module version bump for Chris Richards' mount patchset.
2010-11-11 09:48:01 -05:00
Chris PeBenito
66ef236c90
Minor fixes for Chris Richards' mount patchset.
2010-11-11 09:47:37 -05:00
Chris Richards
a861c7c6fd
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:20 -05:00
Chris Richards
4b825e21d4
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:12 -05:00
Chris Richards
55d8395f49
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:15:05 -05:00
Chris Richards
7644a58c1f
dontaudit mount writes to newly mounted filesystems
...
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:14:57 -05:00
Chris Richards
3e99a17663
dontaudit mount writes to newly mounted filesystems
...
As of util-linux-n 2.18, the mount utility now attempts to write to the root
of newly mounted filesystems. It does this in an attempt to ensure that the
r/w status of a filesystem as shown in mtab is correct. To detect whether
a filesystem is r/w, mount calls access() with the W_OK argument. This
results in an AVC denial with current policy. As a fallback, mount also
attempts to modify the access time of the directory being mounted on if
the call to access() fails. As mount already possesses the necessary
privileges, the modification of the access time succeeds (at least on systems
with the futimens() function, which has existed in linux since kernel 2.6.22
and glibc since version 2.6, or about July 2007).
Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-11 09:14:48 -05:00
Chris PeBenito
239e8e214e
AIDE can be configured to log to syslog
2010-11-05 13:13:42 -04:00
Chris PeBenito
bc5a858a4e
Change /dev/log fc to MLS system high.
...
When the syslog recreates this sock_file on startup, it gets this sensitivity anyway.
This will prevent incorrect relabeling if /dev is relabeled.
2010-11-05 13:13:21 -04:00
Chris PeBenito
47ecd96afa
Fix deprecated interface usage in vlock.
2010-11-02 09:17:16 -04:00
Chris PeBenito
65ac69dd0e
Whitespace fix in secadm.te and auditadm.te.
2010-11-02 09:09:05 -04:00
Harry Ciao
20cce006fa
Make auditadm & secadm able to use vlock
...
Make the auditadm and secadm able to use the vlock program.
Also bump their module versions.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2010-11-02 09:06:13 -04:00
Chris PeBenito
6df9de4947
Module version bump for vlock. Changelog entry.
2010-11-01 11:22:25 -04:00
Chris PeBenito
7f9f5bce63
Rename vlock interfaces.
2010-11-01 11:22:07 -04:00
Chris PeBenito
b058561a14
Rearrange rules in vlock.
2010-11-01 11:21:02 -04:00
Harry Ciao
d35e2ee03b
Adding support for the vlock program.
...
Both the system administrator and the unprivileged user could use vlock
to lock the current console when logging in either from the serial console
or by ssh.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2010-11-01 10:43:33 -04:00
Chris PeBenito
ff827d6cc3
Git man page from Dominick Grift.
2010-10-28 14:35:29 -04:00
Chris PeBenito
a31679b43f
FTPd man page patch from Dan Walsh.
2010-10-28 14:34:10 -04:00
Chris PeBenito
220915dcad
Add mounting interfaces for selinuxfs.
2010-10-28 14:32:24 -04:00
Chris PeBenito
c1229a8232
Module version bump for oident. Additional comments for kernel loading.
2010-10-27 15:36:01 -04:00
Jeremy Solt
306d488a52
oident patch from Dan Walsh
2010-10-27 15:17:12 -04:00
Chris PeBenito
7ff21090c1
Additional rearrangement in tor and module version bump.
2010-10-27 15:06:13 -04:00
Jeremy Solt
2925b799f6
tor patch from Dan Walsh
...
Added additional access for dns server (bind on the port shouldn't be enough)
2010-10-27 15:06:13 -04:00
Chris PeBenito
98f8408519
Additional rearrangement in corecommands, along with module version bump.
2010-10-27 14:09:00 -04:00
Jeremy Solt
c60f75ad0f
corecommands patch from Dan Walsh: "Lots of bin_t files"
2010-10-27 13:33:29 -04:00
Chris PeBenito
2341eb2d45
Sosreport changelog entry.
2010-10-26 15:24:02 -04:00
Chris PeBenito
06dbd3bad1
Move sosreport to admin layer.
2010-10-26 15:23:20 -04:00
Chris PeBenito
a0a4752856
Minor sosreport cleanup.
2010-10-26 15:22:24 -04:00
Jeremy Solt
698289ff36
sosreport policy from Dan Walsh
...
- A couple style fixes
2010-10-22 11:16:05 -04:00
Chris PeBenito
00de01dab2
Move kdump to admin layer.
2010-10-21 10:45:20 -04:00
Chris PeBenito
1ec6fe6eef
Module version bump for kdump.
2010-10-21 10:20:24 -04:00
Chris PeBenito
bd0bb4ea7c
Module version bump for setrans.
2010-10-21 10:20:24 -04:00
Jeremy Solt
1b0ce6c984
setrans patch from Dan Walsh
...
Edits:
- Leaving out the mls_trusted_object(setrans_t) for now
2010-10-21 10:20:24 -04:00
Jeremy Solt
d8572a6f5f
kdump patch from Dan Walsh
2010-10-21 10:20:24 -04:00