nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,554 Commits 1 Branch 0 Tags 16 MiB
82d80bf957
Commit Graph

11 Commits

Author SHA1 Message Date
Dave Sugar
6ff1259688 domain: move kernel_read_crypto_sysctls to a common location 
Signed-off-by: Dave Sugar <dsugar100@gmail.com>
 2022-09-14 17:03:04 -04:00
Dave Sugar
91d3378fe3 usbguard: Allow to read fips_enabled sysctl 
node=localhost type=AVC msg=audit(1661391275.238:339): avc:  denied  { search } for  pid=1031 comm="usbguard-daemon" name="crypto" dev="proc" ino=20463 scontext=system_u:system_r:usbguard_t:s0 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=dir permissive=1
node=localhost type=AVC msg=audit(1661391275.238:339): avc:  denied  { read } for  pid=1031 comm="usbguard-daemon" name="fips_enabled" dev="proc" ino=20464 scontext=system_u:system_r:usbguard_t:s0 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=file permissive=1
node=localhost type=AVC msg=audit(1661391275.238:339): avc:  denied  { open } for  pid=1031 comm="usbguard-daemon" path="/proc/sys/crypto/fips_enabled" dev="proc" ino=20464 scontext=system_u:system_r:usbguard_t:s0 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=file permissive=1
node=localhost type=AVC msg=audit(1661391275.238:340): avc:  denied  { getattr } for  pid=1031 comm="usbguard-daemon" path="/proc/sys/crypto/fips_enabled" dev="proc" ino=20464 scontext=system_u:system_r:usbguard_t:s0 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=file permissive=1

Signed-off-by: Dave Sugar <dsugar100@gmail.com>
 2022-08-26 15:20:15 -04:00
Chris PeBenito
78276fc43b Drop module versioning. 
Semodule stopped using this many years ago. The policy_module() macro will
continue to support an optional second parameter as version.
If it is not specified, a default value of 1 is set.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2022-01-06 09:19:13 -05:00
Chris PeBenito
2d371fcee2 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-11-09 11:13:37 -05:00
Kenton Groombridge
19d787597f usbguard, sysadm: misc fixes 
Fixes for usbguard and allow sysadm to connect to usbguard to manage
devices at runtime.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-11-09 11:05:48 -05:00
Chris PeBenito
4248e38824 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-08 10:53:44 -04:00
Chris PeBenito
ea9ce5970a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-04-15 16:01:13 -04:00
Kenton Groombridge
fa5f878f13 usbguard: various fixes 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-03-27 19:53:42 -04:00
Chris PeBenito
d387e79989 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-08-18 09:09:10 -04:00
Chris PeBenito
613708cad6 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-07-04 09:30:45 -04:00
Topi Miettinen
1d2fb171b5
Add usbguard 
Usbguard enforces the USB device authorization policy for all USB
devices. Users can be authorized to manage rules and make device
authorization decisions using a command line tool.

Add rules for usbguard. Optionally, allow authorized users to control
the daemon, which requires usbguard-daemon to be able modify its rules
in /etc/usbguard.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-18 20:23:38 +02:00