nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,863 Commits 1 Branch 0 Tags 16 MiB
bfa73f3c59
Commit Graph

3912 Commits

Author SHA1 Message Date
Chris PeBenito
bfa73f3c59 dovecot, postfix: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-03 13:05:46 -05:00
Chris PeBenito
a7ac056982 Merge pull request #351 from 0xC0ncord/feature/postfix_dovecot_backend 2021-02-03 13:05:27 -05:00
Kenton Groombridge
5b0eee1093
dovecot, postfix: add missing accesses 
postfix_pipe_t requires reading dovecot configuration and connecting to
dovecot stream sockets if configured to use dovecot for local mail
delivery.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-02-03 11:36:42 -05:00
Chris PeBenito
ff983a6239 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-03 08:38:26 -05:00
Chris PeBenito
255c5a4ccd various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 14:30:10 -05:00
Chris PeBenito
5ab1b2ee67 Merge pull request #350 from 0xC0ncord/bugfix/various_dontaudit_20200202 2021-02-02 14:28:42 -05:00
Chris PeBenito
6aaa8ee1c7 Merge pull request #349 from 0xC0ncord/bugfix/lvm_tmpfs_perms 2021-02-02 14:28:40 -05:00
Chris PeBenito
8c042fb9be systemd: Rename systemd_use_machined_devpts(). 
Renamed to systemd_use_inherited_machined_ptys().

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 14:11:47 -05:00
Chris PeBenito
e6fbff4948 systemd: Fix lint errors. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 14:02:49 -05:00
Chris PeBenito
4436cd0d6d various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 13:58:24 -05:00
Chris PeBenito
a673712d8a systemd: Move lines. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 13:50:45 -05:00
Russell Coker
ab0367b4b6 machined 
This patch is for systemd-machined.  Some of it will probably need
discussion but some is obviously good, so Chris maybe you could take
the bits you like for this release?

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-02-02 13:46:42 -05:00
Chris PeBenito
eae12d8418 apt, bootloader: Move lines. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 13:32:42 -05:00
Russell Coker
8b4f1e3384 misc apps and admin patches 
Send again without the section Dominick didn't like.  I think it's ready for inclusion.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-02-02 13:29:48 -05:00
Kenton Groombridge
edd4ba6f32
Various fixes 
Allow dovecot to watch the mail spool, and add various dontaudit rules
for several other domains.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-02-02 10:52:59 -05:00
Chris PeBenito
cfb48c28d0 screen: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 08:47:55 -05:00
Chris PeBenito
460cd1a4b1 Merge pull request #346 from jpds/tmux-xdg-config 2021-02-02 08:47:31 -05:00
Chris PeBenito
aa35a710a5 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 08:47:00 -05:00
Chris PeBenito
9e195ea6ae dpkg, aptcatcher, milter, mysql, systemd: Rename interfaces. 
Rename interfaces from a7f3fdabad.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 08:46:41 -05:00
Russell Coker
a7f3fdabad new version of filetrans patch 
Name changes suggested by Dominick and some more additions.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-02-02 08:31:14 -05:00
Jonathan Davies
9ec80c1b2f apps/screen.te: Allow screen to search xdg directories. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-02-01 21:42:12 +00:00
Chris PeBenito
e7065e2442 certbot: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-01 15:56:31 -05:00
Kenton Groombridge
ed5d860a8c
lvm: add lvm_tmpfs_t type and rules 
cryptsetup uses tmpfs when performing some operations on encrypted
volumes such as changing keys.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-02-01 15:46:24 -05:00
Kenton Groombridge
3ce27e68d9
certbot: add support for acme.sh 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-02-01 15:29:24 -05:00
Jonathan Davies
2bdfc5c742 apps/screen.fc: Added fcontext for tmux xdg directory. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-01-29 14:56:29 +00:00
Chris PeBenito
072c0a9458 userdomain, gpg: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-29 08:35:12 -05:00
Dave Sugar
09bd4af708 Work with xdg module disabled 
These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block

Signed-off-by: Dave Sugar <dsugar@tresys.com>
 2021-01-28 18:13:33 -05:00
Chris PeBenito
3d8e755d85 pacemaker: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 15:28:06 -05:00
Chris PeBenito
9a40ead091 Merge pull request #341 from dsugar100/master 2021-01-28 15:27:53 -05:00
Chris PeBenito
bc746ff391 sudo, spamassassin: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 15:27:03 -05:00
Chris PeBenito
2e6d7b8cb9 Merge pull request #339 from 0xC0ncord/feature/sudodomain_http_connect_boolean 2021-01-28 15:24:38 -05:00
Chris PeBenito
733e8519cc Merge pull request #336 from 0xC0ncord/feature/rspamd_extra_rules 2021-01-28 15:24:34 -05:00
Dave Sugar
f6987e9d82 pcs_snmpd_agent_t fix denials to allow it to read needed queues 
Jan 27 18:16:51 audispd: node=virtual type=AVC msg=audit(1611771411.553:9337): avc:  denied  { search } for  pid=13880 comm="cibadmin" name="qb-6671-13880-13-bRhDEX" dev="tmpfs" ino=88809 scontext=system_u:system_r:pcs_snmp_agent_t:s0 tcontext=system_u:object_r:pacemaker_tmpfs_t:s0 tclass=dir permissive=0
Jan 27 19:53:46 audispd: node=virtual type=AVC msg=audit(1611777226.144:25975): avc:  denied  { getattr } for  pid=29489 comm="systemctl" name="/" dev="tmpfs" ino=14072 scontext=system_u:system_r:pcs_snmp_agent_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0

Signed-off-by: Dave Sugar <dsugar@tresys.com>
 2021-01-28 15:20:20 -05:00
Kenton Groombridge
95dd9ebf61
sudo: add tunable for HTTP connections 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-01-28 15:11:19 -05:00
Chris PeBenito
98681ea89e samba: Fix lint error. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 14:57:19 -05:00
Chris PeBenito
a404dc677e aptcacher: Drop broken config interfaces. 
The aptcacher_etc_t type does not exist in the policy.  The block in cron
will never be enabled because of this, so drop that too.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 14:57:08 -05:00
Chris PeBenito
920ecf48ce apache: Really fix lint error. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 14:34:02 -05:00
Chris PeBenito
cf91901018 apache: Fix lint error. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 14:29:26 -05:00
Chris PeBenito
744290159e apache, fail2ban, stunnel: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 14:26:31 -05:00
Chris PeBenito
981e741a51 Merge pull request #337 from 0xC0ncord/bugfix/fail2ban_journald_map 2021-01-28 13:54:16 -05:00
Chris PeBenito
7bf7abd525 Merge pull request #340 from 0xC0ncord/feature/apache_list_dirs_interface 2021-01-28 13:51:17 -05:00
Chris PeBenito
63b25831a4 Merge pull request #338 from 0xC0ncord/feature/stunnel_logging_type 2021-01-28 13:50:46 -05:00
Chris PeBenito
a3e13450e2 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 11:39:49 -05:00
Chris PeBenito
09fd2a29cf samba: Add missing userspace class requirements in unit interfaces. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 11:39:34 -05:00
Chris PeBenito
94e424aa9b sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba block. 
This moves the existing samba_manage_config(dhcpc_t) that is not tunable
into the tunable block.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 11:30:40 -05:00
Chris PeBenito
5d29c35b89 samba: Move service interface definitions. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 11:27:54 -05:00
Russell Coker
ac5b8737fd misc network patches with Dominick's changes*2 
I think this one is good for merging now.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-01-28 11:22:07 -05:00
Chris PeBenito
621baf7752 samba: Fix samba_runtime_t alias use. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 10:55:54 -05:00
Chris PeBenito
882633aa13 cron: Make backup call for system_cronjob_t optional. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 10:55:35 -05:00
Chris PeBenito
9f8164d35d devicekit, jabber, samba: Move lines. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-28 10:55:09 -05:00