nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,545 Commits 1 Branch 0 Tags 16 MiB
c149cf9fc3
Commit Graph

4545 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
7cc502dfe5 mailman: Fixes from Russell Coker. 2017-02-23 20:59:14 -05:00
Russell Coker
d504e1ef1b rw_inherited_file_perms 
This patch defines rw_inherited_file_perms.  It's needed by a few patches
I'm going to send soon so I need to get it in before they go in.

Also it's generally a good thing to have.  We should reconsider some of the
other policy for whether it should use this.
 2017-02-23 20:52:04 -05:00
Chris PeBenito
c12d16435b Xen fixes from Russell Coker. 2017-02-23 20:32:17 -05:00
Chris PeBenito
c3c767bae2 Module version bump for CI fixes. 2017-02-23 20:32:10 -05:00
Chris PeBenito
65e60689d4 Fix CI errors. 2017-02-23 20:16:40 -05:00
Chris PeBenito
2087bde934 Systemd fixes from Russell Coker. 2017-02-23 20:03:23 -05:00
Chris PeBenito
485929b762 Module version bump for ntp fixes from cgzones. 2017-02-22 19:01:20 -05:00
Chris PeBenito
389e3c954f Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy 2017-02-22 18:37:29 -05:00
cgzones
17753638ca add init_daemon_lock_file() 
needed for ntp
 2017-02-21 15:07:47 +01:00
Chris PeBenito
14cc33cba9 alsa, vnstat: Updates from cgzones. 2017-02-20 12:14:23 -05:00
Chris PeBenito
498fb3c6e8 Module version bump for cgroups systemd fix from cgzones. 2017-02-20 11:21:00 -05:00
Chris PeBenito
e72556c6dd Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy 2017-02-20 11:13:07 -05:00
Chris PeBenito
132db642bd Module version bump for selinuxutil and systmd changes from cgzones. 2017-02-20 10:57:50 -05:00
Chris PeBenito
34cfce5410 Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy 2017-02-20 10:53:56 -05:00
Chris PeBenito
e52b701f59 Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy 2017-02-20 10:43:18 -05:00
Chris PeBenito
3b1909d1d1 fetchmail, mysql, tor: Misc fixes from Russell Coker. 2017-02-20 10:33:23 -05:00
Chris PeBenito
b5497053e9 monit: Fix build error. 
Uncovered by Travis-CI.
 2017-02-20 08:43:12 -05:00
cgzones
5770a8ee7c update init_ACTION_all_units 
When with systemd a program does not ship a systemd unit file but only a init script, systemd creates a pseudo service on the fly.
To be able to act on this service, add the target attribute init_script_file_type to the init_ACTION_all_units interfaces.

Useful for monit.
 2017-02-20 14:24:56 +01:00
cgzones
e4f3940729 add fs_getattr_dos_dirs() 
useful
 2017-02-20 14:20:33 +01:00
cgzones
c753c066d1 add corecmd_check_exec_bin_files() 
useful for monit
 2017-02-20 14:20:33 +01:00
cgzones
9b5d89fcf6 newrole: fix denials 
dontaudit net_admin access due to setsockopt
allow communication with systemd-logind
 2017-02-20 14:10:17 +01:00
Chris PeBenito
ede0dadc05 Monit policy from Russell Coker and cgzones. 2017-02-19 16:39:35 -05:00
Chris PeBenito
53fb3a3ba4 dpkg: Updates from Russell Coker. 2017-02-19 16:13:14 -05:00
cgzones
ba0e51c5b0 su: some adjustments 
* systemd fixes
* remove unused attribute su_domain_type
* remove hide_broken_symptoms sections
* dontaudit init_t proc files access
* dontaudit net_admin capability due to setsockopt
 2017-02-18 21:50:45 +01:00
cgzones
4d413fd0cb authlogin: introduce auth_use_pam_systemd 
add special interface for pam_systemd module permissions
 2017-02-18 21:50:45 +01:00
Chris PeBenito
2fcce0a88f Merge branch 'master' of github.com:TresysTechnology/refpolicy 2017-02-18 14:02:36 -05:00
Chris PeBenito
4c16ca2d66 Only display the WERROR notice if there actually are errors. 2017-02-18 13:59:33 -05:00
Chris PeBenito
14566f96a9 Module version bump for hostname fix from cgzones. 2017-02-18 13:58:29 -05:00
cgzones
a5658b85a0 locallogin: adjustments 
* do not grant permissions by negativ matching
* separate dbus from consolekit block for systemd
 2017-02-18 19:36:44 +01:00
Chris PeBenito
36fa3d8916 Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy 2017-02-18 13:32:23 -05:00
cgzones
8266424bcb systemd_cgroups_t: fix denials 2017-02-18 18:41:45 +01:00
Chris PeBenito
7d9a3be9f0 Merge pull request #98 from cgzones/admin_process_pattern 
add admin_process_pattern macro
 2017-02-18 12:38:23 -05:00
Chris PeBenito
3726cd58f6 Module version bump for changes from cgzones. 2017-02-18 12:28:38 -05:00
Chris PeBenito
abe9e18f73 Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy 2017-02-18 11:54:16 -05:00
Chris PeBenito
e96c357b79 Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy 2017-02-18 11:51:40 -05:00
Chris PeBenito
8b6525e992 Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy 2017-02-18 11:39:05 -05:00
Chris PeBenito
959f78de99 Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy 2017-02-18 11:34:23 -05:00
Chris PeBenito
74d6a63ff9 mon: Fix deprecated interface usage. 2017-02-18 11:21:34 -05:00
Chris PeBenito
c784507bce Travis-CI: Terminate build immediately on error. 
See travis-ci/travis-ci#1066.
 2017-02-18 10:37:35 -05:00
Chris PeBenito
1af24ad32b Fix Travis-CI WERROR support. 2017-02-18 10:25:48 -05:00
Chris PeBenito
dd03d589e2 Implement WERROR build option to treat warnings as errors. 
Add this to all Travis-CI builds.
 2017-02-18 10:20:20 -05:00
Chris PeBenito
cb35cd587f Little misc patches from Russell Coker. 2017-02-18 09:39:01 -05:00
cgzones
dd4cfd8a77 add admin_process_pattern macro 
useful for MODULE_admin interfaces
 2017-02-17 16:26:22 +01:00
cgzones
7ff92a886a files: no default types for /run and /var/lock 
encourage private types for /run and /var/lock by not providing default contexts anymore
 2017-02-16 17:14:38 +01:00
cgzones
da1ea093cb corecommands: label some binaries as bin_t 2017-02-16 17:05:26 +01:00
cgzones
61b72e0796 selinuxutil: adjustments 
* no negative permission matching for newrole_t:process
* do not label /usr/lib/selinux as policy_src_t, otherwise semodule can not run /usr/lib/selinux/hll/pp
* reorder label for /run/restorecond.pid
* fix systemd related denials
 2017-02-16 16:53:06 +01:00
cgzones
d9fcbdfbb3 hostname: small adjustments 
* reorder process - capabilities statements
* remove unsighted debian block
 2017-02-16 16:39:50 +01:00
cgzones
60983561be sysadm: fix denials 
allow to read kmesg and the selinux policy
 2017-02-16 16:00:14 +01:00
cgzones
7539f65bc2 setfiles: allow getattr to kernel pseudo fs 
userdomains should not alter labels of kernel pseudo filesystems, but allowing setfiles/restorecon(d) to check the contexts helps spotting incorrect labels
 2017-02-16 15:26:29 +01:00
Chris PeBenito
d9980666a4 Update contrib. 2017-02-15 19:08:32 -05:00