nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,325 Commits 1 Branch 0 Tags 16 MiB
d47cc12801
Commit Graph

53 Commits

Author SHA1 Message Date
Chris PeBenito
78276fc43b Drop module versioning. 
Semodule stopped using this many years ago. The policy_module() macro will
continue to support an optional second parameter as version.
If it is not specified, a default value of 1 is set.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2022-01-06 09:19:13 -05:00
Chris PeBenito
4248e38824 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-08 10:53:44 -04:00
Chris PeBenito
4aa1562208 files, kernel, selinux: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-27 14:21:06 -04:00
Chris PeBenito
3d0a6f966f selinux: Add dontaudits when secure mode Booleans are enabled. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-19 15:50:59 -04:00
Chris PeBenito
9d57bf3a2e selinux: Change generic Boolean type to boolean_t. 
This will prevent other security_t writers from setting Boolean pending
values, which could be activated unwittingly by setbool processes.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-19 15:50:25 -04:00
Chris PeBenito
d84e0ee70f selinux: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-12 09:57:36 -05:00
Chris PeBenito
3ab2274e3d selinux: Add a secure_mode_setbool Boolean. 
Enabling this will disable all permissions for setting SELinux Booleans,
even for unconfined domains.

This does not affect setenforce.  Enable secure_mode_policyload along with
secure_mode_setbool to fully lock the SELinux security interface.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-05 16:13:11 -05:00
Chris PeBenito
ff983a6239 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-03 08:38:26 -05:00
Chris PeBenito
c33866e1f6 selinux, init, systemd, rpm: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-09-09 16:55:06 -04:00
Chris PeBenito
b2f72e833b Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-02-29 16:54:39 -05:00
Chris PeBenito
921eb37a97 rpm, selinux, sysadm, init: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2019-07-13 14:07:11 -04:00
Chris PeBenito
445cbed7c7 Bump module versions for release. 2019-02-01 15:03:42 -05:00
Chris PeBenito
d301e83161 mozilla, devices, selinux, xserver, init, iptables: Module version bump. 2018-07-10 20:11:40 -04:00
Chris PeBenito
495e2c203b Remove complement and wildcard in allow rules. 
Remove complement (~) and wildcard (*) in allow rules so that there are no
unintentional additions when new permissions are declared.

This patch does not add or remove permissions from any rules.
 2017-08-13 16:21:44 -04:00
cgzones
d8cb498284 remove trailing whitespaces 2016-12-06 13:45:13 +01:00
Chris PeBenito
c23353bcd8 Bump module versions for release. 2015-12-08 09:53:02 -05:00
Chris PeBenito
b94f45d760 Revise selinux module interfaces for perms protected by neverallows. 
Use the allow rules on the relevant attributes in selinux.te, rather than
only using the attribute to pass the neverallows.

Closes #14
 2015-11-04 15:10:29 -05:00
Chris PeBenito
468185f5f7 Bump module versions for release. 2014-12-03 13:37:38 -05:00
Chris PeBenito
6624f9cf7a Drop RHEL4 and RHEL5 support. 2014-09-24 13:10:37 -04:00
Chris PeBenito
92ccf71c26 Module version bump for /sys/fs/selinux support from Sven Vermeulen. 2014-04-21 09:01:08 -04:00
Chris PeBenito
10ff4d0fa3 Bump module versions for release. 2014-03-11 08:16:57 -04:00
Chris PeBenito
7f736f3587 Module version bump for selinuxfs location change from Dominick Grift. 2013-09-26 09:52:37 -04:00
Chris PeBenito
3516535aa6 Bump module versions for release. 2012-07-25 14:33:06 -04:00
Chris PeBenito
2e83467903 Module version bump and changelog for virt updates from Sven Vermeulen. 2012-04-23 10:43:15 -04:00
Chris PeBenito
94d8bd2904 Module version bump for mountpoint patches from Sven Vermeulen. 2012-04-23 09:33:17 -04:00
Sven Vermeulen
26cfbe5317 Marking debugfs and securityfs as mountpoints 
The locations for debugfs_t (/sys/kernel/debug) and security_t
(/selinux or /sys/fs/selinux) should be marked as mountpoints as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-04-23 09:21:15 -04:00
Chris PeBenito
f65edd8280 Bump module versions for release. 2012-02-15 14:32:45 -05:00
Chris PeBenito
8e94109c52 Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions. 2011-09-26 10:44:27 -04:00
Chris PeBenito
aecd12c7b0 Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
Chris PeBenito
aa4dad379b Module version bump for release. 2011-07-26 08:11:01 -04:00
Chris PeBenito
ed17ee5394 Pull in additional changes in kernel layer from Fedora. 2011-03-31 09:49:01 -04:00
Chris PeBenito
826d014241 Bump module versions for release. 2010-12-13 09:12:22 -05:00
Chris PeBenito
220915dcad Add mounting interfaces for selinuxfs. 2010-10-28 14:32:24 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito
0b36a2146e trunk: Enable open permission checks policy capability. 2008-10-16 16:09:20 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
04d2861035 trunk: missing bits from dan's previous round of patches. 2008-10-09 14:01:53 +00:00
Chris PeBenito
0bfccda4e8 trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
Chris PeBenito
0a14f3ae09 trunk: bump module version numbers for release. 2008-04-02 16:04:43 +00:00
Chris PeBenito
91d6c92160 trunk: a pair of tweaks from gentoo systems. 2008-03-14 14:55:34 +00:00
Chris PeBenito
f7925f25f7 trunk: bump module versions for release. 2007-12-14 14:23:18 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
116c1da330 trunk: update module version numbers for release. 2007-06-29 14:48:13 +00:00
Chris PeBenito
5bf9deb5bb trunk: 3 patches from dan 2007-06-20 19:47:10 +00:00
Chris PeBenito
0251df3e39 bump module versions for release 2007-04-17 13:28:09 +00:00
Chris PeBenito
86d754eed6 Add support for libselinux 2.0.5 init_selinuxmnt() changes. 2007-02-27 17:02:35 +00:00
Chris PeBenito
a52b4d4f23 bump versions to release numbers 2006-10-18 19:25:27 +00:00
Chris PeBenito
e070dd2df0 - Move range transitions to modules. 
- Make number of MLS sensitivities, and number of MLS and MCS
  categories configurable as build options.
 2006-10-04 17:25:34 +00:00