nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,664 Commits 1 Branch 0 Tags 16 MiB
ed60abef70
Commit Graph

21 Commits

Author SHA1 Message Date
Chris PeBenito
efa32d9b56 Remove deprecated interfaces older than one year old. 
Additionally one deprecated attribute removed.
 2017-08-06 17:03:17 -04:00
Chris PeBenito
b94f45d760 Revise selinux module interfaces for perms protected by neverallows. 
Use the allow rules on the relevant attributes in selinux.te, rather than
only using the attribute to pass the neverallows.

Closes #14
 2015-11-04 15:10:29 -05:00
Chris PeBenito
6624f9cf7a Drop RHEL4 and RHEL5 support. 2014-09-24 13:10:37 -04:00
Sven Vermeulen
ddca151876 Dontaudit access on security_t file system at /sys/fs/selinux 
Second part of the support of security_t under /sys/fs/selinux - when
asked not to audit getting attributes on the selinux file system, have
this propagate to the sysfs parts as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2014-04-21 08:37:47 -04:00
Sven Vermeulen
4c68c98ed2 The security_t file system can be at /sys/fs/selinux 
Because it is no longer a top-level file system, we need to enhance some
of the interfaces with the appropriate rights towards sysfs_t.

First set to allow getattr rights on the file system, which now also
means getattr on the sysfs_t file system as well as search privileges in
sysfs_t.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2014-04-21 08:37:46 -04:00
Dominick Grift
e6e9e2d08b selinux: selinuxfs is now mounted under /sys/fs/selinux instead of /selinux, so we need to allow domains that use selinuxfs to interface with SELinux to traverse /sys/fs to be able to get to /sys/fs/selinux 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2013-09-26 09:51:01 -04:00
Chris PeBenito
8e94109c52 Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions. 2011-09-26 10:44:27 -04:00
Chris PeBenito
ed17ee5394 Pull in additional changes in kernel layer from Fedora. 2011-03-31 09:49:01 -04:00
Chris PeBenito
220915dcad Add mounting interfaces for selinuxfs. 2010-10-28 14:32:24 -04:00
Dominick Grift
705f70f098 Kernel layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 09:08:07 -04:00
Chris PeBenito
f0435b1ac4 trunk: add support for labeled booleans. 2009-01-13 13:01:48 +00:00
Chris PeBenito
82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito
04d2861035 trunk: missing bits from dan's previous round of patches. 2008-10-09 14:01:53 +00:00
Chris PeBenito
eeef8dc451 trunk: Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. 2007-11-16 14:58:17 +00:00
Chris PeBenito
5bf9deb5bb trunk: 3 patches from dan 2007-06-20 19:47:10 +00:00
Chris PeBenito
86d754eed6 Add support for libselinux 2.0.5 init_selinuxmnt() changes. 2007-02-27 17:02:35 +00:00
Chris PeBenito
bbcd3c97dd add main part of role-o-matic 2006-09-06 22:07:25 +00:00
Chris PeBenito
46551033aa patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00
Chris PeBenito
8b9ebd3769 some cleanup in the kernel layer 2006-07-25 15:23:13 +00:00
Chris PeBenito
133000c286 remove setbool auditallow, except for distro_rhel4. 2006-07-13 14:22:21 +00:00
Chris PeBenito
17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00