Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-08-31 | reorganize tun patch changes. | Chris PeBenito | 4 | -50/+47 | |
2009-08-31 | refpol: Policy for the new TUN driver access controls | Paul Moore | 8 | -0/+56 | |
Add policy for the new TUN driver access controls which allow policy to control which domains have the ability to create and attach to TUN/TAP devices. The policy rules for creating and attaching to a device are as shown below: # create a new device allow domain_t self:tun_socket { create }; # attach to a persistent device (created by tunlbl_t) allow domain_t tunlbl_t:tun_socket { relabelfrom }; allow domain_t self:tun_socket { relabelto }; Further discussion can be found on this thread: * http://marc.info/?t=125080850900002&r=1&w=2 Signed-off-by: Paul Moore <paul.moore@hp.com> | |||||
2009-08-31 | refpol: Add the "tun_socket" object class flask definitions | Paul Moore | 2 | -0/+4 | |
Add the new "tun_socket" class to the flask definitions. The "tun_socket" object class is used by the new TUN driver hooks which allow policy to control access to TUN/TAP devices. Signed-off-by: Paul Moore <paul.moore@hp.com> | |||||
2009-08-28 | patch from Eamon Walsh to remove useage of deprecated xserver interfaces. | Chris PeBenito | 5 | -6/+6 | |
2009-08-28 | deprecate userdom_xwindows_client_template | Chris PeBenito | 5 | -30/+117 | |
The X policy for users is currently split between userdom_xwindows_client_template() and xserver_role(). Deprecate the former and put the rules into the latter. For preserving restricted X roles (xguest), divide the rules into xserver_restricted_role() and xserver_role(). | |||||
2009-08-26 | Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. | Chris PeBenito | 2 | -5/+6 | |
2009-08-25 | split dev_create_cardmgr_dev() into a create and a filetrans interface. | Chris PeBenito | 3 | -8/+27 | |
2009-08-25 | Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy | Chris PeBenito | 5 | -5/+8 | |
2009-08-25 | split dev_manage_dri_dev() into a manage and a filetrans interface. | Chris PeBenito | 3 | -1/+20 | |
2009-08-18 | reorganize dbus.fc. | Chris PeBenito | 1 | -2/+2 | |
2009-08-18 | module version bumps and changelog update for the previous 3 commits. | Chris PeBenito | 3 | -2/+3 | |
2009-08-18 | Gentoo dbus in libexec | LABBE Corentin | 1 | -0/+1 | |
2009-08-18 | portage need capability sys_nice | LABBE Corentin | 1 | -0/+1 | |
2009-08-18 | Missing comma in policykit | LABBE Corentin | 1 | -1/+1 | |
2009-08-18 | Debian policykit fixes from Martin Orr. | Chris PeBenito | 3 | -1/+10 | |
The policykit binaries on Debian live in /usr/lib/policykit so add file contexts for that. Also a couple of policykit rules. | |||||
2009-08-17 | Fix unconfined_r use of unconfined_java_t. | Chris PeBenito | 4 | -3/+28 | |
The unconfined role is running java in the unconfined_java_t. The current policy only has a domtrans interface, so the unconfined_java_t domain is not added to unconfined_r. Add a run interface and change the unconfined module to use this new interface. | |||||
2009-08-17 | Fix Makefile info message for installing policy headers | Chris PeBenito | 1 | -1/+1 | |
The Makefile is currently using the policy TYPE (standard|mls|mcs) rather than the more informative NAME (eg strict, targeted, etc). Fix the Makefile to use NAME. | |||||
2009-08-14 | Add missing x_device rules for XI2 functions, from Eamon Walsh. | Chris PeBenito | 2 | -0/+3 | |
> Whats the difference between add/remove and create/destroy? > > The devices are in a kind of hierarchy. You can now create one or more > "master devices" (mouse cursor and keyboard focus). The physical input > devices are "slave devices" that attach to master devices. > > Add/remove controls the ability to add/remove slave devices from a > master device. Create/destroy controls the ability to create new master > devices. | |||||
2009-08-12 | Add missing rules to make unconfined_cronjob_t a valid cron job domain. | Chris PeBenito | 2 | -1/+11 | |
Unconfined_cronjob_t is not a valid cron job domain because the cron module is lacking a transition from the crond to the unconfined_cronjob_t domain. This adds the transition and also a constraints exemption since part of the transition is also a seuser and role change typically. | |||||
2009-08-11 | remove redundant xen_append_log() call in hostname. | Chris PeBenito | 1 | -4/+0 | |
2009-08-11 | Add btrfs and ext4 to labeling targets. | Chris PeBenito | 2 | -5/+7 | |
2009-08-10 | Fix infrastructure to expand macros in initrc_context when installing. | Chris PeBenito | 4 | -2/+8 | |
The initrc_context file uses the mls_systemhigh macro and needs to be properly expanded based on the build.conf settings. Add makefile support to do this. | |||||
2009-08-10 | fix refpolicy ticket #48. | Chris PeBenito | 2 | -1/+4 | |
2009-08-05 | Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. | Chris PeBenito | 2 | -6/+13 | |
2009-08-05 | Add missing compatibility aliases for xdm_xserver*_t types. | Chris PeBenito | 2 | -4/+6 | |
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for compatibility were mistakenly not added to the policy. | |||||
2009-08-05 | module version number bump for release 2.20090730 that was mistakenly omitted. | Chris PeBenito | 219 | -219/+219 | |
2009-08-05 | fix ordering in sysnetwork. | Chris PeBenito | 1 | -18/+16 | |
2009-08-05 | fix ordering in raid. | Chris PeBenito | 1 | -12/+12 | |
2009-08-05 | fix ordering in pcmcia. | Chris PeBenito | 1 | -10/+9 | |
2009-08-05 | fix ordering in mount. | Chris PeBenito | 1 | -26/+27 | |
2009-08-05 | fix ordering in modutils. | Chris PeBenito | 1 | -78/+76 | |
2009-08-05 | fix ordering of interface calls in lvm. | Chris PeBenito | 1 | -18/+18 | |
2009-08-05 | fix ordering of interface calls in locallogin. | Chris PeBenito | 1 | -23/+23 | |
2009-08-05 | fix ordering of interface calls in iptables. | Chris PeBenito | 1 | -19/+19 | |
2009-08-05 | fix ordering of interface calls in init. | Chris PeBenito | 1 | -39/+38 | |
2009-08-05 | fix ordering of interface calls in hostname. | Chris PeBenito | 1 | -7/+7 | |
2009-08-05 | fix ordering of interface calls in getty. | Chris PeBenito | 1 | -8/+8 | |
2009-08-05 | fix ordering of interface calls in fstools. | Chris PeBenito | 1 | -30/+27 | |
2009-08-05 | fix ordering of interface calls in clock. | Chris PeBenito | 1 | -4/+4 | |
2009-08-05 | fix ordering of interface calls in authlogin. | Chris PeBenito | 1 | -15/+15 | |
2009-08-05 | fix ordering of interface calls in sudo. | Chris PeBenito | 1 | -15/+15 | |
2009-07-30 | release 2.20090730 | Chris PeBenito | 2 | -1/+2 | |
2009-07-30 | changelog entry for the previous gentoo fixes | Chris PeBenito | 1 | -0/+1 | |
2009-07-30 | add bin_t labeling for gentoo dhcpcd-run-hooks location | Chris PeBenito | 2 | -1/+4 | |
2009-07-30 | openrc unfortunately mounts a tmpfs at /lib/rc | Chris PeBenito | 1 | -1/+7 | |
2009-07-30 | gentoo init script system uses tmpfs for state data | Chris PeBenito | 1 | -5/+3 | |
2009-07-29 | gentoo init script system sends audit messages. | Chris PeBenito | 1 | -1/+3 | |
2009-07-29 | alsa file location update for debian, from Manoj. | Chris PeBenito | 2 | -1/+6 | |
2009-07-29 | whitespace fixes in apt. | Chris PeBenito | 2 | -2/+2 | |
2009-07-29 | clean up 6a192f70d42013fcbd4eefe1f35cab3de313cedb | Chris PeBenito | 2 | -19/+18 | |