Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-10-27 | X Object manager policy revisions to x_contexts.HEADmaster | Eamon Walsh | 3 | -297/+30 | |
Many of the specific event, extension, and property types have been removed for the time being. Polyinstantiation allows selections and properties to be separated in a different way, and new X server support for labeling individual extension requests (as opposed to entire extensions) should make the extension querying problem easier to solve in the future. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> | |||||
2009-10-27 | X Object Manager policy revisions to xserver.if. | Eamon Walsh | 1 | -90/+64 | |
This commit consists of two parts: 1. Revisions to xserver_object_types_template and xserver_common_x_domain_template. This reflects the dropping of many of the specific event, extension, and property types. 2. New interfaces: xserver_manage_core_devices: Gives control over core mouse/keyboard. xserver_unprotected: Allows all clients to access a domain's X objects. Modified interfaces: xserver_unconfined: Added x_domain typeattribute statement. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> | |||||
2009-10-27 | X Object Manager policy revisions to xserver.te. | Eamon Walsh | 1 | -121/+152 | |
This commit consists of three main parts: 1. Code movement. There were X object manager-related statements scattered somewhat throughout the file; these have been consolidated, which resulted in some other statements moving (e.g. iceauth_t). 2. Type changes. Many of the specific event, extension, and property types have been dropped for the time being. The rootwindow_t and remote_xclient_t types have been renamed, and a root_xcolormap_t type has been (re-)added. This is for naming consistency. An "xserver_unprotected" alias has been added for use in labeling clients whose resources should be globally accessible (e.g. xdm_t). 3. Policy changes. These are mostly related to devices, which now have separate x_keyboard and x_pointer classes. The "Hacks" section has been cleaned up, and various other classes have had the default permissions tweaked. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> | |||||
2009-10-26 | add tuned from miroslav grepl. | Chris PeBenito | 4 | -0/+189 | |
2009-10-23 | Install the seusers file for monolithic policy. | Chris PeBenito | 1 | -1/+5 | |
2009-10-22 | reorganize a92ee50 | Chris PeBenito | 1 | -1/+1 | |
2009-10-22 | Implement screen-locking feature. | Dominick Grift | 1 | -0/+2 | |
Signed-off-by: Dominick Grift <domg472@gmail.com> Signed-off-by: Chris PeBenito <cpebenito@tresys.com> | |||||
2009-10-22 | Fix a typo of SElinux to SELinux. | Justin P. Mattock | 1 | -1/+1 | |
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> | |||||
2009-10-22 | add changelog entry for e4928c5f7954ea062815c8a37c9d37e3e3fa40df | Chris PeBenito | 1 | -0/+2 | |
2009-10-22 | add open to search_dir_perms. | Chris PeBenito | 1 | -1/+1 | |
2009-10-14 | Add separate x_pointer and x_keyboard classes inheriting from x_device. | Eamon Walsh | 2 | -21/+38 | |
This is needed to allow more fine-grained control over X devices without using different types. Using different types is problematic because devices act as subjects in the X Flask implementation, and subjects cannot be labeled through a type transition (since the output role is hardcoded to object_r). Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> | |||||
2009-10-07 | revise MCS constraints to use only MCS-specific attributes. | Chris PeBenito | 3 | -12/+57 | |
2009-09-28 | add seunshare from dan. | Chris PeBenito | 4 | -0/+109 | |
2009-09-17 | add dkim from stefan schulze frielinghaus. | Chris PeBenito | 4 | -0/+43 | |
2009-09-16 | add gnomeclock from dan. | Chris PeBenito | 4 | -0/+115 | |
2009-09-15 | add rtkit from dan. | Chris PeBenito | 4 | -0/+77 | |
2009-09-15 | clean up xscreensaver. | Chris PeBenito | 4 | -25/+15 | |
2009-09-15 | SELinux xscreensaver policy support | corentin.labbe | 3 | -0/+87 | |
Hello This a patch for adding xscreensaver policy. I think it need a specific policy because of the auth_domtrans_chk_passwd. cordially Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr> | |||||
2009-09-14 | add modemmanager from dan. | Chris PeBenito | 4 | -0/+82 | |
2009-09-14 | add abrt from dan. | Chris PeBenito | 4 | -0/+254 | |
2009-09-09 | rearrange readahead rules. | Chris PeBenito | 1 | -5/+6 | |
2009-09-09 | readahead patch from dan. | Chris PeBenito | 1 | -1/+3 | |
2009-09-09 | nscd patch from dan. | Chris PeBenito | 2 | -1/+20 | |
2009-09-09 | cron patch from dan. | Chris PeBenito | 3 | -47/+194 | |
2009-09-09 | prelink patch from dan. | Chris PeBenito | 2 | -1/+20 | |
2009-09-08 | nslcd policy from dan. | Chris PeBenito | 4 | -0/+158 | |
2009-09-08 | term_write_all_terms() patch from Stefan Schulze Frielinghaus | Chris PeBenito | 1 | -0/+23 | |
2009-09-03 | add gitosis from miroslav grepl. | Chris PeBenito | 4 | -0/+86 | |
2009-09-03 | cpufreqselector patch from dan. | Chris PeBenito | 1 | -2/+11 | |
2009-09-03 | add an additional vmware host program. | Chris PeBenito | 2 | -1/+2 | |
2009-09-03 | screen patch from dan. | Chris PeBenito | 2 | -12/+3 | |
2009-09-03 | remove stale screen_dir_t references | Chris PeBenito | 1 | -5/+4 | |
The screen_dir_t was made an alias of the screen_var_run_t type. Remove the remaining references to this type. | |||||
2009-09-03 | gpg patch from dan. | Chris PeBenito | 2 | -4/+10 | |
gpg sends sigstop and signull Reads usb devices Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs | |||||
2009-09-02 | openvpn patch from dan: Openvpn connects to cache ports and stores files in ↵ | Chris PeBenito | 1 | -1/+12 | |
nfs and cifs directories. | |||||
2009-09-02 | Webalizer does not list inotify, this was caused by leaked file descriptors ↵ | Chris PeBenito | 1 | -2/+2 | |
in either dbus or cron. Both of which have been cleaned up. | |||||
2009-09-02 | add shorewall from dan. | Chris PeBenito | 6 | -3/+230 | |
2009-09-02 | add kdump from dan. | Chris PeBenito | 4 | -0/+153 | |
2009-09-01 | cdrecord patch from dan. | Chris PeBenito | 1 | -2/+4 | |
2009-09-01 | awstats patch from dan. | Chris PeBenito | 1 | -1/+5 | |
2009-09-01 | certwatch patch from dan. | Chris PeBenito | 1 | -1/+2 | |
2009-09-01 | mrtg patch from dan. | Chris PeBenito | 1 | -1/+7 | |
2009-09-01 | add hddtemp from dan. | Chris PeBenito | 5 | -1/+83 | |
2009-08-31 | add ptchown policy from dan. | Chris PeBenito | 3 | -0/+52 | |
2009-08-31 | pulseaudio patch from dan. | Chris PeBenito | 2 | -3/+15 | |
2009-08-31 | man page update from dan. | Chris PeBenito | 2 | -7/+15 | |
2009-08-31 | module version number bump for nscd patch. | Chris PeBenito | 1 | -1/+1 | |
2009-08-31 | nscd cache location changed from /var/db/nscd to /var/cache/nscd | Manoj Srivastava | 1 | -0/+1 | |
The nscd policy module uses the old nscd cache location. The cache location changed with glibc 2.7-1, and the current nscd does place the files in /var/cache/nscd/. Signed-off-by: Manoj Srivastava <srivasta@debian.org> | |||||
2009-08-31 | kismet patch from dan. | Chris PeBenito | 4 | -2/+38 | |
2009-08-31 | module version number bump for tun patches | Chris PeBenito | 5 | -5/+5 | |
2009-08-31 | rename admin_tun_type to admindomain. | Chris PeBenito | 2 | -5/+5 | |