# # ChangeLog for /Changelog # # Generated by Trac 0.10.5 # 09/10/10 00:52:44 # 09/01/10 09:08:09 Chris PeBenito <cpebenito@tresys.com> [785ee7988c7710c80a218270d9199295ffe1fe3b] * Changelog (modified) * policy/modules/admin/vbetool.te (modified) * policy/modules/apps/wine.te (modified) * policy/modules/kernel/domain.te (modified) * policy/modules/services/xserver.te (modified) Module version bump and changelog entry for conditional mmap_zero patch. 08/25/10 10:19:27 Chris PeBenito <cpebenito@tresys.com> [76a9fe96e4374940609310ebd75f13be41eaad49] * Changelog (modified) * policy/modules/admin/readahead.te (modified) * policy/modules/kernel/corecommands.te (modified) * policy/modules/kernel/devices.te (modified) * policy/modules/kernel/filesystem.te (modified) * policy/modules/kernel/kernel.te (modified) * policy/modules/system/hostname.te (modified) * policy/modules/system/init.te (modified) * policy/modules/system/mount.te (modified) Module version bumps and changelog for devtmpfs patchset. 08/19/10 07:41:39 Chris PeBenito <cpebenito@tresys.com> [c62f1bef77c839295b49bdddc7bfd13df780bf4e] * Changelog (modified) * policy/modules/kernel/files.if (modified) * policy/modules/roles/dbadm.if (modified) * policy/modules/roles/dbadm.te (modified) * policy/modules/roles/staff.te (modified) Dbadm updates from KaiGai Kohei. 08/10/10 08:21:01 Chris PeBenito <cpebenito@tresys.com> [a9539a063b132fdf74c2ffe2e7f0416c6120f3f4] * Changelog (modified) * policy/modules/apps/kdumpgui.fc (modified) * policy/modules/apps/kdumpgui.te (modified) Additional kdumpgui cleanup. 08/09/10 08:51:35 Chris PeBenito <cpebenito@tresys.com> [5d6bf457b92a38d3331f0a3a3f32937d85376411] * Changelog (modified) Changelog entry for sambagui. 08/03/10 08:51:01 Chris PeBenito <cpebenito@tresys.com> [12ab39533b33e20bd8004d7620f6ba646c235f41] * Changelog (modified) Changelog entry for accountsd. 08/02/10 08:28:06 Chris PeBenito <cpebenito@tresys.com> [9d4395a736e2a86c55a12b827d08cbf5b44b841f] * Changelog (modified) * policy/modules/services/mojomojo.fc (added) * policy/modules/services/mojomojo.if (added) * policy/modules/services/mojomojo.te (added) MojoMojo from Lain Arnell. 08/02/10 07:33:41 Chris PeBenito <cpebenito@tresys.com> [27eeb649ccc4384d591c21d1e9670c56932d407f] * Changelog (modified) * policy/modules/kernel/storage.te (modified) Virtio disk file context update from Mika Pfluger. 07/19/10 13:22:44 Chris PeBenito <cpebenito@tresys.com> [21fdee9dd56a33723c27045a7bd2eaf6607de7d7] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/kernel/corenetwork.te.m4 (modified) Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh. We went back and reread the bindreservport code in glibc. Turns out the range or ports that this will reserve are 512-1024 rather then 600-1024. The code actually first tries to reserve a port from 600-1024 and if they are ALL reserved will try 512-599. So we need to change corenetwork to reflect this. 07/13/10 07:39:54 Chris PeBenito <cpebenito@tresys.com> [29f3bfa464fee4f777758e7860b4a773236cbc36] * Changelog (modified) * policy/modules/services/clamav.te (modified) Fix JIT usage for freshclam. http://marc.info/?l=selinux&m=127893898208934&w=2 07/07/10 10:10:56 Chris PeBenito <cpebenito@tresys.com> [7e265a8abbd78319fdd1a586193d22f2c90dc131] * Changelog (modified) * policy/modules/admin/shutdown.fc (added) * policy/modules/admin/shutdown.if (added) * policy/modules/admin/shutdown.te (added) Add shutdown from Dan Walsh. 07/07/10 09:28:25 Chris PeBenito <cpebenito@tresys.com> [b841dffda16da196695aba6d5c4cbdb94ed9a919] * Changelog (modified) * policy/modules/apps/livecd.fc (added) * policy/modules/apps/livecd.if (added) * policy/modules/apps/livecd.te (added) Add livecd from Dan Walsh. 07/07/10 08:31:57 Chris PeBenito <cpebenito@tresys.com> [08690c84ad829246ed1eec18cda3e42326b38114] * Changelog (modified) * policy/modules/apps/ethereal.fc (deleted) * policy/modules/apps/ethereal.if (deleted) * policy/modules/apps/ethereal.te (deleted) * policy/modules/apps/userhelper.if (modified) * policy/modules/apps/userhelper.te (modified) * policy/modules/roles/staff.te (modified) * policy/modules/roles/sysadm.te (modified) * policy/modules/roles/unprivuser.te (modified) Remove ethereal module since the application was renamed to wireshark due to trademark issues. 07/07/10 07:41:20 Chris PeBenito <cpebenito@tresys.com> [bca0cdb86e54b910ff3794acf394339251e7b3b6] * Changelog (modified) * policy/modules/apps/ethereal.te (modified) * policy/modules/apps/gift.te (modified) * policy/modules/apps/java.te (modified) * policy/modules/apps/wireshark.te (modified) * policy/modules/services/clamav.te (modified) * policy/modules/services/courier.te (modified) * policy/modules/services/djbdns.te (modified) * policy/modules/services/lpd.te (modified) * policy/modules/services/prelude.te (modified) * policy/modules/services/ricci.te (modified) * policy/modules/services/ssh.te (modified) * policy/modules/services/virt.te (modified) * policy/modules/services/xserver.te (modified) * policy/modules/system/init.te (modified) * policy/modules/system/logging.te (modified) * policy/modules/system/lvm.te (modified) * policy/modules/system/sysnetwork.te (modified) * policy/modules/system/xen.te (modified) Remove duplicate/redundant rules, from Russell Coker. 06/28/10 08:04:24 Chris PeBenito <cpebenito@tresys.com> [0001e26f4f9cf52121e292cbfccd810442717876] * Changelog (modified) * Makefile (modified) * build.conf (modified) * support/Makefile.devel (modified) Increased default number of categories to 1024, from Russell Coker. 06/08/10 12:08:36 Chris PeBenito <cpebenito@tresys.com> [98652c65a382e05d0f6c9a6d37dc1231c2250ccf] * Changelog (modified) Add missing changelog entry for cgroup. 05/26/10 10:53:21 Chris PeBenito <cpebenito@tresys.com> [5c2b95e1b9839c88681010de2bfa204c435cd8fd] * Changelog (modified) Add missing cluster suite modules that were missing from the Changelog. 05/25/10 15:01:49 Chris PeBenito <cpebenito@tresys.com> [03e653bd2815c1f11678cc9ac444f8e61c7b5c2f] * Changelog (modified) * VERSION (modified) Changelog and version update for release. 05/24/10 14:24:40 Chris PeBenito <cpebenito@tresys.com> [f9bdd1e389f13bc99dc047a91f46ab0e3fc1dd31] * Changelog (modified) Add missing changelog entries. 05/18/10 08:54:18 Chris PeBenito <cpebenito@tresys.com> [e9e43f04b3acb365d9e9a30054b1a39fd964ff9f] * Changelog (modified) * policy/modules/services/plymouthd.fc (added) * policy/modules/services/plymouthd.if (added) * policy/modules/services/plymouthd.te (added) Plymouthd policy from Dan Walsh. 04/26/10 11:59:02 Chris PeBenito <cpebenito@tresys.com> [e07fbc004d14e1ac358cdc96d1f0a508aabb2b6a] * Changelog (modified) * policy/modules/services/denyhosts.fc (added) * policy/modules/services/denyhosts.if (added) * policy/modules/services/denyhosts.te (added) Add DenyHosts from Dan Walsh. 04/13/10 10:06:02 Chris PeBenito <cpebenito@tresys.com> [85e71c86da2caf5b4e8a730464a8afc6b0ba3ea5] * Changelog (modified) * policy/modules/kernel/corenetwork.te.m4 (modified) Fix network_port() in corenetwork to correctly handle port ranges. 04/12/10 09:37:21 Chris PeBenito <cpebenito@tresys.com> [ec8d32c8e9afc7ddb56e4ceb9f61d60e2a01c3ea] * Changelog (modified) * policy/modules/services/postgresql.te (modified) [BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package) I found out a bug when we initialize the database with dbadm_r:dbadm_t which belongs to sepgsql_admin_type attribute. In the case when sepgsql_admin_type create a new database objects, it does not have valid type_transition rules. So, it was failed. Sorry, I didn't find out it for a long time. And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary for the administrative domain independently from sepgsql_unconfined_dbadm, because we need to execute some of system defined procedures to look up system tables. 03/29/10 12:29:18 Chris PeBenito <cpebenito@tresys.com> [ee2d2dda241846a7d1a6ca15fe730da269da0224] * Changelog (modified) * policy/modules/services/usbmuxd.fc (added) * policy/modules/services/usbmuxd.if (added) * policy/modules/services/usbmuxd.te (added) Add usbmuxd from Dan Walsh. 03/29/10 10:25:06 Chris PeBenito <cpebenito@tresys.com> [6d4dbd20ae5d5f3c68b79511e7e8d1121ae248a5] * Changelog (modified) * policy/modules/services/vhostmd.fc (added) * policy/modules/services/vhostmd.if (added) * policy/modules/services/vhostmd.te (added) Vhostmd from Dan Walsh. 03/17/10 08:28:18 Chris PeBenito <cpebenito@tresys.com> [827060cb0427192e1f22944f70cc1e4d329a356c] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/kernel/files.if (modified) * policy/modules/kernel/files.te (modified) * policy/modules/services/kerberos.if (modified) * policy/modules/services/kerberos.te (modified) * policy/modules/services/likewise.fc (modified) * policy/modules/services/likewise.if (modified) * policy/modules/services/likewise.te (modified) * policy/modules/system/authlogin.te (modified) Style fixes and module version bumps for 38fc1bd. 02/19/10 08:39:06 Chris PeBenito <cpebenito@tresys.com> [29b580ce8f03809529655e56c611df3890f64d45] * Changelog (modified) * policy/modules/admin/sectoolm.fc (added) * policy/modules/admin/sectoolm.if (added) * policy/modules/admin/sectoolm.te (added) Add sectoolm by Miroslav Grepl. 02/16/10 13:53:59 Chris PeBenito <cpebenito@tresys.com> [a513794b4cdfdd282eee9468cc649e31a5767407] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/services/chronyd.fc (added) * policy/modules/services/chronyd.if (added) * policy/modules/services/chronyd.te (added) Chronyd from Miroslav Grepl. 02/08/10 13:52:02 Chris PeBenito <pebenito@gentoo.org> [12dc618bff8511dfbd533b6f0d5ea394ceea2401] * Changelog (modified) Add changelog entry for 1031ee6. 02/08/10 10:29:12 Chris PeBenito <pebenito@gentoo.org> [e526fca176752f33973854e9181bbf610852b4d6] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/services/nut.fc (added) * policy/modules/services/nut.if (added) * policy/modules/services/nut.te (added) Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl. 02/08/10 09:58:16 Chris PeBenito <pebenito@gentoo.org> [4ebfec730371aade53419aa01b327758b50ed04b] * Changelog (modified) * policy/modules/services/pyicqt.fc (added) * policy/modules/services/pyicqt.if (added) * policy/modules/services/pyicqt.te (added) Add pyicqt from Stefan Schulze Frielinghaus. 02/08/10 09:34:08 Chris PeBenito <pebenito@gentoo.org> [22a2874dbf1e1069e2ecc40a343d4226c6089144] * Changelog (modified) * policy/modules/roles/dbadm.fc (added) * policy/modules/roles/dbadm.if (added) * policy/modules/roles/dbadm.te (added) * policy/modules/roles/staff.te (modified) * policy/modules/roles/unprivuser.te (modified) * policy/modules/services/postgresql.fc (modified) * policy/modules/services/postgresql.if (modified) * policy/modules/services/postgresql.te (modified) * policy/modules/system/userdomain.if (modified) * policy/modules/system/userdomain.te (modified) Add dbadm, from KaiGai Kohei. 12/03/09 09:40:42 Chris PeBenito <cpebenito@tresys.com> [7fc72a02d995026aeec994033459568c7c77fff1] * Changelog (modified) * policy/modules/services/xserver.te (modified) Changelog and version bump for X object manager changes. 11/17/09 09:17:43 Chris PeBenito <cpebenito@tresys.com> [a404bc39a79c678e351ce2d66a8cbb5b7e95ac66] * Changelog (modified) * VERSION (modified) update VERSION and Changelog for release. 11/11/09 10:28:50 Chris PeBenito <cpebenito@tresys.com> [e6d8fd1e508a1980dccfbff87d25be1e2f62ed9b] * Changelog (modified) * policy/modules/admin/usermanage.te (modified) * policy/modules/kernel/files.if (modified) * policy/modules/services/puppet.fc (modified) * policy/modules/services/puppet.if (modified) * policy/modules/services/puppet.te (modified) * policy/modules/system/init.if (modified) * policy/modules/system/libraries.te (modified) additional cleanup for e877913. 11/03/09 08:25:37 Chris PeBenito <cpebenito@tresys.com> [222d5b598773461ded17cb46a2c97f288a20b70b] * Changelog (modified) * policy/modules/services/tgtd.fc (modified) * policy/modules/services/tgtd.if (modified) * policy/modules/services/tgtd.te (modified) clean up 0bca409 and add changelog entry. 10/26/09 08:42:11 Chris PeBenito <cpebenito@tresys.com> [b04669aaeab37a0c85f534c74137a7a7f5d87b6d] * Changelog (modified) * policy/modules/services/tuned.fc (added) * policy/modules/services/tuned.if (added) * policy/modules/services/tuned.te (added) add tuned from miroslav grepl. 10/22/09 08:22:14 Chris PeBenito <cpebenito@tresys.com> [c5967300e2d8d1e516198efaf65a5f1d575c1f6e] * Changelog (modified) add changelog entry for e4928c5f7954ea062815c8a37c9d37e3e3fa40df 09/28/09 14:40:06 Chris PeBenito <cpebenito@tresys.com> [4be8dd10b9a273eef78e2221270826d6305b575b] * Changelog (modified) * policy/modules/apps/seunshare.fc (added) * policy/modules/apps/seunshare.if (added) * policy/modules/apps/seunshare.te (added) add seunshare from dan. 09/17/09 08:12:33 Chris PeBenito <cpebenito@tresys.com> [5a6b1fe2b4a1cd69b0c8c54772b88fdf9201c3be] * Changelog (modified) * policy/modules/services/dkim.fc (added) * policy/modules/services/dkim.if (added) * policy/modules/services/dkim.te (added) add dkim from stefan schulze frielinghaus. 09/16/09 07:38:58 Chris PeBenito <cpebenito@tresys.com> [21b1d1096fbcc97438898b8e75e35e015e6bbda6] * Changelog (modified) * policy/modules/services/gnomeclock.fc (added) * policy/modules/services/gnomeclock.if (added) * policy/modules/services/gnomeclock.te (added) add gnomeclock from dan. 09/15/09 08:53:24 Chris PeBenito <cpebenito@tresys.com> [ed70158a3936aa04b225d824f863f90ced3b7414] * Changelog (modified) * policy/modules/services/rtkit.fc (added) * policy/modules/services/rtkit.if (added) * policy/modules/services/rtkit.te (added) add rtkit from dan. 09/15/09 08:41:42 Chris PeBenito <cpebenito@tresys.com> [1d3b9e384c06cc2e57579b61c968bd75a411baeb] * Changelog (modified) * policy/modules/apps/xscreensaver.fc (modified) * policy/modules/apps/xscreensaver.if (modified) * policy/modules/apps/xscreensaver.te (modified) clean up xscreensaver. 09/14/09 08:48:13 Chris PeBenito <cpebenito@tresys.com> [c141d835f16dc3d1d052ea814a64d6a241f7cb0e] * Changelog (modified) * policy/modules/services/modemmanager.fc (added) * policy/modules/services/modemmanager.if (added) * policy/modules/services/modemmanager.te (added) add modemmanager from dan. 09/14/09 08:22:24 Chris PeBenito <cpebenito@tresys.com> [e3a90e358afbc7dd9cf9687622396395848ef734] * Changelog (modified) * policy/modules/services/abrt.fc (added) * policy/modules/services/abrt.if (added) * policy/modules/services/abrt.te (added) add abrt from dan. 09/08/09 09:31:19 Chris PeBenito <cpebenito@tresys.com> [81bca10b2888e28292a1ba2b18d5c10b5dbf9e3d] * Changelog (modified) * policy/modules/services/nslcd.fc (added) * policy/modules/services/nslcd.if (added) * policy/modules/services/nslcd.te (added) nslcd policy from dan. 09/03/09 08:52:08 Chris PeBenito <cpebenito@tresys.com> [dbed95369cf3e387abe8d43bf632093e64d80d37] * Changelog (modified) * policy/modules/apps/gitosis.fc (added) * policy/modules/apps/gitosis.if (added) * policy/modules/apps/gitosis.te (added) add gitosis from miroslav grepl. 09/02/09 07:58:52 Chris PeBenito <cpebenito@tresys.com> [625be1b4e6b4cc7926379891b50ef95dfb96f139] * Changelog (modified) * policy/modules/admin/shorewall.fc (added) * policy/modules/admin/shorewall.if (added) * policy/modules/admin/shorewall.te (added) * policy/modules/system/iptables.fc (modified) * policy/modules/system/iptables.te (modified) add shorewall from dan. 09/02/09 07:33:25 Chris PeBenito <cpebenito@tresys.com> [71965a1fc58af381ad42a19d3bf5fe8fd54cbfb7] * Changelog (modified) * policy/modules/system/kdump.fc (added) * policy/modules/system/kdump.if (added) * policy/modules/system/kdump.te (added) add kdump from dan. 09/01/09 07:34:04 Chris PeBenito <cpebenito@tresys.com> [aa83007d5a15a314e4df2102cf225a446e43462e] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/services/hddtemp.fc (added) * policy/modules/services/hddtemp.if (added) * policy/modules/services/hddtemp.te (added) add hddtemp from dan. 08/28/09 12:29:36 Chris PeBenito <cpebenito@tresys.com> [93c49bdb04e90cc612c435c49e74b408b67c89a0] * Changelog (modified) * policy/modules/services/xserver.if (modified) * policy/modules/services/xserver.te (modified) * policy/modules/system/userdomain.if (modified) * policy/modules/system/userdomain.te (modified) deprecate userdom_xwindows_client_template The X policy for users is currently split between userdom_xwindows_client_template() and xserver_role(). Deprecate the former and put the rules into the latter. For preserving restricted X roles (xguest), divide the rules into xserver_restricted_role() and xserver_role(). 08/18/09 12:20:01 Chris PeBenito <pebenito@gentoo.org> [62c80e2546a7e632390486e0815e9dc2e3a21b7a] * Changelog (modified) * policy/modules/admin/portage.te (modified) * policy/modules/services/dbus.te (modified) module version bumps and changelog update for the previous 3 commits. 08/18/09 08:49:31 Chris PeBenito <cpebenito@tresys.com> [909922027bdb73dacc0526d52c2801fcc6a95fa1] * Changelog (modified) * policy/modules/services/policykit.fc (modified) * policy/modules/services/policykit.te (modified) Debian policykit fixes from Martin Orr. The policykit binaries on Debian live in /usr/lib/policykit so add file contexts for that. Also a couple of policykit rules. 08/17/09 12:19:26 Chris PeBenito <cpebenito@tresys.com> [b2648249d9b0bc0dcf93ba1112ff7ebad428ac04] * Changelog (modified) * policy/modules/apps/java.if (modified) * policy/modules/apps/java.te (modified) * policy/modules/system/unconfined.te (modified) Fix unconfined_r use of unconfined_java_t. The unconfined role is running java in the unconfined_java_t. The current policy only has a domtrans interface, so the unconfined_java_t domain is not added to unconfined_r. Add a run interface and change the unconfined module to use this new interface. 08/14/09 12:18:16 Chris PeBenito <cpebenito@tresys.com> [4254cec711c3c577a2b84a8d16bab3e09c444df0] * Changelog (modified) * policy/flask/access_vectors (modified) Add missing x_device rules for XI2 functions, from Eamon Walsh. > Whats the difference between add/remove and create/destroy? > > The devices are in a kind of hierarchy. You can now create one or more > "master devices" (mouse cursor and keyboard focus). The physical input > devices are "slave devices" that attach to master devices. > > Add/remove controls the ability to add/remove slave devices from a > master device. Create/destroy controls the ability to create new master > devices. 08/12/09 13:15:39 Chris PeBenito <cpebenito@tresys.com> [2a77737d4ea2623a15b9a8307f1784ba6b2d01f6] * Changelog (modified) * policy/modules/services/cron.te (modified) Add missing rules to make unconfined_cronjob_t a valid cron job domain. Unconfined_cronjob_t is not a valid cron job domain because the cron module is lacking a transition from the crond to the unconfined_cronjob_t domain. This adds the transition and also a constraints exemption since part of the transition is also a seuser and role change typically. 08/11/09 08:01:58 Chris PeBenito <cpebenito@tresys.com> [0f5e26b620b22ed1f05faf4a8ee5891dc6b51c67] * Changelog (modified) * Makefile (modified) Add btrfs and ext4 to labeling targets. 08/10/09 13:00:34 Chris PeBenito <cpebenito@tresys.com> [90286f4292bcb47596a8fe9f4a25822f6b883417] * Changelog (modified) * Makefile (modified) * support/divert.m4 (added) * support/undivert.m4 (added) Fix infrastructure to expand macros in initrc_context when installing. The initrc_context file uses the mls_systemhigh macro and needs to be properly expanded based on the build.conf settings. Add makefile support to do this. 08/05/09 13:19:54 Chris PeBenito <cpebenito@tresys.com> [02e594d5dcfa7a91a62fa56c81b510c19bde618a] * Changelog (modified) * policy/modules/admin/usermanage.te (modified) Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 08/05/09 10:17:53 Chris PeBenito <cpebenito@tresys.com> [e335910197a56b18e42a5154735aa033793270de] * Changelog (modified) * policy/modules/services/xserver.te (modified) Add missing compatibility aliases for xdm_xserver*_t types. When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for compatibility were mistakenly not added to the policy. 07/30/09 13:35:47 Chris PeBenito <cpebenito@tresys.com> [915dfa68b6a9223d187ef20b24e4100d9b754fd9] * Changelog (modified) * VERSION (modified) release 2.20090730 07/30/09 09:41:17 Chris PeBenito <pebenito@gentoo.org> [64c7061e1ab4583cb4765a6fd632e811ca9eef50] * Changelog (modified) changelog entry for the previous gentoo fixes 07/29/09 09:28:31 Chris PeBenito <cpebenito@tresys.com> [20c3ccee1ad196c203a18f8c9d63eeaf2661d1b4] * Changelog (modified) * policy/modules/services/fprintd.fc (added) * policy/modules/services/fprintd.if (added) * policy/modules/services/fprintd.te (added) add fprintd module from dan. 07/29/09 09:02:06 Chris PeBenito <cpebenito@tresys.com> [677c4c2fea067354bb53876d62256c703bfb50c9] * Changelog (modified) * policy/modules/services/devicekit.fc (added) * policy/modules/services/devicekit.if (added) * policy/modules/services/devicekit.te (added) add devicekit module from dan. 07/28/09 07:00:03 Chris PeBenito <cpebenito@tresys.com> [c7ae9ae1c8e8cb27cec9e2fef9ca5ee151c83935] * Changelog (modified) * policy/modules/apps/wm.fc (added) * policy/modules/apps/wm.if (added) * policy/modules/apps/wm.te (added) * policy/modules/services/snort.if (modified) * policy/modules/services/snort.te (modified) Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 07/27/09 14:11:22 Chris PeBenito <pebenito@gentoo.org> [5f6c30f8bd3b15c9845ffb24d2e7035e1ca2fe2d] * Changelog (modified) * policy/modules/apps/wm.fc (added) * policy/modules/apps/wm.if (added) * policy/modules/apps/wm.te (added) wm policy from dan 07/27/09 08:09:00 Chris PeBenito <cpebenito@tresys.com> [f4962ab15b4274c24918c8607466e0876eed7339] * Changelog (modified) * policy/modules/apps/cpufreqselector.fc (added) * policy/modules/apps/cpufreqselector.if (added) * policy/modules/apps/cpufreqselector.te (added) add cpufreqselector from dan 07/23/09 07:58:35 Chris PeBenito <cpebenito@tresys.com> [09516cb4bec24fb6bf6107a5b6471e7160225d14] * Changelog (modified) * policy/global_tunables (modified) * policy/modules/apps/cdrecord.te (modified) * policy/modules/apps/evolution.te (modified) * policy/modules/apps/mozilla.te (modified) * policy/modules/apps/mplayer.te (modified) * policy/modules/apps/screen.if (modified) * policy/modules/apps/screen.te (modified) * policy/modules/apps/thunderbird.te (modified) * policy/modules/kernel/kernel.te (modified) * policy/modules/services/dbus.if (modified) * policy/modules/services/dbus.te (modified) * policy/modules/services/lpd.te (modified) * policy/modules/services/postfix.te (modified) * policy/modules/services/remotelogin.te (modified) * policy/modules/services/spamassassin.te (modified) * policy/modules/services/ssh.if (modified) * policy/modules/services/ssh.te (modified) * policy/modules/system/fstools.te (modified) * policy/modules/system/locallogin.te (modified) * policy/modules/system/userdomain.if (modified) * policy/modules/system/userdomain.te (modified) remove read_default_t tunable 07/21/09 09:05:38 Chris PeBenito <cpebenito@tresys.com> [9b1907b217cb4c4d508b5130fcb6267e38182642] * Changelog (modified) * policy/modules/apps/pulseaudio.fc (added) * policy/modules/apps/pulseaudio.if (added) * policy/modules/apps/pulseaudio.te (added) * policy/modules/kernel/corenetwork.te.in (modified) add pulseaudio from dan. 07/20/09 10:16:22 Chris PeBenito <cpebenito@tresys.com> [dc0ab0f0c3cc5fe26acc3f25671f511b9e8739ec] * Changelog (modified) changelog for previous commit 06/30/09 10:03:20 Chris PeBenito <cpebenito@tresys.com> [50824a99cab12981b5894217c34fc263e35e8983] * Changelog (modified) * policy/modules/services/pads.fc (added) * policy/modules/services/pads.if (added) * policy/modules/services/pads.te (added) trunk: pads from dan. 06/30/09 08:49:53 Chris PeBenito <cpebenito@tresys.com> [267d9c60c5e4bab2da18541320b141607826e3b2] * Changelog (modified) * policy/modules/services/varnishd.fc (added) * policy/modules/services/varnishd.if (added) * policy/modules/services/varnishd.te (added) trunk: varnishd from dan. 06/22/09 10:33:21 Chris PeBenito <cpebenito@tresys.com> [c017ee17ab3b65bbac7c67bc406b07806de057c1] * Changelog (modified) * policy/modules/services/sssd.fc (added) * policy/modules/services/sssd.if (added) * policy/modules/services/sssd.te (added) trunk: add sssd from dan. 06/18/09 09:36:35 Chris PeBenito <cpebenito@tresys.com> [c9c0d846de2488c9f98ec1bceaecb709af713889] * Changelog (modified) * policy/modules/services/milter.fc (modified) * policy/modules/services/milter.te (modified) trunk: Greylist milter from Paul Howarth. 06/18/09 08:57:26 Chris PeBenito <cpebenito@tresys.com> [c7dc1c72227c759716bae80ae89c8692ab7af61d] * Changelog (modified) * policy/modules/admin/su.if (modified) * policy/modules/admin/su.te (modified) trunk: Allow unix_update to change the security attributes associate with files so that it can properly create the shadow file. Also allow it to read from urandom so that it can add salt to the password hash. 06/18/09 08:36:40 Chris PeBenito <cpebenito@tresys.com> [df28a0c44482c5654973504a3ce48f9912be4827] * Changelog (modified) * policy/modules/system/authlogin.te (modified) trunk: Misc fixes for unix_update from Brandon Whalen. 06/18/09 08:07:23 Chris PeBenito <cpebenito@tresys.com> [95ea7d69860ad0455996e150bee415e0cd3f3ee4] * Changelog (modified) * policy/flask/access_vectors (modified) trunk: Add x_device permissions for XI2 functions, from Eamon Walsh. 06/05/09 08:36:19 Chris PeBenito <cpebenito@tresys.com> [16fd1fd814b0a69b0127ab44a1a738fa015aaded] * Changelog (modified) * policy/mls (modified) * policy/modules/kernel/mls.te (modified) trunk: MLS constraints for the x_selection class, from Eamon Walsh. 06/02/09 09:28:40 Chris PeBenito <cpebenito@tresys.com> [cca4a215fe46cbf81d75b773a01c23620073f31c] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/services/gpsd.fc (added) * policy/modules/services/gpsd.if (added) * policy/modules/services/gpsd.te (added) * policy/modules/services/ntp.if (modified) * policy/modules/services/ntp.te (modified) trunk: add gpsd from miroslav grepl 05/07/09 07:35:32 Chris PeBenito <cpebenito@tresys.com> [350ed89156f5a58a7e8bd7db13e40a1e7f5b5674] * Changelog (modified) * policy/flask/access_vectors (modified) * policy/mcs (modified) * policy/mls (modified) * policy/modules/services/postgresql.if (modified) * policy/modules/services/postgresql.te (modified) se-postgresql update from kaigai - rework: Add a comment of "deprecated" for deprecated permissions. - bugfix: MCS policy did not constrain the following permissions. db_database:{getattr} db_table:{getattr lock} db_column:{getattr} db_procedure:{drop getattr setattr} db_blob:{getattr import export} - rework: db_table:{lock} is moved to reader side, because it makes impossible to refer read-only table with foreign-key constraint. (FK checks internally acquire explicit locks.) - bugfix: some of permissions in db_procedure class are allowed on sepgsql_trusted_proc_t, but it is a domain, not a procedure. It should allow them on sepgsql_trusted_proc_exec_t. I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid such kind of confusion, as Chris suggested before. - rework: we should not allow db_procedure:{install} on the sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted procedure implicitly. - bugfix: MLS policy dealt db_blob:{export} as writer-side permission, but it is required whrn the largeobject is refered. - bugfix: MLS policy didn't constrain the db_procedure class. 05/06/09 10:09:46 Chris PeBenito <cpebenito@tresys.com> [da3ed0667f1d5cf9a702e0bc3de03a36ae81ca35] * Changelog (modified) * policy/modules/services/lircd.fc (added) * policy/modules/services/lircd.if (added) * policy/modules/services/lircd.te (added) trunk: lircd from miroslav grepl 05/06/09 09:26:20 Chris PeBenito <cpebenito@tresys.com> [3392356f368fa817c3c7075bdfac36ed2c29f511] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/services/certmaster.fc (added) * policy/modules/services/certmaster.if (added) * policy/modules/services/certmaster.te (added) * policy/modules/services/mysql.fc (modified) * policy/modules/services/mysql.if (modified) * policy/modules/services/mysql.te (modified) * policy/modules/services/squid.fc (modified) * policy/modules/services/squid.if (modified) * policy/modules/services/squid.te (modified) * policy/modules/services/tor.te (modified) * policy/modules/system/lvm.fc (modified) * policy/modules/system/lvm.te (modified) trunk: 5 patches from dan. 04/21/09 15:40:45 Chris PeBenito <cpebenito@tresys.com> [0cf1d560188fd4152f53dff552b4b718de68c08d] * Changelog (modified) * policy/modules/services/milter.fc (modified) * policy/modules/services/milter.if (modified) * policy/modules/services/milter.te (modified) * policy/modules/services/spamassassin.te (modified) trunk: Milter state directory patch from Paul Howarth. 04/20/09 14:03:15 Chris PeBenito <cpebenito@tresys.com> [a5ef553c2db8fff191ed1d80610b35b82301590f] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/services/ifplugd.fc (added) * policy/modules/services/ifplugd.if (added) * policy/modules/services/ifplugd.te (added) * policy/modules/services/pingd.fc (added) * policy/modules/services/pingd.if (added) * policy/modules/services/pingd.te (added) * policy/modules/services/portreserve.fc (added) * policy/modules/services/portreserve.if (added) * policy/modules/services/portreserve.te (added) * policy/modules/services/psad.fc (added) * policy/modules/services/psad.if (added) * policy/modules/services/psad.te (added) * policy/modules/services/ulogd.fc (added) * policy/modules/services/ulogd.if (added) * policy/modules/services/ulogd.te (added) trunk: 5 modules from dan. 04/07/09 09:09:43 Chris PeBenito <cpebenito@tresys.com> [153fe24bdcd42270cbb00442a18b47f08f2039f6] * Changelog (modified) * policy/modules/admin/logrotate.te (modified) * policy/modules/roles/webadm.fc (added) * policy/modules/roles/webadm.if (added) * policy/modules/roles/webadm.te (added) * policy/modules/services/git.fc (added) * policy/modules/services/git.if (added) * policy/modules/services/git.te (added) * policy/modules/system/raid.te (modified) * policy/modules/system/udev.if (modified) * policy/modules/system/udev.te (modified) trunk: 5 patches from dan. 03/31/09 08:40:59 Chris PeBenito <cpebenito@tresys.com> [42d567c3f4f10eec3043c481beb9fc6cc4fb9330] * Changelog (modified) * config/appconfig-mcs/guest_u_default_contexts (added) * config/appconfig-mcs/xguest_u_default_contexts (added) * config/appconfig-mls/guest_u_default_contexts (added) * config/appconfig-mls/xguest_u_default_contexts (added) * config/appconfig-standard/guest_u_default_contexts (added) * config/appconfig-standard/xguest_u_default_contexts (added) * policy/modules/roles/guest.fc (added) * policy/modules/roles/guest.if (added) * policy/modules/roles/guest.te (added) * policy/modules/roles/xguest.fc (added) * policy/modules/roles/xguest.if (added) * policy/modules/roles/xguest.te (added) trunk: 6 patches from dan. 03/19/09 12:56:10 Chris PeBenito <cpebenito@tresys.com> [3c9b2e9bc6c12678fa609e8af702ebb32a605398] * Changelog (modified) * policy/modules/admin/logwatch.te (modified) * policy/modules/admin/usermanage.if (modified) * policy/modules/admin/usermanage.te (modified) * policy/modules/roles/logadm.fc (added) * policy/modules/roles/logadm.if (added) * policy/modules/roles/logadm.te (added) * policy/modules/services/rpc.fc (modified) * policy/modules/services/rpc.if (modified) * policy/modules/services/rpc.te (modified) * policy/modules/services/zosremote.fc (added) * policy/modules/services/zosremote.if (added) * policy/modules/services/zosremote.te (added) * policy/modules/system/udev.fc (modified) * policy/modules/system/udev.if (modified) * policy/modules/system/udev.te (modified) trunk: 6 patches from dan. 03/02/09 09:16:49 Chris PeBenito <cpebenito@tresys.com> [e1a70f1dde1f2a08e3070f6f7a7e373e3fe89606] * Changelog (modified) * policy/mls (modified) * policy/modules/kernel/mls.if (modified) * policy/modules/kernel/mls.te (modified) trunk: add MLS constrains for ingress/egress permissions from Paul Moore. Add MLS constraints for several network related access controls including the new ingress/egress controls and the older Secmark controls. Based on the following post to the SELinux Reference Policy mailing list: * http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html 02/24/09 14:00:15 Chris PeBenito <cpebenito@tresys.com> [156204a3853857c16591820f69ca34d9f1758919] * Changelog (modified) * policy/modules/kernel/filesystem.if (modified) * policy/modules/kernel/filesystem.te (modified) * policy/modules/services/rpc.te (modified) trunk: Drop write permission from fs_read_rpc_sockets(). 02/24/09 13:31:08 Chris PeBenito <cpebenito@tresys.com> [81fa19ed731d70df1199bc6aac3a2672930dd7fa] * Changelog (modified) * policy/modules/system/udev.te (modified) trunk: remove unused udev_runtime_t type. 02/23/09 07:41:28 Chris PeBenito <cpebenito@tresys.com> [f3fcadfe04a87b7e6150ad1aef184862464f3424] * Changelog (modified) * policy/modules/kernel/corenetwork.te.in (modified) trunk: Patch for RadSec port from Glen Turner. 02/03/09 09:45:30 Chris PeBenito <cpebenito@tresys.com> [7722c29e881cbc626bae800f7675efd3371fd239] * Changelog (modified) * policy/modules/kernel/corenetwork.if.in (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/kernel/kernel.te (modified) * policy/policy_capabilities (modified) trunk: Enable network_peer_controls policy capability from Paul Moore. 01/30/09 07:44:14 Chris PeBenito <cpebenito@tresys.com> [805f34ed09ae2f25d45459b1c8eaff5ee4d06852] * Changelog (modified) * policy/modules/kernel/filesystem.te (modified) trunk: btrfs from Paul Moore. 01/23/09 13:49:36 Chris PeBenito <cpebenito@tresys.com> [466e22a8ba555aed848267e4fb853d899caf071d] * Changelog (modified) * policy/flask/access_vectors (modified) * policy/mcs (modified) * policy/mls (modified) * policy/modules/services/postgresql.te (modified) trunk: Add db_procedure install permission from KaiGai Kohei. 01/15/09 14:31:06 Chris PeBenito <cpebenito@tresys.com> [019dfaf9dc94322a0b359a2c60099e4fe26b6b10] * Changelog (modified) * Makefile (modified) * policy/modules/kernel/corenetwork.if.m4 (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/kernel/corenetwork.te.m4 (modified) trunk: Add support for network interfaces with access controlled by a Boolean from the CLIP project. 01/13/09 13:44:23 Chris PeBenito <cpebenito@tresys.com> [9e7a3385091ab832c2f71e6954d28e638e9f499d] * Changelog (modified) * policy/modules/admin/su.if (modified) * policy/modules/admin/su.te (modified) trunk: su fixes from clip. 01/13/09 07:01:48 Chris PeBenito <cpebenito@tresys.com> [f0435b1ac485336656080a8c0d4d1201ad1ba4f6] * Changelog (modified) * policy/modules/kernel/selinux.if (modified) * policy/modules/kernel/selinux.te (modified) * policy/modules/system/init.te (modified) * policy/modules/system/selinuxutil.te (modified) * policy/modules/system/userdomain.if (modified) * policy/modules/system/userdomain.te (modified) trunk: add support for labeled booleans. 01/09/09 13:48:02 Chris PeBenito <cpebenito@tresys.com> [c1262146e0bcbc555a11af3da38eb3a442e75f5b] * Changelog (modified) * policy/modules/admin/amanda.te (modified) * policy/modules/admin/apt.te (modified) * policy/modules/admin/backup.te (modified) * policy/modules/admin/dpkg.te (modified) * policy/modules/admin/firstboot.te (modified) * policy/modules/admin/mrtg.te (modified) * policy/modules/admin/netutils.te (modified) * policy/modules/admin/portage.if (modified) * policy/modules/admin/portage.te (modified) * policy/modules/admin/rpm.te (modified) * policy/modules/admin/sxid.te (modified) * policy/modules/admin/vpn.te (modified) * policy/modules/apps/calamaris.te (modified) * policy/modules/apps/evolution.te (modified) * policy/modules/apps/games.te (modified) * policy/modules/apps/gift.te (modified) * policy/modules/apps/gpg.te (modified) * policy/modules/apps/irc.te (modified) * policy/modules/apps/java.te (modified) * policy/modules/apps/mozilla.te (modified) * policy/modules/apps/qemu.if (modified) * policy/modules/apps/qemu.te (modified) * policy/modules/apps/screen.if (modified) * policy/modules/apps/screen.te (modified) * policy/modules/apps/thunderbird.te (modified) * policy/modules/apps/uml.te (modified) * policy/modules/apps/vmware.te (modified) * policy/modules/apps/webalizer.te (modified) * policy/modules/apps/yam.te (modified) * policy/modules/kernel/corenetwork.if.in (modified) * policy/modules/kernel/corenetwork.te.in (modified) * policy/modules/kernel/kernel.te (modified) * policy/modules/services/afs.te (modified) * policy/modules/services/amavis.te (modified) * policy/modules/services/apache.if (modified) * policy/modules/services/apache.te (modified) * policy/modules/services/apcupsd.te (modified) * policy/modules/services/arpwatch.te (modified) * policy/modules/services/asterisk.te (modified) * policy/modules/services/automount.te (modified) * policy/modules/services/avahi.te (modified) * policy/modules/services/bind.te (modified) * policy/modules/services/bitlbee.te (modified) * policy/modules/services/bluetooth.te (modified) * policy/modules/services/canna.te (modified) * policy/modules/services/ccs.te (modified) * policy/modules/services/cipe.te (modified) * policy/modules/services/clamav.te (modified) * policy/modules/services/clockspeed.te (modified) * policy/modules/services/comsat.te (modified) * policy/modules/services/courier.if (modified) * policy/modules/services/courier.te (modified) * policy/modules/services/cron.te (modified) * policy/modules/services/cups.te (modified) * policy/modules/services/cvs.te (modified) * policy/modules/services/cyphesis.te (modified) * policy/modules/services/cyrus.te (modified) * policy/modules/services/dante.te (modified) * policy/modules/services/dbskk.te (modified) * policy/modules/services/dbus.if (modified) * policy/modules/services/dbus.te (modified) * policy/modules/services/dcc.te (modified) * policy/modules/services/ddclient.te (modified) * policy/modules/services/dhcp.te (modified) * policy/modules/services/dictd.te (modified) * policy/modules/services/distcc.te (modified) * policy/modules/services/djbdns.if (modified) * policy/modules/services/djbdns.te (modified) * policy/modules/services/dnsmasq.te (modified) * policy/modules/services/dovecot.te (modified) * policy/modules/services/exim.te (modified) * policy/modules/services/fail2ban.te (modified) * policy/modules/services/fetchmail.te (modified) * policy/modules/services/finger.te (modified) * policy/modules/services/ftp.te (modified) * policy/modules/services/gatekeeper.te (modified) * policy/modules/services/hal.te (modified) * policy/modules/services/howl.te (modified) * policy/modules/services/i18n_input.te (modified) * policy/modules/services/imaze.te (modified) * policy/modules/services/inetd.te (modified) * policy/modules/services/inn.te (modified) * policy/modules/services/ircd.te (modified) * policy/modules/services/jabber.te (modified) * policy/modules/services/kerberos.if (modified) * policy/modules/services/kerberos.te (modified) * policy/modules/services/kerneloops.te (modified) * policy/modules/services/ktalk.te (modified) * policy/modules/services/ldap.te (modified) * policy/modules/services/lpd.te (modified) * policy/modules/services/mailman.if (modified) * policy/modules/services/mailman.te (modified) * policy/modules/services/memcached.te (modified) * policy/modules/services/monop.te (modified) * policy/modules/services/mta.if (modified) * policy/modules/services/mta.te (modified) * policy/modules/services/munin.te (modified) * policy/modules/services/mysql.te (modified) * policy/modules/services/nagios.te (modified) * policy/modules/services/nessus.te (modified) * policy/modules/services/networkmanager.te (modified) * policy/modules/services/nis.if (modified) * policy/modules/services/nis.te (modified) * policy/modules/services/nscd.te (modified) * policy/modules/services/nsd.te (modified) * policy/modules/services/ntop.te (modified) * policy/modules/services/ntp.te (modified) * policy/modules/services/nx.te (modified) * policy/modules/services/oav.te (modified) * policy/modules/services/oident.te (modified) * policy/modules/services/openvpn.te (modified) * policy/modules/services/pcscd.te (modified) * policy/modules/services/pegasus.te (modified) * policy/modules/services/perdition.te (modified) * policy/modules/services/portmap.te (modified) * policy/modules/services/portslave.te (modified) * policy/modules/services/postfix.if (modified) * policy/modules/services/postfix.te (modified) * policy/modules/services/postfixpolicyd.te (modified) * policy/modules/services/postgresql.te (modified) * policy/modules/services/postgrey.te (modified) * policy/modules/services/ppp.te (modified) * policy/modules/services/prelude.te (modified) * policy/modules/services/privoxy.te (modified) * policy/modules/services/procmail.te (modified) * policy/modules/services/pyzor.te (modified) * policy/modules/services/radius.te (modified) * policy/modules/services/radvd.te (modified) * policy/modules/services/razor.if (modified) * policy/modules/services/razor.te (modified) * policy/modules/services/rdisc.te (modified) * policy/modules/services/rhgb.te (modified) * policy/modules/services/ricci.te (modified) * policy/modules/services/rlogin.te (modified) * policy/modules/services/roundup.te (modified) * policy/modules/services/rpc.if (modified) * policy/modules/services/rpc.te (modified) * policy/modules/services/rpcbind.te (modified) * policy/modules/services/rshd.te (modified) * policy/modules/services/rsync.te (modified) * policy/modules/services/rwho.te (modified) * policy/modules/services/samba.te (modified) * policy/modules/services/sasl.te (modified) * policy/modules/services/sendmail.te (modified) * policy/modules/services/setroubleshoot.te (modified) * policy/modules/services/smartmon.te (modified) * policy/modules/services/snmp.te (modified) * policy/modules/services/snort.te (modified) * policy/modules/services/soundserver.te (modified) * policy/modules/services/spamassassin.te (modified) * policy/modules/services/squid.te (modified) * policy/modules/services/ssh.if (modified) * policy/modules/services/ssh.te (modified) * policy/modules/services/stunnel.te (modified) * policy/modules/services/tcpd.te (modified) * policy/modules/services/telnet.te (modified) * policy/modules/services/tftp.te (modified) * policy/modules/services/timidity.te (modified) * policy/modules/services/tor.te (modified) * policy/modules/services/transproxy.te (modified) * policy/modules/services/ucspitcp.te (modified) * policy/modules/services/uucp.te (modified) * policy/modules/services/uwimap.te (modified) * policy/modules/services/virt.te (modified) * policy/modules/services/watchdog.te (modified) * policy/modules/services/xfs.te (modified) * policy/modules/services/xprint.te (modified) * policy/modules/services/xserver.te (modified) * policy/modules/services/zebra.te (modified) * policy/modules/system/hotplug.te (modified) * policy/modules/system/iscsi.te (modified) * policy/modules/system/logging.te (modified) * policy/modules/system/lvm.te (modified) * policy/modules/system/sysnetwork.if (modified) * policy/modules/system/sysnetwork.te (modified) * policy/modules/system/userdomain.if (modified) * policy/modules/system/userdomain.te (modified) * policy/modules/system/xen.te (modified) trunk: Remove node definitions and change node usage to generic nodes. 01/05/09 15:44:33 Chris PeBenito <cpebenito@tresys.com> [347a7011199a050939b6af279e9854f407afcdab] * Changelog (modified) * policy/flask/access_vectors (modified) * policy/flask/security_classes (modified) trunk: Add kernel_service access vectors, from Stephen Smalley. 12/10/08 13:49:42 Chris PeBenito <cpebenito@tresys.com> [e66a0cad185d07681cc916b79867b0fbb6644399] * Changelog (modified) * VERSION (modified) trunk: check in version and changelog for release.