proj/hardened-refpolicy.git - Gentoo Hardened SELinux reference policy implementation

	Commit message (Collapse)	Author	Age	Files	Lines
*	refpolicy: Infiniband pkeys and endports	Daniel Jurgens	2017-05-26	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Every Infiniband network will have a default pkey, so that is labeled. The rest of the pkey configuration is network specific. The policy allows access to the default and unlabeled pkeys for sysadm and staff users. kernel_t is allowed access to all pkeys, which it needs to process and route management datagrams. Endports are all unlabeled by default, sysadm users are allowed to manage the subnet on unlabeled endports. kernel_t is allowed to manage the subnet on all ibendports, which is required for configuring the HCA. This patch requires selinux series: "SELinux user space support for Infiniband RDMA", due to the new ipkeycon labeling mechanism. Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
*	Implement WERROR build option to treat warnings as errors.	Chris PeBenito	2017-02-21	1	-1/+1
\| \| \| \|	Add this to all Travis-CI builds.
*	Add validate target for monolithic policy	Sven Vermeulen	2015-02-15	1	-0/+9
\|
*	Drop RHEL4 and RHEL5 support.	Chris PeBenito	2014-10-12	1	-7/+0
\|
*	Always use the unknown permissions handling build option.	Chris PeBenito	2014-06-25	1	-8/+2
\| \| \| \| \|	This compile-time feature is in the minimum-required checkpolicy/checkmodule for building the policy, so it should always be used.
*	Add file for placing default_* statements.	Chris PeBenito	2014-04-30	1	-1/+1
\|
*	Fix parallel build of the policy	Nicolas Iooss	2014-03-17	1	-10/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Before this commit, "make -j2" would execute twice at the same time the rules written to build tmp/all_post.conf because these rules were applied every time tmp/all_post.conf, tmp/all_attrs_types.conf and tmp/only_te_rules.conf needed to be built. However, executing twice in parallel such line is buggy: $(GREP) '^fs_use_(xattr\|task\|trans)' $(tmpdir)/all_te_files.conf >> \ tmpdir)/all_post.conf This is why "make" reports following error for parallel builds: Compiling refpolicy-patched base module /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod /usr/bin/checkmodule: loading policy configuration from base.conf policy/modules/kernel/ubac.te":710:ERROR 'syntax error' at token 'fs_use_trans' on line 26520: fs_use_trans devtmpfs system_u:object_r:device_t:s0; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/base.mod] Error 1 This commit fixes this bug by splitting the rules in 3 different targets, in both monolithic and modular builds.
*	Make the QUIET build option apply to clean and bare targets.	Chris PeBenito	2014-01-19	1	-7/+7
\|
*	Use python libselinux bindings to determine policy version.	Chris PeBenito	2013-08-15	1	-1/+1
\| \| \| \| \|	This eliminates the hardcoded /selinux in Rules.monolithic, which broke when the filesystem mount was moved to /sys/fs/selinux.
*	Pushing 2.20120215 (current version)	Sven Vermeulen	2012-04-21	1	-0/+256