proj/hardened-refpolicy.git - Gentoo Hardened SELinux reference policy implementation

	Commit message (Collapse)	Author	Age	Files	Lines
*	modutils: libkmod mmap()s modules.dep and *.ko's	Luis Ressel	2017-09-14	1	-2/+2
\| \| \| \| \| \|	Note that not only kmod needs this permission, other libkmod consumers like udev require it, too. Hence I'm adding the permission to the relevant interfaces.
*	Further strict systemd fixes from Russell Coker.	Chris PeBenito	2017-04-30	1	-0/+19
\|
*	modutils: adopt callers to new interfaces	cgzones	2017-03-30	1	-1/+1
\|
*	systemd-tmpfiles: refactor runtime configs	cgzones	2017-03-30	1	-5/+1
\| \| \| \|	handle runtime configuration files under /run/tmpfiles.d as 3rd party content, like /run or /var/lib
*	modutils: adjust interfaces after recent binaries merge	cgzones	2017-03-30	1	-58/+89
\|
*	Systemd tmpfiles fix for kmod.conf from Russell Coker.	Chris PeBenito	2017-02-17	1	-0/+18
\|
*	single binary modutils	Russell Coker	2016-11-27	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	On Tuesday, 2 August 2016 7:59:28 PM AEDT Chris PeBenito wrote: > On 07/31/16 08:34, Russell Coker wrote: > > The following patch deals with a single binary for modutils, so depmod_t, > > and insmod_t are merged. > > Since the main SELinux distros (including RHEL/CentOS 7) all have merged > modutils these days, I'm open to taking a patch that fully merges these > domains (in which case renaming to kmod_t, with proper aliasing seems > the best idea). > > However, it's been some time since I used a busybox-based system; does > busybox still have separated tools? Yes, this is a bit of an obvious > question since busybox is also single-binary, but IIRC, the embedded > guys made some tiny helper scripts or executables so proper > transitioning could occur. Separate domains may still make sense. As we have had no response from Busybox users in the last 3 months and also no response to the thread Luis started in 2013 I think it's safe to assume that they don't need this. I've attached a new patch which renames to kmod_t as you suggested. Please consider it for inclusion. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ Description: Change modutils policy to match the use of a single binary Author: Russell Coker <russell@coker.com.au> Last-Update: 2014-06-25
*	modutils.if: Remove obsolete modutils_list_module_config	Luis Ressel	2016-11-27	1	-24/+0
\| \| \| \| \| \|	This interface is a custom gentoo addition and is solely used by the dracut policy. However, the permissions it grants have been added to the modutils_read_module_config interface back in 2012 (commit e74b098).
*	Fix interface descriptions when duplicate ones are found	Nicolas Iooss	2016-01-31	1	-1/+1
\| \| \| \|	Distinct interfaces should have different comments
*	Changes to the modutils policy module	Dominick Grift	2012-10-19	1	-2/+3
\| \| \| \| \| \| \| \|	modutils_read_module_config() provides access to list modules_conf_t directories so that we do not need a seperate modutils_list_modules_config() Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
*	Rework and refactoring based on refpolicy feedback	Sven Vermeulen	2012-06-27	1	-3/+6
\|
*	Pushing 2.20120215 (current version)	Sven Vermeulen	2012-04-21	1	-0/+355