Daniel J Walsh
422dcf1da8
Resolves : #218978
2006-12-13 17:03:55 +00:00
Chris PeBenito
b001503548
update version and changelog for release
2006-12-12 21:59:26 +00:00
Daniel J Walsh
e3b143b243
- Allow initrc to create files in /var directories Resolves : #219227
2006-12-12 21:46:24 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
Daniel J Walsh
6157a7e6e4
- More fixes for MLS
2006-12-11 12:35:45 +00:00
Daniel J Walsh
dd5d7e7583
- More Fixes polyinstatiation Resolves : #216184
2006-12-06 23:27:45 +00:00
Daniel J Walsh
a169fb7433
- Fix handling of keyrings
2006-12-06 19:38:32 +00:00
Daniel J Walsh
852ba6bb2f
- Fix polyinstatiation
...
- Fix pcscd handling of terminal Resolves : #218149 Resolves : #218350
2006-12-05 23:05:39 +00:00
Chris PeBenito
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
Daniel J Walsh
414ddd0de3
- More fixes for quota Resolves : #212957
2006-12-01 21:52:08 +00:00
Daniel J Walsh
9f388c1a78
- ncsd needs to use avahi sockets Resolves : #217640 Resolves : #218014
2006-12-01 17:58:00 +00:00
Daniel J Walsh
b6ffd7c2ae
- Allow login programs to polyinstatiate homedirs Resolves : #216184
...
- Allow quotacheck to create database files Resolves : #212957
2006-11-30 22:06:22 +00:00
Daniel J Walsh
aba668f5f8
- Allow login programs to polyinstatiate homedirs Resolves : #216184
2006-11-30 20:55:33 +00:00
Daniel J Walsh
036c1c2fb6
- Dontaudit appending hal_var_lib files Resolves : #217452 Resolves : #217571
...
Resolves : #217611 Resolves : #217640 Resolves : #217725
2006-11-30 20:23:49 +00:00
Daniel J Walsh
cc1462b7d0
- Dontaudit appending hal_var_lib files Resolves : #217452 Resolves : #217571
...
Resolves : #217611 Resolves : #217640 Resolves : #217725
2006-11-29 20:11:02 +00:00
Chris PeBenito
563e58e863
patch from dan for some missing gen_require()s
2006-11-29 13:44:40 +00:00
Chris PeBenito
bff907113d
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:57:22 +00:00
Chris PeBenito
c31f6724c0
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:47:47 +00:00
Daniel J Walsh
e4d46c95f3
- Fix context for helix players file_context #216942
2006-11-27 22:17:34 +00:00
Daniel J Walsh
02560dace3
- Fix load_policy to be able to mls_write_down so it can talk to the
...
terminal
2006-11-20 23:24:21 +00:00
Daniel J Walsh
4218645103
- Fixes for hwclock, clamav, ftp
2006-11-20 23:01:06 +00:00
Daniel J Walsh
9e4aeac9dd
- Move to upstream version which accepted my patches
2006-11-17 19:21:40 +00:00
Chris PeBenito
fa45da0efd
add aide, ccs, and ricci
2006-11-16 20:56:24 +00:00
Daniel J Walsh
b28d0a788f
- Fixes for nvidia driver
2006-11-16 19:25:03 +00:00
Chris PeBenito
d31d3c159e
This modifies the mls constraint for polmatch in the association class.
...
Specifically:
- polmatch need no longer make an exception for unlabeled_t
since a flow will now always match SPD rules with no contexts (per
the IPSec leak fix patch upstreamed a few weeks back), as
opposed to needing polmatch access to unlabeled_t.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
2006-11-16 13:38:14 +00:00
Daniel J Walsh
a3f2f571c0
- Fixes for nvidia driver
2006-11-15 22:34:04 +00:00
Daniel J Walsh
150bdfbc67
- Fixes for nvidia driver
2006-11-15 22:28:06 +00:00
Daniel J Walsh
b0ecaa962d
- Allow semanage to signal mcstrans
2006-11-15 21:43:36 +00:00
Daniel J Walsh
73ea8c2e4d
- Update to upstream
2006-11-15 15:22:30 +00:00
Daniel J Walsh
d925bd337d
- Allow modstorage to edit /etc/fstab file
2006-11-14 18:33:09 +00:00
Chris PeBenito
c6a60bb28d
On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
...
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
2006-11-14 13:38:52 +00:00
Daniel J Walsh
ec17438ae0
- Fix for qemu, /dev/
...
Mon Nov 13 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-11
- Fix path to realplayer.bin
2006-11-14 04:57:37 +00:00
Daniel J Walsh
32b91c9d1f
- Fix path to realplayer.bin
2006-11-13 20:48:57 +00:00
Chris PeBenito
59f8539306
- Add a reload target to Modules.devel and change the load
...
target to only insert modules that were changed.
2006-11-13 03:36:13 +00:00
Chris PeBenito
ed38ca9f3d
fixes from gentoo strict testing:
...
- Allow semanage to read from /root on strict non-MLS for
local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
on clients.
2006-11-13 03:24:07 +00:00
Daniel J Walsh
06b64f8c21
- Allow xen to connect to xen port
2006-11-10 20:37:08 +00:00
Daniel J Walsh
1a986f04dc
- Allow cups to search samba_etc_t directory
...
- Allow xend_t to list auto_mountpoints
2006-11-10 13:31:34 +00:00
Daniel J Walsh
2098c9bff2
- Allow xen to search automount
2006-11-09 20:12:53 +00:00
Daniel J Walsh
6ba4868651
- Fix spec of jre files
2006-11-09 18:57:53 +00:00
Daniel J Walsh
0806593363
- Fix unconfined access to shadow file
2006-11-08 20:21:53 +00:00
Daniel J Walsh
4d11495dab
- Allow xend to create files in xen_image_t directories
2006-11-08 20:10:30 +00:00
Daniel J Walsh
0fcc493f96
- Fixes for /var/lib/hal
2006-11-08 13:28:28 +00:00
Daniel J Walsh
f08bf9299c
- Remove ability for sysadm_t to look at audit.log
2006-11-07 21:16:47 +00:00
Daniel J Walsh
f3ecbbfcb9
- Fix rpc_port_types
...
- Add aide policy for mls
2006-11-07 20:38:46 +00:00
Chris PeBenito
0f9a2be65d
add missing gentoo file contexts for initrc and lvm
2006-11-07 19:38:10 +00:00
Daniel J Walsh
d7e0f9fa0d
- Merge with upstream
2006-11-06 21:15:57 +00:00
Daniel J Walsh
0dae3b6d89
- Lots of fixes for ricci
2006-11-03 21:27:47 +00:00
Chris PeBenito
f497b8df50
Christopher J. PeBenito wrote:
...
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
2006-11-01 15:42:22 +00:00
Daniel J Walsh
d095a0e65b
- Add perms for swat
2006-11-01 00:09:08 +00:00