Commit Graph

4 Commits

Author SHA1 Message Date
Dan Walsh
e29441a5cc Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK)
Make corosync to be able to relabelto cluster lib fies
Allow samba domains to search /var/run/nmbd
Allow dirsrv to use pam
Allow thumb to call getuid
chrome less likely to get mmap_zero bug so removing dontaudit
gimp help-browser has built in javascript
Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t
Re-write glance policy
2011-10-14 09:50:55 -04:00
Dan Walsh
2453975e3d Move dontaudit sys_ptrace line from permissive.te to domain.te
Remove policy for hal, it no longer exists
2011-10-13 15:43:15 -04:00
Dan Walsh
6554bb3cca Remove allow_ptrace and replace it with deny_ptrace, which will remove all
ptrace from the system
Remove 2000 dontaudit rules between confined domains on transition
and replace with single
dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
2011-10-11 16:46:26 -04:00
Dan Walsh
2a89dffbb5 Shrink size of policy through use of attributes for userdomain and apache 2011-10-06 10:53:27 -04:00