rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
2,816 Commits 8 Branches 96 Tags 37 MiB
0d24805fd0
Commit Graph

1203 Commits

Author SHA1 Message Date
Chris PeBenito
0d24805fd0 Trivial tweaks to devtmpfs patches. 2010-08-25 11:18:25 -04:00
Jeremy Solt
2fc79f1ef4 Early devtmpfs access 
dontaudit attempts to read/write device_t chr files occurring before udev relabel
allow init_t and initrc_t read/write on device_t chr files (necessary to boot without unconfined)

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
 2010-08-25 11:01:27 -04:00
Jeremy Solt
d6e1ef29cd Move devtmpfs to devices from filesystem 
Move devtmpfs to devices module (remove from filesystem module)
Make device_t a filesystem
Add interface for associating types with device_t filesystem (dev_associate)
Call dev_associate from dev_filetrans
Allow all device nodes associate with device_t filesystem
Remove dev_tmpfs_filetrans_dev from kernel_t
Remove fs_associate_tmpfs(initctl_t) - redundant, it was in dev_filetrans, now in dev_associate
Mounton interface, to allow the kernel to mounton device_t

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
 2010-08-25 11:01:22 -04:00
Chris PeBenito
c62f1bef77 Dbadm updates from KaiGai Kohei. 2010-08-19 08:41:39 -04:00
Chris PeBenito
ab8f919e6f Part of gnome patch from Dan Walsh. 2010-08-12 09:21:36 -04:00
Chris PeBenito
a9539a063b Additional kdumpgui cleanup. 2010-08-10 09:21:01 -04:00
Jeremy Solt
46fc0d39e3 Policy for system-config-kdump gui from Dan Walsh 
Edits:
 - removed gnome_dontaudit_search_config
 - removed userdom_dontaudit_search_admin_dir
 - whitespace and style fixes
 2010-08-10 09:05:43 -04:00
Jeremy Solt
68e615ec5a system-config-samba dbus service policy from Dan Walsh 2010-08-09 09:37:29 -04:00
Jeremy Solt
c87e150280 roles patch from Dan Walsh to move unwanted interface calls into a ifndef 2010-08-09 09:20:31 -04:00
Chris PeBenito
00ca404a20 Remove unnecessary require on cgroup_admin(). 2010-08-09 09:10:24 -04:00
Chris PeBenito
d687db9b42 Whitespace fixes on cgroup. 2010-08-09 08:52:39 -04:00
Dominick Grift
61d7ee58a4 Confine /sbin/cgclear. 
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-09 08:47:15 -04:00
Dominick Grift
a0546c9d1c System layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 09:25:55 -04:00
Dominick Grift
288845a638 Services layer xml files. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 09:25:29 -04:00
Chris PeBenito
97b990f86e Fix corecmd_dontaudit_exec_all_executables doc. 2010-08-05 09:24:41 -04:00
Dominick Grift
705f70f098 Kernel layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 09:08:07 -04:00
Chris PeBenito
19ff03977d Fix usermanage_kill_passwd() parameter doc. 2010-08-05 08:56:31 -04:00
Dominick Grift
77e4b55f70 Admin layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 08:46:44 -04:00
Dominick Grift
03b86663f0 apps: domain { allowed to transition, allowed access, to not audit }. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 08:20:59 -04:00
Chris PeBenito
8da88970be Accountsd cleanup. 2010-08-03 09:50:40 -04:00
Chris PeBenito
d0eebed0b7 Move accountsd to services. 2010-08-03 09:31:53 -04:00
Jeremy Solt
c4834a02d2 accountsd policy from Dan Walsh 
Edits:
 - Removed accountsd_manage_var_lib
 - Removed optional block for xserver - these interfaces didn't exist
 - It looks like sys_ptrace is needed because it reads /proc/pid/loginuid
 - Whitespace and style fixes
 2010-08-03 09:27:24 -04:00
Chris PeBenito
a7ee7f819a Docs standardizing on the role portion of run interfaces. Additional docs cleanup. 2010-08-03 09:20:22 -04:00
Chris PeBenito
9d4395a736 MojoMojo from Lain Arnell. 2010-08-02 09:28:06 -04:00
Chris PeBenito
a72e42f485 Interface documentation standardization patch from Dan Walsh. 2010-08-02 09:22:09 -04:00
Chris PeBenito
27eeb649cc Virtio disk file context update from Mika Pfluger. 2010-08-02 08:33:41 -04:00
Mika Pflüger
b3f7203d6a Take virtio disks into account. 
Signed-off-by: Mika Pflüger <debian@mikapflueger.de>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-08-02 08:25:14 -04:00
Chris PeBenito
64ef2df368 Module version bump for 5563d4c. 2010-07-22 09:13:11 -04:00
Jeremy Solt
5563d4c4d8 Removing seutil_domtrans_setsebool from anaconda patch - it doesn't exist 2010-07-22 08:49:32 -04:00
Jeremy Solt
b0a6f1b7c2 anaconda patch from Dan Walsh 
- Did not include the change to unconfined_domain_noaudit
 2010-07-22 08:49:32 -04:00
Chris PeBenito
21fdee9dd5 Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh. 
We went back and reread the bindreservport code in glibc.

Turns out the range or ports that this will reserve are 512-1024 rather
then 600-1024.

The code actually first tries to reserve a port from 600-1024 and if
they are ALL reserved will try 512-599.

So we need to change corenetwork to reflect this.
 2010-07-19 14:22:44 -04:00
Chris PeBenito
29f3bfa464 Fix JIT usage for freshclam. 
http://marc.info/?l=selinux&m=127893898208934&w=2
 2010-07-13 08:39:54 -04:00
Dominick Grift
48c3c37cf2 Remove some redundant attributes from user_home_t. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-07-12 14:35:22 -04:00
Chris PeBenito
4b76ea5f51 Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
Dominick Grift
fa1847f4a2 Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-07-09 09:43:04 -04:00
Chris PeBenito
f7ffe6c2a9 Add missing ubac constraints on pulseaudio. 2010-07-09 09:14:35 -04:00
Chris PeBenito
c14aebd032 Remove old rbacsep role statements. 2010-07-09 08:38:05 -04:00
Chris PeBenito
072857c425 VMWare patch from Dan Walsh. 2010-07-08 13:43:50 -04:00
Chris PeBenito
f1618ffc6f Whitespace fix in userhelper. 2010-07-08 10:56:15 -04:00
Chris PeBenito
b70dfcdf8f RPM patch from Dan Walsh. 2010-07-08 10:53:28 -04:00
Chris PeBenito
2d839c6791 Whitespace fixes in RPM. 2010-07-08 10:12:24 -04:00
Chris PeBenito
7e265a8abb Add shutdown from Dan Walsh. 2010-07-07 11:10:56 -04:00
Chris PeBenito
b841dffda1 Add livecd from Dan Walsh. 2010-07-07 10:28:25 -04:00
Chris PeBenito
08690c84ad Remove ethereal module since the application was renamed to wireshark due to trademark issues. 2010-07-07 09:31:57 -04:00
Chris PeBenito
3c4e9fce8e Make spamassassin optional for milter, from Russell Coker. 2010-07-07 08:55:57 -04:00
Chris PeBenito
bca0cdb86e Remove duplicate/redundant rules, from Russell Coker. 2010-07-07 08:41:20 -04:00
Chris PeBenito
1db1836ab9 Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
Chris PeBenito
a3b0dc5b3c GPG patch from Dan Walsh. 2010-07-06 10:58:40 -04:00
Chris PeBenito
3bcfe5beb7 Usermanage patch from Dan Walsh. 
Broken leaks of sockets

useradd runs semanage for -Z.

passwd_t needs sys_nice

useradd run within a samba_controler needs to append to the samba log.
 2010-07-06 10:56:20 -04:00
Chris PeBenito
cad4224e8e Guest patch from Dan Walsh. 
Dominic asked to remove mono and java from guest_t
 2010-07-06 08:35:56 -04:00