Commit Graph

229 Commits

Author SHA1 Message Date
Jeremy Solt
2fc79f1ef4 Early devtmpfs access
dontaudit attempts to read/write device_t chr files occurring before udev relabel
allow init_t and initrc_t read/write on device_t chr files (necessary to boot without unconfined)

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
2010-08-25 11:01:27 -04:00
Chris PeBenito
19ff03977d Fix usermanage_kill_passwd() parameter doc. 2010-08-05 08:56:31 -04:00
Dominick Grift
77e4b55f70 Admin layer xml fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 08:46:44 -04:00
Chris PeBenito
d0eebed0b7 Move accountsd to services. 2010-08-03 09:31:53 -04:00
Jeremy Solt
c4834a02d2 accountsd policy from Dan Walsh
Edits:
 - Removed accountsd_manage_var_lib
 - Removed optional block for xserver - these interfaces didn't exist
 - It looks like sys_ptrace is needed because it reads /proc/pid/loginuid
 - Whitespace and style fixes
2010-08-03 09:27:24 -04:00
Chris PeBenito
a7ee7f819a Docs standardizing on the role portion of run interfaces. Additional docs cleanup. 2010-08-03 09:20:22 -04:00
Chris PeBenito
a72e42f485 Interface documentation standardization patch from Dan Walsh. 2010-08-02 09:22:09 -04:00
Chris PeBenito
64ef2df368 Module version bump for 5563d4c. 2010-07-22 09:13:11 -04:00
Jeremy Solt
5563d4c4d8 Removing seutil_domtrans_setsebool from anaconda patch - it doesn't exist 2010-07-22 08:49:32 -04:00
Jeremy Solt
b0a6f1b7c2 anaconda patch from Dan Walsh
- Did not include the change to unconfined_domain_noaudit
2010-07-22 08:49:32 -04:00
Chris PeBenito
b70dfcdf8f RPM patch from Dan Walsh. 2010-07-08 10:53:28 -04:00
Chris PeBenito
2d839c6791 Whitespace fixes in RPM. 2010-07-08 10:12:24 -04:00
Chris PeBenito
7e265a8abb Add shutdown from Dan Walsh. 2010-07-07 11:10:56 -04:00
Chris PeBenito
3bcfe5beb7 Usermanage patch from Dan Walsh.
Broken leaks of sockets

useradd runs semanage for -Z.

passwd_t needs sys_nice

useradd run within a samba_controler needs to append to the samba log.
2010-07-06 10:56:20 -04:00
Chris PeBenito
ab62f3f1b1 Module version bump for a7521af. 2010-07-01 10:48:11 -04:00
Jeremy Solt
a7521af67d firstboot patch from Dan Walsh
- Did not include gnome_admin_home_gconf_filetrans
- Whitespace fixes
2010-07-01 10:36:31 -04:00
Chris PeBenito
ab4f820548 Module version bump for b5d89d0. 2010-06-29 11:03:56 -04:00
Jeremy Solt
b5d89d0325 vpn patch from Dan Walsh
fixed gen_require in vpn_relabelfrom_tun_socket interface (wrong type)
removed userdom_read_home_certs (not in refpolicy)
2010-06-29 11:02:45 -04:00
Chris PeBenito
e08ac5acb3 Vbetool patch from Dan Walsh.
vbetool needs mls overrides
2010-06-18 14:56:27 -04:00
Chris PeBenito
3835c39a13 Sudo patch from Dan Walsh.
sudo gets execed by apps that leak sockets
2010-06-18 14:43:22 -04:00
Chris PeBenito
f7e3410aed Su patch from Dan Walsh.
dontaudit leaked sockets
2010-06-18 14:32:42 -04:00
Chris PeBenito
b9be5cccf1 Shorewall patch from Dan Walsh.
Shorewall execs hostname
2010-06-18 14:23:46 -04:00
Chris PeBenito
5116faa198 Quota patch from Dan Walsh.
Quata needs to setshed on kernel processes
2010-06-18 14:14:21 -04:00
Chris PeBenito
a9ef84b578 Prelink patch from Dan Walsh.
Prelink has new directory under /var/lib

dontaudit leaks from domains that transition

cron job looks at all mount points.
2010-06-18 14:07:53 -04:00
Chris PeBenito
9a4d292902 Netutils patch from Dan Walsh.
ping gets leaked log descriptor from nagios.

Label send_arp as ping_exec_t
2010-06-17 10:16:19 -04:00
Chris PeBenito
10c0104066 Kismet patch from Dan Walsh.
Kismet searches user_home_dirs for kismet_home_t content.
2010-06-17 08:24:21 -04:00
Chris PeBenito
e89f04fd17 Mcelog patch from Dan Walsh.
mcelog needs mls override
2010-06-17 08:23:48 -04:00
Chris PeBenito
0e30bca6d9 Consoletype patch from Dan Walsh.
I am sick of every app in the known universe leaking socket descriptors.
  Dontaudit by default

consoletype is handed a write for hal log on resume from hibernate.
2010-06-17 08:23:20 -04:00
Chris PeBenito
88a574d373 Alsa patch from Dan Walsh
Alsa trys to talk to all types of terminals.  Dontaudit this access.
2010-06-17 08:22:43 -04:00
Chris PeBenito
4db7790c60 Acct patch from Dan Walsh.
acct needs to use generic ptys
2010-06-17 08:22:17 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
2a29628e40 Fix duplicate lines in kudzu. 2010-05-26 08:26:50 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
91cbcc6602 Fix deprecated interface usage in rhel4 block in su.if. 2010-05-24 15:09:18 -04:00
Chris PeBenito
3d95ca2d82 Module version bump for 904f3d8. 2010-05-24 13:08:09 -04:00
Chris PeBenito
213d35a07c Module version bump for 9e28f74. 2010-05-24 13:08:09 -04:00
Chris PeBenito
c789f82bc5 Module version bump for d5170e5. 2010-05-24 13:08:09 -04:00
Chris PeBenito
d53a972879 Module version bump for cb1df6a. 2010-05-24 13:08:09 -04:00
Jeremy Solt
d8642cad29 readahead patch from Dan Walsh
Edits:
 - Removed files_dontaudit_read_security_files and fs_dontaudit_read_tmpfs_blk_dev interface calls
2010-05-24 13:08:08 -04:00
Chris PeBenito
ff1cae1f5e Move line in logrotate; module version bump. 2010-05-24 13:08:08 -04:00
Jeremy Solt
b8c9879a8c logrotate patch from Dan Walsh 2010-05-24 13:08:08 -04:00
Jeremy Solt
fdc0d0f77c vpn patch from Dan Walsh
Edits:
 - Removed userdom_read_home_certs
2010-05-24 13:08:08 -04:00
Jeremy Solt
2483d7ae56 Replace apache_delete_cache with apache_delete_cache_files in tmpreaper.te 2010-05-24 13:08:07 -04:00
Jeremy Solt
8daddcf37e tmpreaper patch from Dan Walsh 2010-05-24 13:08:07 -04:00
Jeremy Solt
7605d2738c Remove call to nagios_rw_inherited_tmp_files 2010-05-24 13:08:07 -04:00
Jeremy Solt
44dc1b9c21 netutils patch from Dan Walsh
Edits:
 - Dropping term_use_all_terms and user_ping tunables for ping and traceroute
 - Whitespace fixes
2010-05-24 13:08:07 -04:00
Chris PeBenito
9fe1b540b8 Prelink patch from Dan Walsh. 2010-05-20 08:54:51 -04:00
Chris PeBenito
16070400a8 RPM patch from Dan Walsh. 2010-05-11 11:11:40 -04:00
Chris PeBenito
4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito
c6491af860 Module version bump for d12f18e. 2010-03-16 14:34:50 -04:00