rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4,552 Commits 8 Branches 98 Tags 37 MiB
19cd669e5e
Commit Graph

4552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Walsh
2d4a79a061 Policy fixes 2010-08-30 08:57:06 -04:00
Dan Walsh
ac498fa5d9 More fixes 2010-08-27 10:56:56 -04:00
Dan Walsh
acb1aed3a4 - Merge with upstream 2010-08-27 10:21:25 -04:00
Dan Walsh
59475c2524 - Merge with upstream 2010-08-27 08:58:04 -04:00
Dan Walsh
ba77266a14 - Merge with upstream 2010-08-26 20:35:53 -04:00
Dan Walsh
08e567dc56 Latest fixes 2010-08-26 20:30:04 -04:00
Dan Walsh
9561b0ab08 Update f14 2010-08-26 15:42:17 -04:00
Dan Walsh
4765a595e8 Fixes for f14 2010-08-26 15:29:37 -04:00
Dan Walsh
46c24a359b ditto 2010-08-26 13:23:23 -04:00
Dan Walsh
aae38f05a6 whoya 2010-08-26 13:16:02 -04:00
Dan Walsh
2968e06818 Update f14 2010-08-26 12:55:57 -04:00
Dan Walsh
18549c23df Fix policy 2010-08-26 11:09:31 -04:00
Dan Walsh
507000a1db reset 2010-08-26 11:03:50 -04:00
Dan Walsh
8f4ec142d7 Modified amanda 2010-08-26 11:02:44 -04:00
Dan Walsh
09154bd53e Reset base 2010-08-26 11:01:06 -04:00
Dan Walsh
e15d0e76e3 Modify amanda 2010-08-26 10:59:43 -04:00
Dan Walsh
0aa4ecc332 F14 2010-08-26 10:56:06 -04:00
Dan Walsh
f9c5576c27 F14 2010-08-26 10:54:59 -04:00
Dan Walsh
e5e9b7bd43 F14 2010-08-26 10:50:47 -04:00
Dan Walsh
a61cba6e07 Rebase constraints 2010-08-26 10:45:39 -04:00
Dan Walsh
9afb2b166a Go with upstream 2010-08-26 10:40:06 -04:00
Dan Walsh
a947daf6df Update f14 2010-08-26 10:27:35 -04:00
Dan Walsh
83eff061a3 Latest f14 2010-08-26 10:26:28 -04:00
Dan Walsh
3eaa993945 UPdate for f14 policy 2010-08-26 09:41:21 -04:00
Chris PeBenito
76a9fe96e4 Module version bumps and changelog for devtmpfs patchset. 2010-08-25 11:19:27 -04:00
Chris PeBenito
0d24805fd0 Trivial tweaks to devtmpfs patches. 2010-08-25 11:18:25 -04:00
Jeremy Solt
2fc79f1ef4 Early devtmpfs access 
dontaudit attempts to read/write device_t chr files occurring before udev relabel
allow init_t and initrc_t read/write on device_t chr files (necessary to boot without unconfined)

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
 2010-08-25 11:01:27 -04:00
Jeremy Solt
d6e1ef29cd Move devtmpfs to devices from filesystem 
Move devtmpfs to devices module (remove from filesystem module)
Make device_t a filesystem
Add interface for associating types with device_t filesystem (dev_associate)
Call dev_associate from dev_filetrans
Allow all device nodes associate with device_t filesystem
Remove dev_tmpfs_filetrans_dev from kernel_t
Remove fs_associate_tmpfs(initctl_t) - redundant, it was in dev_filetrans, now in dev_associate
Mounton interface, to allow the kernel to mounton device_t

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
 2010-08-25 11:01:22 -04:00
Dan Walsh
370d04ed3c - Allow seunshare to fowner 2010-08-25 09:45:26 -04:00
Dan Walsh
cc138e86b5 - Allow cron to look at user_cron_spool links 
- Lots of fixes for mozilla_plugin_t
- Add sysv file system
- Turn unconfined domains to permissive to find additional avcs
 2010-08-24 22:48:06 -04:00
Dan Walsh
3cacc01467 - Update policy for mozilla_plugin_t 2010-08-23 18:16:17 -04:00
Dan Walsh
63265668f0 - Update policy for mozilla_plugin_t 2010-08-23 18:01:46 -04:00
Dan Walsh
66ec626d23 - Allow clamscan to read proc_t 
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
 2010-08-23 17:33:55 -04:00
Dan Walsh
eee39f9d8e - Allow clamscan to read proc_t 
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
 2010-08-23 17:29:52 -04:00
Dan Walsh
19988ca76d - Allow clamscan_t execmem if clamd_use_jit set 
- Add policy for firefox plugin-container
 2010-08-20 09:36:56 -04:00
Chris PeBenito
c62f1bef77 Dbadm updates from KaiGai Kohei. 2010-08-19 08:41:39 -04:00
Dan Walsh
34e74a1baa - label dead.letter as mail_home_t 2010-08-17 10:05:08 -04:00
Dan Walsh
3798ee962a - label dead.letter as mail_home_t 2010-08-17 07:22:11 -04:00
Chris PeBenito
ab8f919e6f Part of gnome patch from Dan Walsh. 2010-08-12 09:21:36 -04:00
Dan Walsh
b12ede2ac0 * Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12 
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
 2010-08-11 08:58:16 -04:00
Dan Walsh
922cd61e83 * Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12 
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
 2010-08-11 07:55:04 -04:00
Chris PeBenito
a9539a063b Additional kdumpgui cleanup. 2010-08-10 09:21:01 -04:00
Jeremy Solt
46fc0d39e3 Policy for system-config-kdump gui from Dan Walsh 
Edits:
 - removed gnome_dontaudit_search_config
 - removed userdom_dontaudit_search_admin_dir
 - whitespace and style fixes
 2010-08-10 09:05:43 -04:00
Chris PeBenito
5d6bf457b9 Changelog entry for sambagui. 2010-08-09 09:51:35 -04:00
Jeremy Solt
68e615ec5a system-config-samba dbus service policy from Dan Walsh 2010-08-09 09:37:29 -04:00
Jeremy Solt
c87e150280 roles patch from Dan Walsh to move unwanted interface calls into a ifndef 2010-08-09 09:20:31 -04:00
Chris PeBenito
00ca404a20 Remove unnecessary require on cgroup_admin(). 2010-08-09 09:10:24 -04:00
Chris PeBenito
d687db9b42 Whitespace fixes on cgroup. 2010-08-09 08:52:39 -04:00
Dominick Grift
61d7ee58a4 Confine /sbin/cgclear. 
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-09 08:47:15 -04:00
Dominick Grift
a0546c9d1c System layer xml fixes. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-08-05 09:25:55 -04:00