Commit Graph

4857 Commits

Author SHA1 Message Date
Dan Walsh
439e115b9d Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-29 09:49:38 -04:00
Dan Walsh
c1eb3ef122 Remove howl, hotplug and kudzu modules, since they are no longer used 2011-07-29 09:49:16 -04:00
Miroslav
58f5509584 - More fixes of rules which cause an explosion in rules by Dan Walsh 2011-07-29 14:18:40 +02:00
Miroslav
0c240d9a87 - Allow rcsmcertd to perform DNS name resolution
- Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts
- Allow tmux to run as screen
- New policy for collectd
- Allow gkeyring_t to interact with all user apps
- Add rules to allow firstboot to run on machines with the unconfined.pp module
2011-07-26 17:21:09 +02:00
Dan Walsh
8193baf6c3 Add collectd module to targeted policy 2011-07-25 11:30:08 -04:00
Dan Walsh
300f0d1a1d Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-25 08:49:56 -04:00
Miroslav
f5593ed9be - Allow systemd_logind to send dbus messages with users
- allow accountsd to read wtmp file
- Allow dhcpd to get and set capabilities
2011-07-23 09:10:19 +02:00
Dan Walsh
c209cb862f Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-22 16:24:09 -04:00
Miroslav
6e9c2276f7 - Fix oracledb_port definition
- Allow mount to mounton the selinux file system
- Allow users to list /var directories
2011-07-22 12:37:49 +02:00
Miroslav
273e934611 systemd fixes 2011-07-21 17:22:47 +02:00
Miroslav
2ed5289fc9 - Add initial policy for abrt_dump_oops_t
- xtables-multi wants to getattr of the proc fs
- Smoltclient is connecting to abrt
- Dontaudit leaked file descriptors to postdrop
- Allow abrt_dump_oops to look at kernel sysctls
- Abrt_dump_oops_t reads kernel ring buffer
- Allow mysqld to request the kernel to load modules
- systemd-login needs fowner
- Allow postfix_cleanup_t to searh maildrop
2011-07-19 17:44:23 +02:00
Dan Walsh
dd16c38c4b Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-19 08:17:17 -04:00
Miroslav Grepl
805cc3bcdf - Initial systemd_logind policy
- Add policy for systemd_logger and additional proivs for systemd_logind
- More fixes for systemd policies
2011-07-18 08:17:03 +02:00
Dan Walsh
ef582cdc93 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-14 13:39:46 -04:00
Dan Walsh
854346f783 add ctdbd policy module 2011-07-14 13:39:22 -04:00
Miroslav Grepl
2b7c0552d7 - Allow setsched for virsh
- Systemd needs to impersonate cups, which means it needs to create tcp_sock
- iptables: the various /sbin/ip6?tables.* are now symlinks for /sbin/xtables-mult
2011-07-14 18:49:37 +02:00
Miroslav Grepl
50f07b8abf Fix spec file 2011-07-12 14:59:13 +02:00
Miroslav Grepl
9cf29c17e3 Remove duplicate declaration in ABRT 2011-07-12 10:47:58 +02:00
Miroslav Grepl
40468c4016 Fix typo in modules-targeted.conf 2011-07-12 10:14:13 +02:00
Miroslav Grepl
330eac5848 - A lot of users are running yum -y update while in /root which is causing ldc
- Allow colord to interact with the users through the tmpfs file system
- Since we changed the label on deferred, we need to allow postfix_qmgr_t to b
- Add label for /var/log/mcelog
- Allow asterisk to read /dev/random if it uses TLS
- Allow colord to read ini files which are labeled as bin_t
- Allow dirsrvadmin sys_resource and setrlimit to use ulimit
- Systemd needs to be able to create sock_files for every label in /var/run di
- Also lists /var and /var/spool directories
- Add openl2tpd to l2tpd policy
- qpidd is reading the sysfs file
2011-07-12 09:44:07 +02:00
Dan Walsh
5a8295ac0d add l2tpd daemon policy 2011-07-05 16:20:25 -04:00
Dan Walsh
32e78857c1 Removing /usr/lib/debug subs_dist entry. This did not work properly, we need to go back to labeling based on lib_t 2011-07-05 10:45:44 -04:00
Dan Walsh
fb5b77fade Fully path the semodule command 2011-07-01 06:35:11 -04:00
Miroslav Grepl
975370d58e - Change usbmuxd_t to dontaudit attempts to read chr_file
- Add mysld_safe_exec_t for libra domains to be able to start private mysql dom
- Allow pppd to search /var/lock dir
- Add rhsmcertd policy
2011-06-30 17:55:41 +02:00
Miroslav Grepl
81fbb0fccd Add updated policy-F16.patch 2011-06-28 16:27:18 +02:00
Miroslav Grepl
3f8c0984d4 Upload the right source file 2011-06-27 18:20:35 +02:00
Miroslav Grepl
ade486af72 Update to upstream 2011-06-27 18:02:16 +02:00
Miroslav Grepl
2885bf8a6e - More fixes
* http://git.fedorahosted.org/git/?p=selinux-policy.git
2011-06-27 08:43:05 +02:00
Dan Walsh
7e1b615aa4 Next attempt at getting selinux-policy-* to work without rebuilding policy. 2011-06-16 12:01:25 -04:00
Dan Walsh
cf012ea57e Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-06-16 08:58:41 -04:00
Dan Walsh
8782a92ced Change required policycoreutils and libsemanage 2011-06-16 08:58:19 -04:00
Miroslav Grepl
4fb7b43f62 - Add dspam policy
- Add lldpad policy
- dovecot auth wants to search statfs #713555
- Allow systemd passwd apps to read init fifo_file
- Allow prelink to use inherited terminals
- Run cherokee in the httpd_t domain
- Allow mcs constraints on node connections
- Implement pyicqt policy
- Fixes for zarafa policy
- Allow cobblerd to send syslog messages
2011-06-16 10:42:42 +02:00
Dan Walsh
857c813190 Eliminate olpc stuff and other no longer needed files. Update to new system to build policy.* file within payload. 2011-06-09 22:36:45 -04:00
Dan Walsh
d0597c1c15 apply merge 2011-06-08 12:17:39 -04:00
Miroslav Grepl
183e54f534 Old passanger module needs to be removed in spec file 2011-06-08 17:41:02 +02:00
Miroslav Grepl
d8b121329f - Fixes for zabbix
- init script needs to be able to manage sanlock_var_run_...
- Allow sandlock and wdmd to create /var/run directories...
- mixclip.so has been compiled correctly
- Fix passenger policy module name
2011-06-08 17:32:27 +02:00
Dan Walsh
5253d49ee9 Update from git 2011-06-07 14:43:31 -04:00
Miroslav Grepl
94cdbacbd8 - Add mailscanner policy from dgrift
- Allow chrome to optionally be transitioned to
- Zabbix needs these rules when starting the zabbix_server_mysql
- Implement a type for freedesktop openicc standard (~/.local/share/icc)
- Allow system_dbusd_t to read inherited icc_data_home_t files.
- Allow colord_t to read icc_data_home_t content. #706975
- Label stuff under /usr/lib/debug as if it was labeled under /
2011-06-07 18:12:04 +02:00
Dan Walsh
0535650520 Allow policy.VERSION and modules to ship with package 2011-06-07 11:09:32 -04:00
Dan Walsh
8f6432aac9 Label stuff under /usr/lib/debug as if it was labeled under / 2011-06-06 13:11:10 -04:00
Miroslav Grepl
0e70f655b4 Fix spec file 2011-06-02 15:17:47 +02:00
Miroslav Grepl
a56fb9fa8f - Fixes for sanlock policy
- Fixes for colord policy
- Other fixes
       * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
2011-06-02 15:16:46 +02:00
Miroslav Grepl
b817e17405 - Add more fixes for ABRT retrace-server
- Add telepathy-logger policy
- Add rhev policy
2011-05-26 14:37:08 +02:00
Miroslav Grepl
a8e065be61 - Add rhev policy module to modules-targeted.conf 2011-05-26 14:16:59 +02:00
Miroslav Grepl
ace25237f9 - Lot of fixes
* http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
2011-05-24 16:38:28 +02:00
Dan Walsh
7920a06561 add sanlock and wdmd policy 2011-05-23 18:37:50 -04:00
Dan Walsh
d97c92c34b New policy patch requires updated checkpolicy package 2011-05-23 18:27:11 -04:00
Miroslav Grepl
cb71de50e9 - Allow logrotate to execute systemctl
- Allow nsplugin_t to getattr on gpmctl
- Fix dev_getattr_all_chr_files() interface
- Allow shorewall to use inherited terms
- Allow userhelper to getattr all chr_file devices
- sandbox domains should be able to getattr and dontaudit search of sysctl_kernel_t
- Fix labeling for ABRT Retrace Server
2011-05-19 18:12:32 +02:00
Dan Walsh
d34689e1c3 Add callweaver module 2011-05-17 11:02:03 +02:00
Dan Walsh
7fbbd6f924 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-05-09 14:40:43 -04:00