e88b9a2383
add thumbnailer protection
2011-09-26 10:57:37 -04:00
4fb416b929
Add glance module definition
2011-08-29 13:38:34 -04:00
624394103f
Add glance module definition
2011-08-29 13:35:06 -04:00
41a18182a5
storage should be in base
2011-08-03 16:21:21 -04:00
c1eb3ef122
Remove howl, hotplug and kudzu modules, since they are no longer used
2011-07-29 09:49:16 -04:00
ade486af72
Update to upstream
2011-06-27 18:02:16 +02:00
af4c0d3f1e
- Initial policy for matahari
...
- Add dev_read_watchdog
- Allow clamd to connect clamd port
- Add support for kcmdatetimehelper
- Allow shutdown to setrlimit and sys_nice
- Allow systemd_passwd to talk to /dev/log before udev or syslog is runni
- Purge chr_file and blk files on /tmp
- Fixes for pads
- Fixes for piranha-pulse
- gpg_t needs to be able to encyprt anything owned by the user
2011-03-15 20:59:57 +00:00
a72013a386
Add colord policy
2011-03-08 18:32:49 +00:00
731e693460
- Add tcsd policy
2011-02-01 16:45:17 -05:00
116d73139a
- gnomeclock executes a shell
...
- Update for screen policy to handle pipe in homedir
- Fixes for polyinstatiated homedir
- Fixes for namespace policy and other fixes related to polyinstantiation
- Add namespace policy
- Allow dovecot-deliver transition to sendmail which is needed by sieve scri
- Fixes for init, psad policy which relate with confined users
- Do not audit bootloader attempts to read devicekit pid files
- Allow nagios service plugins to read /proc
2011-01-14 17:48:34 +00:00
3c0b9eac8c
- Turn on systemd policy
...
- mozilla_plugin needs to read certs in the homedir.
- Dontaudit leaked file descriptors from devicekit
- Fix ircssi to use auth_use_nsswitch
- Change to use interface without param in corenet to disable unlabelednet
- Allow init to relabel sockets and fifo files in /dev
- certmonger needs dac* capabilities to manage cert files not owned by root
- dovecot needs fsetid to change group membership on mail
- plymouthd removes /var/log/boot.log
- systemd is creating symlinks in /dev
- Change label on /etc/httpd/alias to be all cert_t
2010-12-13 18:56:13 +00:00
c2ad3681fa
- Push fixes to allow disabling of unlabeled_t packet access
...
- Enable unlabelednet policy
2010-12-07 17:51:16 +00:00
06262c1566
- Update to upstream
...
- Add vlock policy
2010-11-05 12:40:07 -04:00
6578cf7413
- More access needed for devicekit
...
- Add dbadm policy
2010-08-30 11:58:36 -04:00
ba77266a14
- Merge with upstream
2010-08-26 20:35:53 -04:00
922cd61e83
* Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
...
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 07:55:04 -04:00
8d55a410dc
- New permissions for syslog
...
- New labels for /lib/upstart
2010-07-26 20:32:18 +00:00
0f2ae00c61
- Update to upstream
2010-07-15 13:11:25 +00:00
244b4526c6
- Cleanup of aiccu policy
...
- initial mock policy
2010-06-16 18:25:47 +00:00
bca242c772
- Add xdm_var_run_t to xserver_stream_connect_xdm
...
- Add cmorrord and mpd policy from Miroslav Grepl
2010-06-02 19:36:11 +00:00
bc4089cfaa
- Update to upstream
2010-05-26 21:15:42 +00:00
a72c31df34
- Update to upstream
2010-03-18 15:47:35 +00:00
add957370e
- Merge with upstream
2010-02-16 22:10:14 +00:00
487de6f251
- Add icecast policy
...
- Cleanup spec file
2010-02-08 22:06:23 +00:00
30c21992cb
- Add mcelog policy
2010-02-03 20:52:58 +00:00
550cc5f4f4
- Add back xserver_manage_home_fonts
2009-12-22 17:25:13 +00:00
194b53e038
- Fixes for abrt calls
2009-12-17 19:34:18 +00:00
9c90ba7e8e
- Add tgtd policy
2009-12-16 13:30:38 +00:00
755e2d6934
- Add tgtd policy
2009-12-11 20:18:55 +00:00
99d8f9cf05
- Update to upstream
2009-11-16 19:57:19 +00:00
d976a83a17
- Allow cupsd_config to read user tmp
...
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
b8498d1e5b
- More fixes
2009-09-08 23:55:31 +00:00
867473ac62
- Add kdump policy for Miroslav Grepl
...
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
c6e2224c70
- Fix polkit label
...
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
5cb9569db7
- Update to upstream
2009-07-24 08:32:40 +00:00
f49c57d5e6
- Allow setroubelshoot exec* privs to prevent crash from bad libraries
...
- add cpufreqselector
2009-04-03 14:45:58 +00:00
5dce3c12f7
- Add xenner and wine fixes from mgrepl
2009-03-20 18:42:38 +00:00
46b5649f90
- Add pulseaudio context
2009-03-09 21:17:23 +00:00
0c34c69a38
- Add pulseaudio context
2009-03-09 16:18:51 +00:00
4f5b223107
- Upgrade to latest patches
2009-03-06 21:11:04 +00:00
a67a1c12aa
- Upgrade to latest patches
2009-03-05 21:05:47 +00:00
496752533e
- Further confinement of qemu images via svirt
2009-02-27 21:22:47 +00:00
2fbeb784fa
- Fixes for wicd daemon
2009-01-28 22:23:18 +00:00
1b94a1375f
- Add wm policy
2009-01-21 20:39:17 +00:00
2a4bdae89c
- Fixed for DeviceKit
2009-01-21 16:17:40 +00:00
7b146db852
- Define openoffice as an x_domain
2009-01-19 14:28:24 +00:00
eacea1d45d
- Define openoffice as an x_domain
2009-01-16 21:32:59 +00:00
0891b2a12d
- Define openoffice as an x_domain
2009-01-16 21:11:58 +00:00
7b43f5254f
- Fix labeling on /var/spool/rsyslog
2008-12-02 19:59:35 +00:00
02d888c766
- Fix labeling on /var/spool/rsyslog
2008-11-25 19:18:01 +00:00
Dan Walsh
Miroslav Grepl
Daniel J Walsh