Dan Walsh
b96903aaa0
- Gnome apps list config_home_t
...
- mpd creates lnk files in homedir
- apache leaks write to mail apps on tmp files
- /var/stockmaniac/templates_cache contains log files
- Abrt list the connects of mount_tmp_t dirs
- passwd agent reads files under /dev and reads utmp file
- squid apache script connects to the squid port
- fix name of plymouth log file
- teamviewer is a wine app
- allow dmesg to read system state
- Stop labeling files under /var/lib/mock so restorecon will not go into this
- nsplugin needs to read network state for google talk
2010-12-28 15:41:30 -05:00
Dan Walsh
c68e37c2c7
Make alsa a module rather then in base
2010-12-21 09:24:00 -05:00
Miroslav Grepl
3c0b9eac8c
- Turn on systemd policy
...
- mozilla_plugin needs to read certs in the homedir.
- Dontaudit leaked file descriptors from devicekit
- Fix ircssi to use auth_use_nsswitch
- Change to use interface without param in corenet to disable unlabelednet
- Allow init to relabel sockets and fifo files in /dev
- certmonger needs dac* capabilities to manage cert files not owned by root
- dovecot needs fsetid to change group membership on mail
- plymouthd removes /var/log/boot.log
- systemd is creating symlinks in /dev
- Change label on /etc/httpd/alias to be all cert_t
2010-12-13 18:56:13 +00:00
Miroslav Grepl
c2ad3681fa
- Push fixes to allow disabling of unlabeled_t packet access
...
- Enable unlabelednet policy
2010-12-07 17:51:16 +00:00
Miroslav Grepl
4eb45ebeaa
- Turn on allow_postfix_local_write_mail_spool
...
- Allow initrc_t to transition to shutdown_t
- Allow logwatch and cron to mls_read_to_clearance for MLS boxes
- Allow wm to send signull to all applications and receive them from users
- lircd patch from field
- Login programs have to read /etc/samba
- New programs under /lib/systemd
- Abrt needs to read config files
2010-11-18 17:37:29 +01:00
Dan Walsh
763342ad3a
- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t
...
- Allow saslauthd_t to create krb5_host_rcache_t files in /tmp
- Fix xserver interface
- Fix definition of /var/run/lxdm
2010-11-12 11:08:35 -05:00
Miroslav Grepl
9238df00c5
- Turn on mediawiki policy
...
- kdump leaks kdump_etc_t to ifconfig, add dontaudit
- uux needs to transition to uucpd_t
- More init fixes relabels man,faillog
- Remove maxima defs in libraries.fc
- insmod needs to be able to create tmpfs_t files
- ping needs setcap
2010-11-12 13:47:15 +01:00
Dan Walsh
fc9bf2f03d
- Add conflicts for dirsrv package
2010-11-09 07:55:52 -05:00
Dan Walsh
06262c1566
- Update to upstream
...
- Add vlock policy
2010-11-05 12:40:07 -04:00
Dan Walsh
c52856e6d8
- Fix sandbox to work on nfs homedirs
...
- Allow cdrecord to setrlimit
- Allow mozilla_plugin to read xauth
- Change label on systemd-logger to syslogd_exec_t
- Install dirsrv policy from dirsrv package
2010-11-05 07:32:45 -04:00
Dan Walsh
9754f472c7
- Allow NetworkManager to read openvpn_etc_t
...
- Dontaudit hplip to write of /usr dirs
- Allow system_mail_t to create /root/dead.letter as mail_home_t
- Add vdagent policy for spice agent daemon
2010-11-01 14:37:25 -04:00
Dan Walsh
12084526fe
- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs.
2010-10-18 13:45:08 -04:00
Dan Walsh
4da7659056
- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs.
2010-10-18 13:18:55 -04:00
Dan Walsh
0daa8b731a
- Fix fusefs handling
...
- Do not allow sandbox to manage nsplugin_rw_t
- Allow mozilla_plugin_t to connecto its parent
- Allow init_t to connect to plymouthd running as kernel_t
- Add mediawiki policy
- dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs.
- Disable transition from dbus_session_domain to telepathy for F14
- Allow boinc_project to use shm
- Allow certmonger to search through directories that contain certs
- Allow fail2ban the DAC Override so it can read log files owned by non root users
2010-10-07 09:19:43 -04:00
Dan Walsh
ea3b7b5dff
- Add vnstat policy
...
- allow libvirt to send audit messages
- Allow chrome-sandbox to search nfs_t
2010-09-16 18:00:00 -04:00
Dan Walsh
a0e8efd42c
- Update to upstream
2010-09-13 16:17:15 -04:00
Dan Walsh
30a7d17203
- Add policy for ajaxterm
2010-09-09 09:58:12 -04:00
Dan Walsh
6578cf7413
- More access needed for devicekit
...
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14
- Merge with upstream
2010-08-26 20:35:53 -04:00
Dan Walsh
922cd61e83
* Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
...
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 07:55:04 -04:00
Daniel J Walsh
8d55a410dc
- New permissions for syslog
...
- New labels for /lib/upstart
2010-07-26 20:32:18 +00:00
Daniel J Walsh
0f2ae00c61
- Update to upstream
2010-07-15 13:11:25 +00:00
Daniel J Walsh
74e6a69ce9
-Update to upstream
2010-06-28 21:27:05 +00:00
Daniel J Walsh
7c727a891e
- Add Zarafa policy
2010-06-16 20:19:22 +00:00
Daniel J Walsh
244b4526c6
- Cleanup of aiccu policy
...
- initial mock policy
2010-06-16 18:25:47 +00:00
Daniel J Walsh
f2403c5b4f
- Cleanup of aiccu policy
...
- initial mock policy
2010-06-11 15:39:46 +00:00
Daniel J Walsh
bca242c772
- Add xdm_var_run_t to xserver_stream_connect_xdm
...
- Add cmorrord and mpd policy from Miroslav Grepl
2010-06-02 19:36:11 +00:00
Daniel J Walsh
bc4089cfaa
- Update to upstream
2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34
- Update to upstream
2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e
- Merge with upstream
2010-02-16 22:10:14 +00:00
Daniel J Walsh
487de6f251
- Add icecast policy
...
- Cleanup spec file
2010-02-08 22:06:23 +00:00
Daniel J Walsh
30c21992cb
- Add mcelog policy
2010-02-03 20:52:58 +00:00
Daniel J Walsh
a62c6405cc
- Lots of fixes found in F12
2010-02-02 16:41:03 +00:00
Daniel J Walsh
89ad5ea38f
- Turn on puppet policy
...
- Update to dgrift git policy
2010-01-14 21:49:18 +00:00
Daniel J Walsh
7723ea3a29
- Update to upstream
2010-01-09 14:08:52 +00:00
Daniel J Walsh
e2f53dfaec
- Cleanups from dgrift
2009-12-23 13:02:27 +00:00
Daniel J Walsh
550cc5f4f4
- Add back xserver_manage_home_fonts
2009-12-22 17:25:13 +00:00
Daniel J Walsh
7d40583319
- Dontaudit sandbox trying to read nscd and sssd
2009-12-21 22:53:07 +00:00
Daniel J Walsh
194b53e038
- Fixes for abrt calls
2009-12-17 19:34:18 +00:00
Daniel J Walsh
9c90ba7e8e
- Add tgtd policy
2009-12-16 13:30:38 +00:00
Daniel J Walsh
755e2d6934
- Add tgtd policy
2009-12-11 20:18:55 +00:00
Daniel J Walsh
9eef358da0
- Update to upstream release
2009-12-10 19:20:14 +00:00
Daniel J Walsh
ee88b050c5
- Add asterisk policy back in
2009-11-20 16:55:54 +00:00
Daniel J Walsh
32594a1112
- Allow vpnc request the kernel to load modules
2009-10-02 15:15:36 +00:00
Daniel J Walsh
d976a83a17
- Allow cupsd_config to read user tmp
...
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
Daniel J Walsh
5b96313949
- Update rhcs policy
2009-09-29 19:47:31 +00:00
Daniel J Walsh
8b10e3abd7
- Update rhcs policy
2009-09-29 12:38:58 +00:00
Daniel J Walsh
69290fd9df
- Update to upstream
...
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
6b7b0c1cdc
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
...
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
ab8f807545
- More fixes
2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b
- More fixes
2009-09-08 23:55:31 +00:00
Daniel J Walsh
42f9effee7
- Add back in unconfined.pp and unconfineduser.pp
...
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
c5f5b5dbcb
- Add ABRT policy
2009-08-21 22:58:28 +00:00
Daniel J Walsh
40243d944f
- Allow cupsd_config_t to be started by dbus
...
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
cbedd06c12
- Add kdump policy for Miroslav Grepl
...
- Turn off execstack boolean
2009-08-12 20:09:21 +00:00
Daniel J Walsh
867473ac62
- Add kdump policy for Miroslav Grepl
...
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Daniel J Walsh
c6e2224c70
- Fix polkit label
...
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
df7055d5b3
- Update to upstream
2009-07-23 21:47:41 +00:00
Daniel J Walsh
221642f17f
- Add rtkit policy
2009-06-25 21:43:36 +00:00
Daniel J Walsh
9850f4d30d
- Allow kpropd to create tmp files
2009-06-24 13:15:55 +00:00
Daniel J Walsh
8866315d40
- Update to upstream
...
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
eead2a6f25
- Allow fprintd to access sys_ptrace
...
- Add sandbox policy
2009-05-20 17:28:24 +00:00
Daniel J Walsh
7b6c105887
- Add varnishd policy
2009-05-18 18:49:15 +00:00
Daniel J Walsh
5dd89f3819
- Fix /sbin/ip6tables-save context
2009-05-02 11:52:13 +00:00
Daniel J Walsh
37ebfc9102
- Add shorewall policy
2009-04-30 22:22:00 +00:00
Daniel J Walsh
40d8f60dd7
- Allow nsplugin to unix_read unix_write sem for unconfined_java
2009-04-28 20:09:21 +00:00
Daniel J Walsh
d4af172a64
- Separate out the ucnonfined user from the unconfined.pp package
2009-04-11 12:30:22 +00:00
Daniel J Walsh
25a47636ae
- Upgrade to latest upstream
...
- Allow devicekit_disk sys_rawio
2009-04-08 00:59:46 +00:00
Daniel J Walsh
f49c57d5e6
- Allow setroubelshoot exec* privs to prevent crash from bad libraries
...
- add cpufreqselector
2009-04-03 14:45:58 +00:00
Daniel J Walsh
5dce3c12f7
- Add xenner and wine fixes from mgrepl
2009-03-20 18:42:38 +00:00
Daniel J Walsh
46b5649f90
- Add pulseaudio context
2009-03-09 21:17:23 +00:00
Daniel J Walsh
0c34c69a38
- Add pulseaudio context
2009-03-09 16:18:51 +00:00
Daniel J Walsh
4f5b223107
- Upgrade to latest patches
2009-03-06 21:11:04 +00:00
Daniel J Walsh
a67a1c12aa
- Upgrade to latest patches
2009-03-05 21:05:47 +00:00
Daniel J Walsh
496752533e
- Further confinement of qemu images via svirt
2009-02-27 21:22:47 +00:00
Daniel J Walsh
1d1c058a4e
- Add git web policy
2009-02-10 16:08:36 +00:00
Daniel J Walsh
2fbeb784fa
- Fixes for wicd daemon
2009-01-28 22:23:18 +00:00
Daniel J Walsh
1b94a1375f
- Add wm policy
2009-01-21 20:39:17 +00:00
Daniel J Walsh
acc137684b
- Add devicekit policy
2009-01-19 22:34:56 +00:00
Daniel J Walsh
87fb15321a
- Allow cups_pdf_t write to nfs_t
2009-01-12 16:59:00 +00:00
Daniel J Walsh
dcd0c96f34
- Allow unconfined_r unconfined_java_t
2008-12-11 15:21:57 +00:00
Daniel J Walsh
02d888c766
- Fix labeling on /var/spool/rsyslog
2008-11-25 19:18:01 +00:00
Daniel J Walsh
6a09cfb688
- Allow hal/pm-utils to look at /var/run/video.rom
...
- Add ulogd policy
2008-11-05 18:26:36 +00:00
Daniel J Walsh
411a424e1c
- Additional fixes for cyphesis
...
- Fix certmaster file context
- Add policy for system-config-samba
2008-11-04 15:40:31 +00:00
Daniel J Walsh
a023a0be19
- Allow dhcpc to restart ypbind
...
- Fixup labeling in /var/run
2008-11-03 22:42:53 +00:00
Daniel J Walsh
333ebd64df
- Allow dhcpc to restart ypbind
...
- Fixup labeling in /var/run
2008-11-03 21:09:40 +00:00
Daniel J Walsh
4125702a20
- Update to upstream
2008-10-14 23:50:08 +00:00
Daniel J Walsh
675bbabe24
- Update to upstream policy
2008-10-09 03:10:32 +00:00
Daniel J Walsh
11ef2470b7
- Fix labeling on new pm*log
...
- Allow ssh to bind to all nodes
2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58
- Fix labeling on new pm*log
...
- Allow ssh to bind to all nodes
2008-09-18 19:34:12 +00:00
Daniel J Walsh
8d197ddd11
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-18 14:19:06 +00:00
Daniel J Walsh
b844bb281b
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-17 23:56:23 +00:00
Daniel J Walsh
59571abd0d
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-16 13:57:15 +00:00
Daniel J Walsh
8a482d67b3
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-12 20:36:21 +00:00
Daniel J Walsh
aca77a6f2d
- Remove gamin policy
2008-09-08 21:01:42 +00:00
Daniel J Walsh
0a219fe07b
- Update to upstream
...
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
cd8bee594b
- Update to upstream
...
- Fix crontab use by unconfined user
2008-08-29 19:29:23 +00:00
Daniel J Walsh
1a0f642074
- Update to upstream
2008-08-11 21:19:25 +00:00
Daniel J Walsh
6ed8533082
- Update to latest refpolicy
2008-07-15 15:22:39 +00:00
Daniel J Walsh
15f71c5d61
- Add livecd policy
2008-06-04 17:26:52 +00:00