Commit Graph

250 Commits

Author SHA1 Message Date
Daniel J Walsh
755e2d6934 - Add tgtd policy 2009-12-11 20:18:55 +00:00
Daniel J Walsh
9eef358da0 - Update to upstream release 2009-12-10 19:20:14 +00:00
Daniel J Walsh
ee88b050c5 - Add asterisk policy back in 2009-11-20 16:55:54 +00:00
Daniel J Walsh
32594a1112 - Allow vpnc request the kernel to load modules 2009-10-02 15:15:36 +00:00
Daniel J Walsh
d976a83a17 - Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
Daniel J Walsh
5b96313949 - Update rhcs policy 2009-09-29 19:47:31 +00:00
Daniel J Walsh
8b10e3abd7 - Update rhcs policy 2009-09-29 12:38:58 +00:00
Daniel J Walsh
69290fd9df - Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
6b7b0c1cdc - Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
    the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
ab8f807545 - More fixes 2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b - More fixes 2009-09-08 23:55:31 +00:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
cbedd06c12 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-12 20:09:21 +00:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Daniel J Walsh
c6e2224c70 - Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
df7055d5b3 - Update to upstream 2009-07-23 21:47:41 +00:00
Daniel J Walsh
221642f17f - Add rtkit policy 2009-06-25 21:43:36 +00:00
Daniel J Walsh
9850f4d30d - Allow kpropd to create tmp files 2009-06-24 13:15:55 +00:00
Daniel J Walsh
8866315d40 - Update to upstream
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
eead2a6f25 - Allow fprintd to access sys_ptrace
- Add sandbox policy
2009-05-20 17:28:24 +00:00
Daniel J Walsh
7b6c105887 - Add varnishd policy 2009-05-18 18:49:15 +00:00
Daniel J Walsh
5dd89f3819 - Fix /sbin/ip6tables-save context 2009-05-02 11:52:13 +00:00
Daniel J Walsh
37ebfc9102 - Add shorewall policy 2009-04-30 22:22:00 +00:00
Daniel J Walsh
40d8f60dd7 - Allow nsplugin to unix_read unix_write sem for unconfined_java 2009-04-28 20:09:21 +00:00
Daniel J Walsh
d4af172a64 - Separate out the ucnonfined user from the unconfined.pp package 2009-04-11 12:30:22 +00:00
Daniel J Walsh
25a47636ae - Upgrade to latest upstream
- Allow devicekit_disk sys_rawio
2009-04-08 00:59:46 +00:00
Daniel J Walsh
f49c57d5e6 - Allow setroubelshoot exec* privs to prevent crash from bad libraries
- add cpufreqselector
2009-04-03 14:45:58 +00:00
Daniel J Walsh
5dce3c12f7 - Add xenner and wine fixes from mgrepl 2009-03-20 18:42:38 +00:00
Daniel J Walsh
46b5649f90 - Add pulseaudio context 2009-03-09 21:17:23 +00:00
Daniel J Walsh
0c34c69a38 - Add pulseaudio context 2009-03-09 16:18:51 +00:00
Daniel J Walsh
4f5b223107 - Upgrade to latest patches 2009-03-06 21:11:04 +00:00
Daniel J Walsh
a67a1c12aa - Upgrade to latest patches 2009-03-05 21:05:47 +00:00
Daniel J Walsh
496752533e - Further confinement of qemu images via svirt 2009-02-27 21:22:47 +00:00
Daniel J Walsh
1d1c058a4e - Add git web policy 2009-02-10 16:08:36 +00:00
Daniel J Walsh
2fbeb784fa - Fixes for wicd daemon 2009-01-28 22:23:18 +00:00
Daniel J Walsh
1b94a1375f - Add wm policy 2009-01-21 20:39:17 +00:00
Daniel J Walsh
acc137684b - Add devicekit policy 2009-01-19 22:34:56 +00:00
Daniel J Walsh
87fb15321a - Allow cups_pdf_t write to nfs_t 2009-01-12 16:59:00 +00:00
Daniel J Walsh
dcd0c96f34 - Allow unconfined_r unconfined_java_t 2008-12-11 15:21:57 +00:00
Daniel J Walsh
02d888c766 - Fix labeling on /var/spool/rsyslog 2008-11-25 19:18:01 +00:00
Daniel J Walsh
6a09cfb688 - Allow hal/pm-utils to look at /var/run/video.rom
- Add ulogd policy
2008-11-05 18:26:36 +00:00
Daniel J Walsh
411a424e1c - Additional fixes for cyphesis
- Fix certmaster file context
- Add policy for system-config-samba
2008-11-04 15:40:31 +00:00
Daniel J Walsh
a023a0be19 - Allow dhcpc to restart ypbind
- Fixup labeling in /var/run
2008-11-03 22:42:53 +00:00
Daniel J Walsh
333ebd64df - Allow dhcpc to restart ypbind
- Fixup labeling in /var/run
2008-11-03 21:09:40 +00:00
Daniel J Walsh
4125702a20 - Update to upstream 2008-10-14 23:50:08 +00:00
Daniel J Walsh
675bbabe24 - Update to upstream policy 2008-10-09 03:10:32 +00:00
Daniel J Walsh
11ef2470b7 - Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58 - Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-18 19:34:12 +00:00
Daniel J Walsh
8d197ddd11 - Merge upstream changes
- Add Xavier Toth patches
2008-09-18 14:19:06 +00:00
Daniel J Walsh
b844bb281b - Merge upstream changes
- Add Xavier Toth patches
2008-09-17 23:56:23 +00:00
Daniel J Walsh
59571abd0d - Merge upstream changes
- Add Xavier Toth patches
2008-09-16 13:57:15 +00:00
Daniel J Walsh
8a482d67b3 - Merge upstream changes
- Add Xavier Toth patches
2008-09-12 20:36:21 +00:00
Daniel J Walsh
aca77a6f2d - Remove gamin policy 2008-09-08 21:01:42 +00:00
Daniel J Walsh
0a219fe07b - Update to upstream
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
cd8bee594b - Update to upstream
- Fix crontab use by unconfined user
2008-08-29 19:29:23 +00:00
Daniel J Walsh
1a0f642074 - Update to upstream 2008-08-11 21:19:25 +00:00
Daniel J Walsh
6ed8533082 - Update to latest refpolicy 2008-07-15 15:22:39 +00:00
Daniel J Walsh
15f71c5d61 - Add livecd policy 2008-06-04 17:26:52 +00:00
Daniel J Walsh
a4995d5c65 - Merge Upstream 2008-05-30 20:12:46 +00:00
Daniel J Walsh
7fd4585229 - Merge Upstream 2008-05-23 20:05:34 +00:00
Daniel J Walsh
7e6a2a413c updated policy 2008-05-20 21:37:28 +00:00
Daniel J Walsh
4b7f030014 Update for rawhide 2008-05-19 13:02:56 +00:00
Daniel J Walsh
6c25b428ce - Remove dmesg boolean
- Allow user domains to read/write game data
2008-05-06 17:01:42 +00:00
Daniel J Walsh
987b10f86d - Add cups_pdf policy
- Add openoffice policy to run in xguest
2008-03-14 00:25:00 +00:00
Daniel J Walsh
1bf67d57ed - Fix initrc_context generation for MLS 2008-03-06 22:25:06 +00:00
Daniel J Walsh
c092cc1478 - Add cyphesis policy 2008-02-26 23:02:51 +00:00
Daniel J Walsh
b53db53c9f - Add policy for kerneloops
- Add policy for gnomeclock
2008-02-05 18:31:25 +00:00
Daniel J Walsh
b19d470cd4 - Update to upstream
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
Daniel J Walsh
e1060e24d5 - Allow fail2ban to create a socket in /var/run 2008-02-01 13:49:05 +00:00
Daniel J Walsh
f18a882ba5 - Add audisp policy and prelude 2008-01-30 21:34:13 +00:00
Daniel J Walsh
98f84cb0ed - Add procmail_log support
- Lots of fixes for munin
2008-01-21 15:57:25 +00:00
Daniel J Walsh
a502c55197 - Change user and staff roles to work correctly with varied perms 2008-01-03 22:13:09 +00:00
Daniel J Walsh
194f6c15a0 - Allow cron to run unconfined apps 2007-12-18 19:58:20 +00:00
Daniel J Walsh
9281e2cc41 - Update to upstream
- Allow httpd_sys_script_t to search users homedirs
2007-12-11 06:03:18 +00:00
Daniel J Walsh
a1341a85df - Update to upstream
- Allow httpd_sys_script_t to search users homedirs
2007-12-06 21:37:36 +00:00
Daniel J Walsh
9186dc57d9 - Remove user based home directory separation 2007-11-30 22:33:18 +00:00
Daniel J Walsh
ddf4ec413f - Update to upstream 2007-11-19 20:09:32 +00:00
Daniel J Walsh
7330e86b90 - Update to upstream 2007-11-10 14:14:41 +00:00
Daniel J Walsh
36404444a8 - Update to upstream 2007-11-07 19:42:24 +00:00
Daniel J Walsh
fa0d1c8884 - Update to upstream 2007-10-23 23:13:09 +00:00
Daniel J Walsh
ccf8a72ae3 - Fix vpn to bind to port 4500
- Allow ssh to create shm
- Allow rshd to bind to ports > 1023
2007-10-18 21:33:00 +00:00
Daniel J Walsh
25d586808d - Allow newalias/sendmail dac_override
- Allow bind to bind to all udp ports
2007-09-10 22:02:06 +00:00
Daniel J Walsh
37d6a1ce3f - Fix java labeling 2007-09-06 23:34:02 +00:00
Daniel J Walsh
e8b5993e52 - Update an readd modules 2007-08-27 21:43:05 +00:00
Daniel J Walsh
95bbe5cff0 - Upgrade to upstream to grab postgressql changes 2007-08-23 14:07:25 +00:00
Daniel J Walsh
154d8231c3 - Add brctl policy 2007-07-11 19:44:56 +00:00
Daniel J Walsh
a4ec9b75e1 - Remove ifdef strict policy from upstream 2007-06-22 19:21:00 +00:00
Daniel J Walsh
56187c2f8a - Remove ifdef strict policy from upstream 2007-05-31 18:40:35 +00:00
Daniel J Walsh
346d2dccfd 2007-05-21 18:54:40 +00:00
Daniel J Walsh
daa6abe9e1 - Update to latest from upstream 2007-05-04 17:30:10 +00:00
Daniel J Walsh
6821c3df97 - 2007-04-27 17:23:49 +00:00
Daniel J Walsh
4661767044 - MLS Fixes 2007-04-19 13:58:54 +00:00
Daniel J Walsh
9fc00bcbda - Rwho policy
- Fixes for consolekit
2007-04-17 19:28:14 +00:00
Daniel J Walsh
a3b1a2c522 - Update to upstream 2007-04-11 20:55:28 +00:00
Daniel J Walsh
8e5289e20b - Update to upstream 2007-04-02 19:53:16 +00:00
Daniel J Walsh
ce7f30a258 - Update to upstream 2007-04-02 15:17:45 +00:00
Daniel J Walsh
593fb16ef5 - Add fusermount and mount_ntfs policy 2007-03-20 20:45:45 +00:00
Daniel J Walsh
bdb7f99f00 - Fix handling of unlabled_t packets 2007-03-12 14:51:29 +00:00
Daniel J Walsh
2a9b648b37 - More of my patches from upstream 2007-03-11 05:19:36 +00:00
Daniel J Walsh
9a8202d585 - Update to latest from upstream
- Add fail2ban policy
2007-03-01 16:30:20 +00:00
Daniel J Walsh
5ad70cf38c - Update to remove security_t:filesystem getattr problems 2007-02-28 21:23:19 +00:00
Daniel J Walsh
13893ed688 - Policy for consolekit 2007-02-27 18:34:08 +00:00
Daniel J Walsh
b7da3b9e3e - Add sepolgen support
- Add bugzilla policy
2007-02-20 17:35:59 +00:00
Daniel J Walsh
1a24735d8f - Fix file context for nemiver 2007-02-15 00:19:30 +00:00
Daniel J Walsh
9aff35b779 - 2007-02-12 16:18:31 +00:00
Daniel J Walsh
80f561f26e - Allow mozilla, evolution and thunderbird to read dev_random. Resolves:
#227002
- Allow spamd to connect to smtp port Resolves: #227184
- Fixes to make ypxfr work Resolves: #227237
2007-02-08 13:53:46 +00:00
Daniel J Walsh
3902fd87fd - Remove some targeted diffs in file context file 2007-01-31 22:18:10 +00:00
Daniel J Walsh
e3b143b243 - Allow initrc to create files in /var directories Resolves: #219227 2006-12-12 21:46:24 +00:00
Daniel J Walsh
036c1c2fb6 - Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571
Resolves: #217611 Resolves: #217640 Resolves: #217725
2006-11-30 20:23:49 +00:00
Daniel J Walsh
e4d46c95f3 - Fix context for helix players file_context #216942 2006-11-27 22:17:34 +00:00
Daniel J Walsh
6b97615edf - Allow daemons to dump core files to / 2006-10-30 21:18:40 +00:00
Daniel J Walsh
a76cf8a10b - Update with upstream 2006-09-26 14:59:58 +00:00
Daniel J Walsh
5ec822a112 - Fix cron jobs to run under the correct context 2006-09-21 23:05:49 +00:00
Daniel J Walsh
b4815d027f - Fixes to make pppd work 2006-09-19 19:14:48 +00:00
Daniel J Walsh
66ca8d0003 - Fixup for test6 2006-09-05 20:19:56 +00:00
Daniel J Walsh
1616552ae2 - Fix install problems 2006-08-28 21:49:05 +00:00
Daniel J Walsh
c22acae47c Th Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 2.3.6-3
- Misc fixes
2006-08-11 03:11:59 +00:00
Daniel J Walsh
1f20939ac3 - Add nagios policy 2006-07-28 17:44:17 +00:00
Daniel J Walsh
8a7ef5ec99 - Add setroubleshoot policy 2006-07-14 20:09:54 +00:00
Daniel J Walsh
cfc04db0db - Update from upstream 2006-06-08 14:03:38 +00:00
Daniel J Walsh
a4c7090921 - Add oprofilefs 2006-06-06 21:33:13 +00:00
Daniel J Walsh
e5e5095da5 - Upgrade to upstream 2006-05-20 12:01:14 +00:00
Daniel J Walsh
f4d170770a - Update from upstream 2006-05-17 01:40:53 +00:00
Daniel J Walsh
539ba8aee6 - Allow execution of cvs command 2006-05-09 21:50:36 +00:00
Daniel J Walsh
a52275425c - Update to upstream 2006-05-08 19:26:49 +00:00
Daniel J Walsh
529f12c952 - Update to upstream 2006-05-04 17:39:16 +00:00
Daniel J Walsh
ea725ce70c - Update to upstream 2006-04-29 04:47:05 +00:00
Daniel J Walsh
c53f3b88ff - Allow secadm_t ability to relabel all files
- Allow ftp to search xferlog_t directories
- Allow mysql to communicate with ldap
- Allow rsync to bind to rsync_port_t
2006-04-10 21:10:33 +00:00
Daniel J Walsh
67bc5ebb6c - More textrel_shlib_t file path fixes
- Add ada support
2006-04-06 19:08:54 +00:00
Daniel J Walsh
bd3f0ea368 - Fix policyhelp 2006-03-24 16:44:06 +00:00
Daniel J Walsh
020477271b - Add Xen support 2006-03-07 22:22:14 +00:00
Daniel J Walsh
0296aff141 - Fixes for cups
- Make cryptosetup work with hal
2006-03-06 21:33:51 +00:00
Daniel J Walsh
21277d9d7a - Add hal changes suggested by Jeremy
- add policyhelp to point at policy html pages
2006-03-04 14:49:35 +00:00
Daniel J Walsh
6e9bcb4a8d *** empty log message *** 2006-02-19 12:17:15 +00:00
Daniel J Walsh
681c9dc1a9 - Update to upstream
- Fix rhgb, and other Xorg startups
2006-01-31 00:35:32 +00:00
Daniel J Walsh
129ba16c5a - Update to upstream 2006-01-24 15:41:46 +00:00
Daniel J Walsh
30a020fcb8 - Update to upstream
- Turn off execheap execstack for unconfined users
- Add mono/wine policy to allow execheap and execstack for them
- Add execheap for Xdm policy
2006-01-19 19:10:47 +00:00
Daniel J Walsh
26e33dff20 - Update to upstream 2006-01-09 20:20:08 +00:00
Daniel J Walsh
451d9b499b - Handle new location of hal scripts 2006-01-06 01:04:12 +00:00
Daniel J Walsh
aaa1fb9063 - Update to upstream 2006-01-05 21:54:11 +00:00
Daniel J Walsh
a08ba87128 - Add Logwatch policy 2005-12-30 16:08:00 +00:00
Daniel J Walsh
596229f500 - Fix hostname in targeted policy 2005-12-22 22:35:01 +00:00
Daniel J Walsh
1335ee87a4 - Add man pages 2005-12-20 04:02:59 +00:00
Daniel J Walsh
1c86025686 - Add java unconfined/execmem policy 2005-12-15 03:31:43 +00:00
Daniel J Walsh
e24a8b160d - Fixes for hal
- Update to upstream
2005-12-13 04:53:03 +00:00
Daniel J Walsh
d4da533c32 - Update to upstream
- Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies
2005-12-10 05:19:29 +00:00
Daniel J Walsh
bd7e86c379 - Fixes for dovecot and saslauthd 2005-12-01 18:16:50 +00:00
Daniel J Walsh
e568731790 - Update to upstream 2005-11-21 21:49:31 +00:00