Commit Graph

618 Commits

Author SHA1 Message Date
Daniel J Walsh
67bc5ebb6c - More textrel_shlib_t file path fixes
- Add ada support
2006-04-06 19:08:54 +00:00
Daniel J Walsh
4fd214b03b - Get auditctl working in MLS policy 2006-04-04 10:07:53 +00:00
Daniel J Walsh
2ad4f12eff - Add mono dbus support
- Lots of file_context fixes for textrel_shlib_t in FC5
- Turn off execmem auditallow since they are filling log files
2006-04-03 17:17:13 +00:00
Daniel J Walsh
da5d600a11 - Update to upstream 2006-03-31 20:57:44 +00:00
Daniel J Walsh
d2bd4f4f3d - Allow automount and dbus to read cert files 2006-03-30 22:27:52 +00:00
Daniel J Walsh
58ec7a5124 - Fix ftp policy
- Fix secadm running of auditctl
2006-03-30 19:57:31 +00:00
Daniel J Walsh
5c1cd7105c - Update to upstream 2006-03-29 20:21:25 +00:00
Daniel J Walsh
bbe0ad9e91 - Update to upstream 2006-03-27 22:47:14 +00:00
Daniel J Walsh
5a014310cd - Update to upstream 2006-03-27 22:07:37 +00:00
Daniel J Walsh
bd3f0ea368 - Fix policyhelp 2006-03-24 16:44:06 +00:00
Daniel J Walsh
faffd3afe5 - Fix pam_console handling of usb_device
- dontaudit logwatch reading /mnt dir
2006-03-22 15:56:09 +00:00
Daniel J Walsh
414d6d811a - Update to upstream 2006-03-21 19:46:10 +00:00
Daniel J Walsh
ad73e86386 - Update to upstream 2006-03-21 15:42:38 +00:00
Daniel J Walsh
727bb2e4d1 - Update to upstream 2006-03-18 04:09:10 +00:00
Daniel J Walsh
9f8b0589bf - Get transition rules to create policy.20 at SystemHigh 2006-03-16 14:41:17 +00:00
Daniel J Walsh
5b46764cba - Allow secadmin to shutdown system
- Allow sendmail to exec newalias
2006-03-14 22:43:44 +00:00
Daniel J Walsh
6d42754555 - MLS Fixes dmidecode needs mls_file_read_up
- add ypxfr_t
- run init needs access to nscd
- udev needs setuid
- another xen log file
- Dontaudit mount getattr proc_kcore_t
2006-03-14 20:15:31 +00:00
Daniel J Walsh
0a74a26d18 - MLS Fixes dmidecode needs mls_file_read_up
- add ypxfr_t
- run init needs access to nscd
- udev needs setuid
- another xen log file
- Dontaudit mount getattr proc_kcore_t
2006-03-14 20:13:28 +00:00
Karsten Hopp
4e431cfdce - remove mkdir /usr/share/selinux/, it's not required and even wrong
without a prepended $RPM_BUILD_ROOT (#185391)
2006-03-14 10:37:14 +00:00
Daniel J Walsh
4c9f08fbba - Get rid of mount/fsdisk scan of /dev messages
- Additional fixes for suspend/resume
2006-03-09 21:50:18 +00:00
Daniel J Walsh
54b0b5869e - Fake make to rebuild enableaudit.pp 2006-03-09 18:30:56 +00:00
Daniel J Walsh
6d2388955d - Get xen networking running. 2006-03-09 18:12:23 +00:00
Daniel J Walsh
23a177b7c3 - Fixes for Xen
- enableaudit should not be the same as base.pp
- Allow ps to work for all process
2006-03-09 15:34:49 +00:00
Jeremy Katz
b33ec3c21d - more xen policy fixups 2006-03-09 05:09:46 +00:00
Jeremy Katz
1b07552d67 - more xen fixage (#184393) 2006-03-09 00:18:57 +00:00
Daniel J Walsh
060041b7bf - Fix blkid specification
- Allow postfix to execute mailman_que
2006-03-08 22:11:17 +00:00
Daniel J Walsh
9c64bb6f27 - Blkid changes
- Allow udev access to usb_device_t
- Fix post script to create targeted policy config file
2006-03-08 20:40:43 +00:00
Daniel J Walsh
4c9f658bb2 - Allow lvm tools to create drevice dir 2006-03-08 17:02:01 +00:00
Daniel J Walsh
020477271b - Add Xen support 2006-03-07 22:22:14 +00:00
Daniel J Walsh
72a1365426 - Fixes for cups
- Make cryptosetup work with hal
2006-03-06 23:05:10 +00:00
Daniel J Walsh
0296aff141 - Fixes for cups
- Make cryptosetup work with hal
2006-03-06 21:33:51 +00:00
Daniel J Walsh
76d7c52ccf - Load Policy needs translock 2006-03-06 02:00:43 +00:00
Daniel J Walsh
ef0cb15960 - Fix cups html interface 2006-03-04 23:24:54 +00:00
Daniel J Walsh
21277d9d7a - Add hal changes suggested by Jeremy
- add policyhelp to point at policy html pages
2006-03-04 14:49:35 +00:00
Daniel J Walsh
d2c2609f8c - add policyhelp to point at policy html pages 2006-03-04 05:10:54 +00:00
Daniel J Walsh
8254bb0ce6 - Additional fixes for nvidia and cups 2006-02-27 23:23:06 +00:00
Daniel J Walsh
575aa98fb7 - Update to upstream
- Merged my latest fixes
- Fix cups policy to handle unix domain sockets
2006-02-27 23:00:40 +00:00
Daniel J Walsh
fbec4b5191 *** empty log message *** 2006-02-25 20:50:53 +00:00
Daniel J Walsh
290aa68ca4 *** empty log message *** 2006-02-24 20:50:49 +00:00
Daniel J Walsh
dd2612b757 *** empty log message *** 2006-02-24 18:39:09 +00:00
Daniel J Walsh
e135c767ec *** empty log message *** 2006-02-24 16:45:01 +00:00
Daniel J Walsh
7716868268 *** empty log message *** 2006-02-24 16:43:26 +00:00
Daniel J Walsh
c126996365 *** empty log message *** 2006-02-24 15:50:38 +00:00
Daniel J Walsh
7dca0e2e81 *** empty log message *** 2006-02-23 22:28:34 +00:00
Daniel J Walsh
5d5343f8cc *** empty log message *** 2006-02-23 21:02:49 +00:00
Daniel J Walsh
d19b685646 *** empty log message *** 2006-02-23 18:56:17 +00:00
Daniel J Walsh
701455e3c5 *** empty log message *** 2006-02-23 15:12:37 +00:00
Daniel J Walsh
585f827b55 *** empty log message *** 2006-02-22 22:46:02 +00:00
Daniel J Walsh
d4d1f2b10a *** empty log message *** 2006-02-22 18:48:03 +00:00
Daniel J Walsh
4dab27663b *** empty log message *** 2006-02-22 18:41:25 +00:00
Daniel J Walsh
a57054e5e9 *** empty log message *** 2006-02-22 00:53:12 +00:00
Daniel J Walsh
d5ae27dcc7 *** empty log message *** 2006-02-21 20:39:54 +00:00
Daniel J Walsh
28c4257a6b *** empty log message *** 2006-02-21 19:17:26 +00:00
Daniel J Walsh
46bd65b6cf *** empty log message *** 2006-02-21 19:16:52 +00:00
Daniel J Walsh
31d4d26d94 *** empty log message *** 2006-02-21 15:36:15 +00:00
Daniel J Walsh
f0e87bc6c8 *** empty log message *** 2006-02-21 04:51:22 +00:00
Daniel J Walsh
3debd0a982 *** empty log message *** 2006-02-20 22:11:40 +00:00
Daniel J Walsh
6e9bcb4a8d *** empty log message *** 2006-02-19 12:17:15 +00:00
Daniel J Walsh
f3a3900067 *** empty log message *** 2006-02-15 16:19:41 +00:00
Daniel J Walsh
025d1ec54d *** empty log message *** 2006-02-14 22:48:01 +00:00
Daniel J Walsh
2f15a23304 *** empty log message *** 2006-02-14 21:52:23 +00:00
Daniel J Walsh
c417f6b886 *** empty log message *** 2006-02-14 17:11:59 +00:00
Daniel J Walsh
cb99f70c9e *** empty log message *** 2006-02-13 19:51:43 +00:00
Daniel J Walsh
847884da96 *** empty log message *** 2006-02-13 17:14:30 +00:00
Daniel J Walsh
32b8716cff *** empty log message *** 2006-02-13 15:55:10 +00:00
Daniel J Walsh
faa80bb2e1 *** empty log message *** 2006-02-11 02:41:50 +00:00
Daniel J Walsh
5a82999d92 *** empty log message *** 2006-02-09 12:26:53 +00:00
Daniel J Walsh
b28bebeb11 *** empty log message *** 2006-02-06 19:12:13 +00:00
Daniel J Walsh
a3a62aba77 *** empty log message *** 2006-02-04 03:03:32 +00:00
Daniel J Walsh
de82d855b5 *** empty log message *** 2006-02-03 14:59:07 +00:00
Daniel J Walsh
38c8068bd0 *** empty log message *** 2006-02-01 13:21:35 +00:00
Daniel J Walsh
681c9dc1a9 - Update to upstream
- Fix rhgb, and other Xorg startups
2006-01-31 00:35:32 +00:00
Daniel J Walsh
737432388b - Update to upstream
- Fix rhgb, and other Xorg startups
2006-01-28 05:39:52 +00:00
Daniel J Walsh
33253774cc - Update to upstream
- Fix rhgb
2006-01-28 04:52:34 +00:00
Daniel J Walsh
70d9b4899e - Update to upstream 2006-01-28 04:50:20 +00:00
Daniel J Walsh
78265f434d - Update to upstream 2006-01-27 07:06:21 +00:00
Daniel J Walsh
b6e6b56d1a - Add inotifyfs handling 2006-01-26 17:02:46 +00:00
Daniel J Walsh
e76babe5db - Update to upstream
- Put back in changes for pup/zen
2006-01-26 15:47:02 +00:00
Daniel J Walsh
a3b5c300fa - Many changes for MLS
- Turn on strict policy
2006-01-24 21:47:16 +00:00
Daniel J Walsh
129ba16c5a - Update to upstream 2006-01-24 15:41:46 +00:00
Daniel J Walsh
30a020fcb8 - Update to upstream
- Turn off execheap execstack for unconfined users
- Add mono/wine policy to allow execheap and execstack for them
- Add execheap for Xdm policy
2006-01-19 19:10:47 +00:00
Daniel J Walsh
05207b6b63 - Update to upstream 2006-01-17 22:47:12 +00:00
Daniel J Walsh
a1c584a9c1 - Update to upstream
- Add rules to allow rpcd to work with unlabeled_networks.
2006-01-17 20:02:54 +00:00
Daniel J Walsh
2e71478caf - Update to upstream 2006-01-17 19:40:15 +00:00
Daniel J Walsh
cdab5cb3e1 - Update to upstream
- Fix ftp Man page
2006-01-17 03:55:13 +00:00
Daniel J Walsh
7ba8b0d5a8 - Update to upstream 2006-01-13 22:32:06 +00:00
Jeremy Katz
b9b2d8a63a - fix pup transitions (#177262)
- fix xen disks (#177599)
2006-01-12 02:36:17 +00:00
Daniel J Walsh
64012806da - Update to upstream 2006-01-11 22:25:06 +00:00
Daniel J Walsh
ef14779637 - More Fixes for hal and readahead 2006-01-10 17:36:14 +00:00
Daniel J Walsh
e485f59f95 - Fixes for hal and readahead 2006-01-09 22:50:57 +00:00
Daniel J Walsh
26e33dff20 - Update to upstream 2006-01-09 20:20:08 +00:00
Daniel J Walsh
451d9b499b - Handle new location of hal scripts 2006-01-06 01:04:12 +00:00
Daniel J Walsh
0088858611 - Allow su to read /etc/mtab 2006-01-05 21:55:48 +00:00
Daniel J Walsh
026fac633f - Update to upstream 2006-01-04 19:21:36 +00:00
Daniel J Walsh
2864321e7c - Update to upstream 2006-01-04 19:20:36 +00:00
Daniel J Walsh
a736f971f2 - Update to upstream 2006-01-04 19:02:16 +00:00
Daniel J Walsh
120d3b52ce - Fix "libsemanage.parse_module_headers: Data did not represent a module."
problem
2006-01-03 18:23:17 +00:00
Daniel J Walsh
ce66f5002d - Allow load_policy to read /etc/mtab 2006-01-03 17:21:11 +00:00
Daniel J Walsh
1f312240b0 - Fix dovecot to allow dovecot_auth to look at /tmp 2006-01-02 19:56:17 +00:00
Daniel J Walsh
d7b05bca05 - Allow restorecon to read unlabeled_t directories in order to fix
labeling.
2006-01-02 19:38:23 +00:00
Daniel J Walsh
3607aaf0c5 - Add Logwatch policy 2006-01-02 13:26:14 +00:00
Daniel J Walsh
a08ba87128 - Add Logwatch policy 2005-12-30 16:08:00 +00:00
Daniel J Walsh
798572ff3d - Fix /dev/ub[a-z] file context 2005-12-28 12:56:36 +00:00
Daniel J Walsh
9f7b037d0a - Fix library specification
- Give kudzu execmem privs
2005-12-27 20:34:15 +00:00
Daniel J Walsh
596229f500 - Fix hostname in targeted policy 2005-12-22 22:35:01 +00:00
Daniel J Walsh
5a47e648ad - Fix passwd command on mls 2005-12-22 21:40:15 +00:00
Daniel J Walsh
71ee99d3db - Lots of fixes to make mls policy work 2005-12-21 18:07:27 +00:00
Daniel J Walsh
6e9ee77d3b - Add dri libs to textrel_shlib_t
- Add system_r role for java
- Add unconfined_exec_t for vncserver
- Allow slapd to use kerberos
2005-12-20 22:47:39 +00:00
Daniel J Walsh
9d20b260a9 - Add dri libs to textrel_shlib_t 2005-12-20 19:03:31 +00:00
Daniel J Walsh
1335ee87a4 - Add man pages 2005-12-20 04:02:59 +00:00
Daniel J Walsh
315b4a40cf - Add enableaudit.pp 2005-12-17 13:41:58 +00:00
Daniel J Walsh
105bbf6bd9 - Fix mls policy 2005-12-17 04:35:55 +00:00
Daniel J Walsh
ecb7268725 - Update mls file from old version 2005-12-16 18:39:42 +00:00
Daniel J Walsh
a587fa4259 - Update mls file from old version 2005-12-16 18:36:00 +00:00
Daniel J Walsh
0c9f87bd98 - Update mls file from old version 2005-12-16 15:30:02 +00:00
Daniel J Walsh
dce316d016 - Add sids back in
- Rebuild with update checkpolicy
2005-12-16 14:39:19 +00:00
Daniel J Walsh
9ce97af9cc - Fixes to allow automount to use portmap
- Fixes to start kernel in s0-s15:c0.c255
2005-12-15 23:19:08 +00:00
Daniel J Walsh
1c86025686 - Add java unconfined/execmem policy 2005-12-15 03:31:43 +00:00
Daniel J Walsh
1ef62fe126 - Add file context for /var/cvs
- Dontaudit webalizer search of homedir
2005-12-14 22:47:12 +00:00
Daniel J Walsh
1f00750f8d - Add file context for /var/cvs
- Dontaudit webalizer search of homedir
2005-12-14 22:06:38 +00:00
Daniel J Walsh
504da9fea1 - Update from upstream
- Allow unconfined_t to transition to rpm_script_t
2005-12-13 22:13:21 +00:00
Daniel J Walsh
e24a8b160d - Fixes for hal
- Update to upstream
2005-12-13 04:53:03 +00:00
Daniel J Walsh
1ff14ab434 - Fixes for hal 2005-12-12 23:57:06 +00:00
Daniel J Walsh
d8566e6094 - Turn back on execmem since we need it for java, firefox, ooffice
- Allow gpm to stream socket to itself
2005-12-12 21:00:36 +00:00
Daniel J Walsh
7171df22fe - Turn back on execmem since we need it for java, firefox, ooffice 2005-12-12 20:59:35 +00:00
Daniel J Walsh
cfcb308b2a - Turn back on execmem since we need it for java, firefox, ooffice 2005-12-12 20:59:12 +00:00
Daniel J Walsh
afa8a21584 - Allow gpm to stream socket to itself 2005-12-12 20:47:41 +00:00
Daniel J Walsh
57c18fe4b0 - Allow gpm to stream socket to itself 2005-12-12 20:43:43 +00:00
Jeremy Katz
eb190f83a7 - fix requirements to be on the actual packages so that policy can get
created properly at install time
2005-12-12 19:43:05 +00:00
Daniel J Walsh
9e85a85af9 - Allow unconfined_t to execmod texrel_shlib_t 2005-12-11 17:29:15 +00:00
Daniel J Walsh
d4da533c32 - Update to upstream
- Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies
2005-12-10 05:19:29 +00:00
Daniel J Walsh
e1ccb6fe66 - Add two new httpd booleans, turned off by default
httpd_can_network_relay
httpd_can_network_connect_db
2005-12-09 20:59:20 +00:00
Daniel J Walsh
7c94e8ecfd - Add ghost for policy.20 2005-12-09 18:31:04 +00:00
Daniel J Walsh
6f5a3bc6a7 - Update to upstream
- Turn off boolean allow_execstack
2005-12-08 21:56:50 +00:00
Daniel J Walsh
c6c4985f3e - Change setrans-mls to use new libsetrans
- Add default_context rule for xdm
2005-12-08 20:33:17 +00:00
Daniel J Walsh
12e089ca6c - Change Requires to PreReg for requiring of policycoreutils on install 2005-12-08 17:04:27 +00:00
Daniel J Walsh
97bd2aa228 Add xdm policy 2005-12-08 05:02:10 +00:00
Daniel J Walsh
46a9067121 Update from upstream 2005-12-07 01:07:26 +00:00
Daniel J Walsh
913e479f74 Update from upstream 2005-12-06 17:44:30 +00:00
Daniel J Walsh
a1e07bd458 Update from upstream 2005-12-06 04:12:01 +00:00
Daniel J Walsh
47518615a8 Update from upstream 2005-12-06 03:41:59 +00:00
Daniel J Walsh
caeef12f57 Update from upstream 2005-12-02 22:58:20 +00:00
Nalin Dahyabhai
2b2203d51a - fix trigger (dwalsh looking over my shoulder) 2005-12-02 22:11:34 +00:00
Daniel J Walsh
28930b1e35 - No longer installing policy.20 file, anaconda handles the building of the
app.
2005-12-01 18:27:55 +00:00
Daniel J Walsh
bd7e86c379 - Fixes for dovecot and saslauthd 2005-12-01 18:16:50 +00:00
Daniel J Walsh
4199dc8023 - Fixes for dovecot and saslauthd 2005-11-29 17:32:09 +00:00
Daniel J Walsh
a0336204d8 - Cleanup pegasus and named
- Fix spec file
- Fix up passwd changing applications
2005-11-29 05:22:53 +00:00
Daniel J Walsh
c1b0228afa - Cleanup pegasus and named
- Fix spec file
- Fix up passwd changing applications
2005-11-23 22:38:02 +00:00
Daniel J Walsh
25e721d6e5 - Cleanup pegasus and named
- Fix spec file
2005-11-23 21:08:47 +00:00
Daniel J Walsh
21dea1c61e - Cleanup pegasus and named
- Fix spec file
2005-11-23 19:11:28 +00:00
Daniel J Walsh
598be154e8 -Update to latest from upstream 2005-11-23 17:11:44 +00:00
Daniel J Walsh
e38dc4108f -Update to latest from upstream 2005-11-23 15:20:18 +00:00
Daniel J Walsh
b33f08f453 - Add rules for pegasus and avahi 2005-11-22 22:46:58 +00:00
Daniel J Walsh
765f818d32 - Add rules for pegasus and avahi 2005-11-22 19:25:26 +00:00
Daniel J Walsh
d77f56b9f2 - Start building MLS Policy 2005-11-22 18:59:41 +00:00
Daniel J Walsh
a32f665665 - Start building MLS Policy 2005-11-21 21:50:16 +00:00
Daniel J Walsh
e568731790 - Update to upstream 2005-11-21 21:49:31 +00:00
Daniel J Walsh
3e930b80c0 - Update to upstream 2005-11-21 21:43:55 +00:00
Daniel J Walsh
1a0a256c0c - Update to upstream 2005-11-18 21:35:08 +00:00
Daniel J Walsh
205d3ff11f - Turn on bash 2005-11-17 03:31:37 +00:00
Daniel J Walsh
f0b87c9d0c - Initial version 2005-11-16 03:43:46 +00:00
Nalin Dahyabhai
af6090863d now how about this? do you like it? is it finally good enough for you? 2005-11-15 00:07:50 +00:00
Nalin Dahyabhai
46e7261190 try this 2005-11-15 00:01:46 +00:00
Nalin Dahyabhai
f852dde3c4 try anything 2005-11-14 23:51:43 +00:00
Daniel J Walsh
be926abb95 - Initial version 2005-11-14 23:43:27 +00:00
Daniel J Walsh
edb750876f - Initial version 2005-11-14 23:35:53 +00:00
Daniel J Walsh
cc9c9ee183 - Initial version 2005-11-14 23:28:26 +00:00
Daniel J Walsh
1580c873c7 auto-import selinux-policy-2.0.0-0.6 on branch devel from
selinux-policy-2.0.0-0.6.src.rpm
2005-11-14 23:22:29 +00:00