Commit Graph

1110 Commits

Author SHA1 Message Date
Dan Walsh
a0e8efd42c - Update to upstream 2010-09-13 16:17:15 -04:00
Dan Walsh
30a7d17203 - Add policy for ajaxterm 2010-09-09 09:58:12 -04:00
Dan Walsh
6e2d7f3a82 - Handle /var/db/sudo
- Allow pulseaudio to read alsa config
- Allow init to send initrc_t dbus messages
2010-09-08 21:24:49 -04:00
Dan Walsh
64d84cf8ec Allow iptables to read shorewall tmp files
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
2010-09-08 14:17:07 -04:00
Dan Walsh
482c9f3ad9 - Merge upstream fix of mmap_zero
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
2010-09-02 13:43:28 -04:00
Dan Walsh
a7a2367a59 - Merge with upstream 2010-08-30 17:34:52 -04:00
Dan Walsh
6578cf7413 - More access needed for devicekit
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14 - Merge with upstream 2010-08-26 20:35:53 -04:00
Dan Walsh
370d04ed3c - Allow seunshare to fowner 2010-08-25 09:45:26 -04:00
Dan Walsh
cc138e86b5 - Allow cron to look at user_cron_spool links
- Lots of fixes for mozilla_plugin_t
- Add sysv file system
- Turn unconfined domains to permissive to find additional avcs
2010-08-24 22:48:06 -04:00
Dan Walsh
63265668f0 - Update policy for mozilla_plugin_t 2010-08-23 18:01:46 -04:00
Dan Walsh
eee39f9d8e - Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
2010-08-23 17:29:52 -04:00
Dan Walsh
19988ca76d - Allow clamscan_t execmem if clamd_use_jit set
- Add policy for firefox plugin-container
2010-08-20 09:36:56 -04:00
Dan Walsh
3798ee962a - label dead.letter as mail_home_t 2010-08-17 07:22:11 -04:00
Dan Walsh
922cd61e83 * Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 07:55:04 -04:00
Daniel J Walsh
d4bb132c2e - Merge in fixes from dgrift repository 2010-07-27 20:34:21 +00:00
Daniel J Walsh
7f5d8f30d0 - Update boinc policy
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
2010-07-27 17:28:04 +00:00
Daniel J Walsh
a1ef703492 - New paths for upstart 2010-07-26 21:46:12 +00:00
Daniel J Walsh
8d55a410dc - New permissions for syslog
- New labels for /lib/upstart
2010-07-26 20:32:18 +00:00
Daniel J Walsh
f3fc10528f - Allow systemd to setsockcon on sockets to immitate other services 2010-07-22 16:58:58 +00:00
Daniel J Walsh
9f811efbbb - Remove debugfs label 2010-07-21 14:57:11 +00:00
Daniel J Walsh
d66bec6356 - Update to latest policy 2010-07-20 17:48:36 +00:00
Daniel J Walsh
1df2fc2bba - Fix eclipse labeling from IBMSupportAssasstant packageing 2010-07-19 21:16:41 +00:00
Daniel J Walsh
3f1005a67d - Make boot with systemd in enforcing mode 2010-07-15 20:04:35 +00:00
Daniel J Walsh
0f2ae00c61 - Update to upstream 2010-07-15 13:11:25 +00:00
Daniel J Walsh
9c1bcc22e3 - Add boolean to turn off port forwarding in sshd. 2010-07-12 21:15:05 +00:00
Miroslav Grepl
be922a1fae - Add support for ebtables
- Fixes for rhcs and corosync policy
2010-07-09 15:28:31 +00:00
Daniel J Walsh
6c42218d9d -Update to upstream 2010-06-28 17:19:34 +00:00
Daniel J Walsh
fa98e0ec52 -Update to upstream 2010-06-21 14:31:26 +00:00
Daniel J Walsh
5f371acada -Update to upstream 2010-06-18 20:14:28 +00:00
Daniel J Walsh
7c727a891e - Add Zarafa policy 2010-06-16 20:19:22 +00:00
Daniel J Walsh
f2403c5b4f - Cleanup of aiccu policy
- initial mock policy
2010-06-11 15:39:46 +00:00
Daniel J Walsh
f651bb6fdc - Lots of random fixes 2010-06-09 21:31:42 +00:00
Daniel J Walsh
b39ccca147 - Update to upstream 2010-06-08 21:23:21 +00:00
Daniel J Walsh
632048ceb1 - Update to upstream
- Allow prelink script to signal itself
- Cobbler fixes
2010-06-07 21:15:35 +00:00
Daniel J Walsh
bca242c772 - Add xdm_var_run_t to xserver_stream_connect_xdm
- Add cmorrord and mpd policy from Miroslav Grepl
2010-06-02 19:36:11 +00:00
Daniel J Walsh
e51284403f - Fix sshd creation of krb cc files for users to be user_tmp_t 2010-06-01 20:56:58 +00:00
Daniel J Walsh
4abfc011a4 - Fixes for accountsdialog
- Fixes for boinc
2010-05-28 12:39:05 +00:00
Daniel J Walsh
65c6e4c421 - Fix label on /var/lib/dokwiki
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls
2010-05-27 16:14:50 +00:00
Daniel J Walsh
bc4089cfaa - Update to upstream 2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34 - Update to upstream 2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e - Merge with upstream 2010-02-16 22:10:14 +00:00
Daniel J Walsh
3c551b85fe - Allow sandbox to work with MLS 2010-02-11 21:54:06 +00:00
Daniel J Walsh
43c7f5f787 - Make Chrome work with staff user 2010-02-10 22:26:52 +00:00
Daniel J Walsh
487de6f251 - Add icecast policy
- Cleanup spec file
2010-02-08 22:06:23 +00:00
Daniel J Walsh
30c21992cb - Add mcelog policy 2010-02-03 20:52:58 +00:00
Daniel J Walsh
a62c6405cc - Lots of fixes found in F12 2010-02-02 16:41:03 +00:00
Daniel J Walsh
b2f6b0698f - Fix rpm_dontaudit_leaks 2010-01-28 15:44:39 +00:00
Daniel J Walsh
4d67b40db1 - Add getsched to hald_t
- Add file context for Fedora/Redhat Directory Server
2010-01-27 21:54:00 +00:00
Daniel J Walsh
b0f36568e1 - Allow abrt_helper to getattr on all filesystems
- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so
2010-01-27 17:08:59 +00:00
Daniel J Walsh
b65afa2940 - Add gstreamer_home_t for ~/.gstreamer 2010-01-22 15:26:39 +00:00
Daniel J Walsh
faec5c2a14 - Update to upstream 2010-01-18 22:40:25 +00:00
Daniel J Walsh
3b54668c40 Update spec file to suck in the correct version of selinux-policy packages 2010-01-15 21:39:39 +00:00
Daniel J Walsh
89ad5ea38f - Turn on puppet policy
- Update to dgrift git policy
2010-01-14 21:49:18 +00:00
Daniel J Walsh
fc05ac0660 - Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
2010-01-11 22:06:55 +00:00
Daniel J Walsh
352dafd046 - Update to upstream 2010-01-07 21:59:22 +00:00
Daniel J Walsh
6049e24424 - Remove most of the permissive domains from F12. 2010-01-06 21:57:07 +00:00
Daniel J Walsh
485ded565a - Add cobbler policy from dgrift 2010-01-05 22:09:02 +00:00
Daniel J Walsh
1e86f3f158 - add usbmon device
- Add allow rulse for devicekit_disk
2010-01-04 21:31:54 +00:00
Daniel J Walsh
4478a9a993 - Lots of fixes found in F12, fixes from Tom London 2009-12-30 14:44:54 +00:00
Daniel J Walsh
08b890455e - Cleanups from dgrift 2009-12-23 18:39:12 +00:00
Daniel J Walsh
daebd59668 - Cleanups from dgrift 2009-12-23 18:37:23 +00:00
Daniel J Walsh
e2f53dfaec - Cleanups from dgrift 2009-12-23 13:02:27 +00:00
Daniel J Walsh
550cc5f4f4 - Add back xserver_manage_home_fonts 2009-12-22 17:25:13 +00:00
Daniel J Walsh
7d40583319 - Dontaudit sandbox trying to read nscd and sssd 2009-12-21 22:53:07 +00:00
Daniel J Walsh
b4675412e2 - Update to upstream 2009-12-18 21:18:10 +00:00
Daniel J Walsh
6ca563ec01 - Rename udisks-daemon back to devicekit_disk_t policy 2009-12-17 19:36:22 +00:00
Daniel J Walsh
e54cc7c3e4 - Fixes for abrt calls 2009-12-16 23:01:00 +00:00
Daniel J Walsh
9c90ba7e8e - Add tgtd policy 2009-12-16 13:30:38 +00:00
Daniel J Walsh
755e2d6934 - Add tgtd policy 2009-12-11 20:18:55 +00:00
Daniel J Walsh
9eef358da0 - Update to upstream release 2009-12-10 19:20:14 +00:00
Daniel J Walsh
f2a1dcd3d4 - Add asterisk policy back in
- Update to upstream release 2.20091117
2009-11-25 20:19:12 +00:00
Daniel J Walsh
ee88b050c5 - Add asterisk policy back in 2009-11-20 16:55:54 +00:00
Daniel J Walsh
ce8c76d673 - Add asterisk policy back in 2009-11-20 16:31:54 +00:00
Daniel J Walsh
55acbfd715 - Update to upstream release 2.20091117 2009-11-18 22:22:56 +00:00
Daniel J Walsh
5e44eb8657 - Update to upstream 2009-11-14 05:18:01 +00:00
Daniel J Walsh
32594a1112 - Allow vpnc request the kernel to load modules 2009-10-02 15:15:36 +00:00
Daniel J Walsh
aaf52ff041 - Add plymouth policy 2009-09-30 18:50:23 +00:00
Daniel J Walsh
d976a83a17 - Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
Daniel J Walsh
8b10e3abd7 - Update rhcs policy 2009-09-29 12:38:58 +00:00
Daniel J Walsh
85582d623f - Allow users to exec restorecond 2009-09-25 18:47:07 +00:00
Daniel J Walsh
f5a104d238 - Allow sendmail to request kernel modules load 2009-09-24 23:30:16 +00:00
Daniel J Walsh
4c2f298bf2 - Fix all kernel_request_load_module domains 2009-09-22 12:49:53 +00:00
Daniel J Walsh
405a74c394 - Fix all kernel_request_load_module domains 2009-09-21 13:55:41 +00:00
Daniel J Walsh
41f8e385a1 - Remove allow_exec* booleans for confined users. Only available for
unconfined_t
2009-09-20 14:32:30 +00:00
Daniel J Walsh
8323d545c4 - More fixes for sandbox_web_t 2009-09-19 02:03:03 +00:00
Daniel J Walsh
ab462917cf - Allow sshd to create .ssh directory and content 2009-09-18 22:12:25 +00:00
Daniel J Walsh
d53d158d2b - Fix request_module line to module_request 2009-09-18 20:44:00 +00:00
Daniel J Walsh
1fb0a98434 - Fix sandbox policy to allow it to run under firefox.
- Dont audit leaks.
2009-09-18 16:20:05 +00:00
Daniel J Walsh
9de7033708 - Fixes for sandbox 2009-09-17 21:41:30 +00:00
Daniel J Walsh
69290fd9df - Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
23e7082b4b - Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
- Remove policycoreutils-python requirement except for minimum
2009-09-15 21:45:12 +00:00
Daniel J Walsh
6b7b0c1cdc - Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
    the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
e20e351e10 - Add wordpress/wp-content/uploads label
- Fixes for sandbox when run from staff_t
2009-09-11 21:15:35 +00:00
Daniel J Walsh
ddc8588081 - Update to upstream
- Fixes for devicekit_disk
2009-09-10 15:38:44 +00:00
Daniel J Walsh
ab8f807545 - More fixes 2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b - More fixes 2009-09-08 23:55:31 +00:00
Daniel J Walsh
123ae9957d - Lots of fixes for initrc and other unconfined domains 2009-09-08 14:30:36 +00:00
Daniel J Walsh
72bc25da0e - Allow xserver to use netlink_kobject_uevent_socket 2009-09-07 01:29:07 +00:00
Daniel J Walsh
1a2981be4a - Dontaudit setroubleshootfix looking at /root directory 2009-09-02 13:33:15 +00:00
Daniel J Walsh
65c3f9a0a8 - Update to upsteam 2009-08-31 21:27:50 +00:00
Daniel J Walsh
cb5670ca1b - Allow gssd to send signals to users
- Fix duplicate label for apache content
2009-08-31 13:39:37 +00:00
Daniel J Walsh
faf9cbbc4b - Update to upstream 2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f - Remove polkit_auth on upgrades 2009-08-28 18:56:15 +00:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
07c04f81b6 - Add back in unconfined.pp and unconfineduser.pp 2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337 - Fixes for cdrecord, mdadm, and others 2009-08-26 12:12:39 +00:00
Daniel J Walsh
080ce6f2c8 - Add capability setting to dhcpc and gpm 2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393 - Allow cronjobs to read exim_spool_t 2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce - Fix system-config-services policy 2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac - Allow libvirt to change user componant of virt_domain 2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Daniel J Walsh
b2c5e72a15 - Make all unconfined_domains permissive so we can see what AVC's happen 2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864 - Add pt_chown policy 2009-08-12 20:10:51 +00:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf - Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data
2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f - Allow devicekit_disk to list inotify 2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:37:39 +00:00
Daniel J Walsh
4673269d66 - Allow exim to getattr on mountpoints
- Fixes for pulseaudio
2009-08-04 11:32:06 +00:00
Daniel J Walsh
947b439e10 - Allow svirt_t to stream_connect to virtd_t 2009-07-31 19:05:34 +00:00
Daniel J Walsh
af4fa8266c - Allod hald_dccm_t to create sock_files in /tmp 2009-07-31 11:02:24 +00:00
Daniel J Walsh
abd1536931 - More fixes from upstream 2009-07-30 20:30:26 +00:00
Daniel J Walsh
c6e2224c70 - Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72 - Update to upstream 2009-07-28 19:08:17 +00:00
Daniel J Walsh
9160520a0e - Allow certmaster to override dac permissions 2009-07-27 22:09:57 +00:00
Daniel J Walsh
df7055d5b3 - Update to upstream 2009-07-23 21:47:41 +00:00
Daniel J Walsh
8da0248476 - Fix context for VirtualBox 2009-07-19 16:04:30 +00:00
Daniel J Walsh
2360ff9f3f - Update to upstream 2009-07-15 19:12:04 +00:00
Daniel J Walsh
a88b486824 - Fixes for xguest 2009-07-08 15:37:57 +00:00
Daniel J Walsh
819f419b33 - fix multiple directory ownership of mandirs 2009-07-07 21:06:52 +00:00
Tom Callaway
a85aeff615 fix duplicate directory ownership with filesystem, policycoreutils 2009-07-07 15:41:05 +00:00
Daniel J Walsh
d9676a6ada - Update to upstream 2009-07-06 21:16:26 +00:00
Daniel J Walsh
bcc53daced - Add rules for rtkit-daemon 2009-06-30 11:46:56 +00:00
Daniel J Walsh
7b16d569d8 - Update to upstream
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
221642f17f - Add rtkit policy 2009-06-25 21:43:36 +00:00
Daniel J Walsh
d399fb4d25 - Allow rpcd_t to stream connect to rpcbind 2009-06-24 20:45:26 +00:00
Daniel J Walsh
9850f4d30d - Allow kpropd to create tmp files 2009-06-24 13:15:55 +00:00
Daniel J Walsh
93dc66eaeb - Fix last duplicate /var/log/rpmpkgs 2009-06-23 13:23:52 +00:00
Daniel J Walsh
a9f0953822 - Update to upstream
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40 - Update to upstream
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529 - Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
9386d6f55f - Fix mcs rules to include chr_file and blk_file 2009-06-18 20:01:47 +00:00
Daniel J Walsh
e3bf6793cb - Add label for udev-acl 2009-06-18 14:42:34 +00:00
Daniel J Walsh
f8df9e54c4 - Additional rules for consolekit/udev, privoxy and various other fixes 2009-06-15 20:04:07 +00:00
Daniel J Walsh
49883e898d - New version for upstream 2009-06-15 15:26:20 +00:00
Daniel J Walsh
d3ae977ab7 - New version for upstream 2009-06-12 18:59:09 +00:00
Daniel J Walsh
6b838056a8 - Allow NetworkManager to read inotifyfs 2009-06-11 21:26:42 +00:00