Dan Walsh
9461b60657
Add the ability to send audit messages to confined admin policies
...
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS
2010-09-15 11:31:20 -04:00
Miroslav Grepl
3b0a9c74bb
Allow iscsid to manage tgtd semaphores
2010-09-15 16:50:07 +02:00
Chris PeBenito
fee48647ac
Module version bump for c17ad38
5271920
2a2b6a7
01c4413
c4fbfae
a831710
...
67effb0
483be01
c6c63f6
b0d8d59
5b082e4
b8097d6
689d954
5afc3d3
f3c5e77
a59e50c
cf87233
17759c7
dc1db54
e9bf16d
4f95198
bf40792
622c63b
c20842c
dc7cc4d
792d448
2010-09-15 10:42:34 -04:00
Jeremy Solt
792d44840c
radvd patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
dc7cc4d5c1
snort patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
c20842caf8
stunnel patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
622c63b4e3
zabbix patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
bf40792ae5
zebra patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
4f95198644
awstats patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
e9bf16d2d9
certmaster patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
dc1db5407a
pcscd patch from Dan Walsh
...
Edit: removed the dev_list_sysfs call, dev_read_sysfs takes care of it
2010-09-15 09:14:54 -04:00
Jeremy Solt
17759c7326
postgresql patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
cf872339b2
postgrey patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
a59e50c12c
prelude patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
f3c5e77754
certwatch patch from Dan Walsh
...
Not including userdom_dontaudit_list_admin_dir - still no admin_home_t in refpolicy
2010-09-15 09:14:54 -04:00
Jeremy Solt
5afc3d3589
firstboot patch from Dan Walsh
...
Not including gnome_admin_home_gconf_filetrans - no admin_home_t in refpolicy
2010-09-15 09:14:54 -04:00
Jeremy Solt
689d95422f
smoltclient patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
b8097d6ec4
amavis patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
5b082e4acf
arpwatch patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
b0d8d59ff0
canna patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
c6c63f63c7
certmonger patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
483be01302
courier patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
67effb0450
dcc patch from Dan Walsh
2010-09-15 09:14:53 -04:00
Jeremy Solt
a831710a6a
style change to djbdns.te
2010-09-15 09:14:52 -04:00
Jeremy Solt
c4fbfaecdd
fetchmail patch from Dan Walsh
2010-09-15 09:14:52 -04:00
Jeremy Solt
01c441355e
icecast patch from Dan Walsh
2010-09-15 09:14:52 -04:00
Jeremy Solt
2a2b6a79fa
nslcd patch from Dan Walsh
2010-09-15 09:14:52 -04:00
Jeremy Solt
5271920764
nut patch from Dan Walsh
2010-09-15 09:14:52 -04:00
Jeremy Solt
c17ad385ac
openct patch from Dan Walsh
2010-09-15 09:14:52 -04:00
Chris PeBenito
25d796ed37
Unconditional staff and user oidentd home config access from Dominick Grift.
2010-09-15 08:20:16 -04:00
Dominick Grift
941e3db567
Access for confined users to oidentd user home content is unconditional.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 08:05:41 -04:00
Dan Walsh
6dfe56b4e5
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
2010-09-14 16:39:10 -04:00
Dan Walsh
43a0339db4
add labeling for /root/.debug
2010-09-14 15:29:18 -04:00
Dan Walsh
d7f2020c46
- Allow all domains that can use cgroups to search tmpfs_t directory
...
- Allow init to send audit messages
2010-09-14 15:18:34 -04:00
Miroslav Grepl
323c9f13bb
Fixes for vmware-host policy
2010-09-14 19:28:55 +02:00
Dan Walsh
c2dae98501
Allow a couple of sandbox issues.
...
Remove postgresl managing of etc_files, until I find out why it is needed.
Dontaudit leaks from rpm to mount
2010-09-14 10:02:43 -04:00
Dan Walsh
4251ae1004
Add labels for /lib/readahead.
...
Add back gnome_setattr interface
2010-09-13 16:15:43 -04:00
Dan Walsh
5ef740e54b
Fix gnome_setattr_config_home
...
Allow exec of sandbox_file_type by calling apps
Fix typos
2010-09-13 14:47:02 -04:00
Dan Walsh
3034a8d941
Fix some names in passenger policy
2010-09-13 10:26:10 -04:00
Miroslav Grepl
94820e4290
Move passenger policy to services
2010-09-13 15:10:30 +02:00
Dan Walsh
536f28a2bf
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
2010-09-13 08:43:40 -04:00
Dan Walsh
1a40cbf63e
Fix boolean descriptions
2010-09-13 08:43:35 -04:00
Miroslav Grepl
3a3212619a
Allow dovecot-deliver to create tmp files
...
Allow tor to send signals to itself
2010-09-13 13:12:24 +02:00
Miroslav Grepl
d7de04f8d4
- Add passenger policy
2010-09-13 11:49:37 +02:00
Dan Walsh
366396d855
Fix cert calls in telepath, boinc, kerberos
...
Add sys_admin to xend to allow it to start
Add oident calls to staff_t
2010-09-10 13:18:49 -04:00
Dan Walsh
cab9bc9c58
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy; branch 'master' of http://oss.tresys.com/git/refpolicy
...
Conflicts:
policy/modules/admin/amanda.if
policy/modules/system/init.te
policy/modules/system/miscfiles.if
policy/modules/system/miscfiles.te
policy/modules/system/userdomain.if
2010-09-10 13:02:25 -04:00
Dan Walsh
d7544f0d25
rename mdadm_map_t to mdadm_var_run_t
2010-09-10 12:14:25 -04:00
Dan Walsh
0b8f4cfe16
More fixes for mozilla_plugin_t
...
Allow telepathy domains to send themselves sigkill
Label /etc/httpd/alias/*db as cert_t
Allow fprintd to sys_nice
2010-09-10 12:10:13 -04:00
Chris PeBenito
da12b54802
Module version bumps for cert patch.
2010-09-10 11:31:22 -04:00
Chris PeBenito
e9d6dfb8b1
Fix missed deprecated interface usage from the cert patch. Add back a few rolecap tags.
2010-09-10 11:31:00 -04:00