Commit Graph

3097 Commits

Author SHA1 Message Date
Dan Walsh
9461b60657 Add the ability to send audit messages to confined admin policies
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS
2010-09-15 11:31:20 -04:00
Miroslav Grepl
3b0a9c74bb Allow iscsid to manage tgtd semaphores 2010-09-15 16:50:07 +02:00
Chris PeBenito
fee48647ac Module version bump for c17ad38 5271920 2a2b6a7 01c4413 c4fbfae a831710
67effb0 483be01 c6c63f6 b0d8d59 5b082e4 b8097d6 689d954 5afc3d3 f3c5e77
a59e50c cf87233 17759c7 dc1db54 e9bf16d 4f95198 bf40792 622c63b c20842c
dc7cc4d 792d448
2010-09-15 10:42:34 -04:00
Jeremy Solt
792d44840c radvd patch from Dan Walsh 2010-09-15 09:14:55 -04:00
Jeremy Solt
dc7cc4d5c1 snort patch from Dan Walsh 2010-09-15 09:14:55 -04:00
Jeremy Solt
c20842caf8 stunnel patch from Dan Walsh 2010-09-15 09:14:55 -04:00
Jeremy Solt
622c63b4e3 zabbix patch from Dan Walsh 2010-09-15 09:14:55 -04:00
Jeremy Solt
bf40792ae5 zebra patch from Dan Walsh 2010-09-15 09:14:54 -04:00
Jeremy Solt
4f95198644 awstats patch from Dan Walsh 2010-09-15 09:14:54 -04:00
Jeremy Solt
e9bf16d2d9 certmaster patch from Dan Walsh 2010-09-15 09:14:54 -04:00
Jeremy Solt
dc1db5407a pcscd patch from Dan Walsh
Edit: removed the dev_list_sysfs call, dev_read_sysfs takes care of it
2010-09-15 09:14:54 -04:00
Jeremy Solt
17759c7326 postgresql patch from Dan Walsh 2010-09-15 09:14:54 -04:00
Jeremy Solt
cf872339b2 postgrey patch from Dan Walsh 2010-09-15 09:14:54 -04:00
Jeremy Solt
a59e50c12c prelude patch from Dan Walsh 2010-09-15 09:14:54 -04:00
Jeremy Solt
f3c5e77754 certwatch patch from Dan Walsh
Not including userdom_dontaudit_list_admin_dir - still no admin_home_t in refpolicy
2010-09-15 09:14:54 -04:00
Jeremy Solt
5afc3d3589 firstboot patch from Dan Walsh
Not including gnome_admin_home_gconf_filetrans - no admin_home_t in refpolicy
2010-09-15 09:14:54 -04:00
Jeremy Solt
689d95422f smoltclient patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
b8097d6ec4 amavis patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
5b082e4acf arpwatch patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
b0d8d59ff0 canna patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
c6c63f63c7 certmonger patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
483be01302 courier patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
67effb0450 dcc patch from Dan Walsh 2010-09-15 09:14:53 -04:00
Jeremy Solt
a831710a6a style change to djbdns.te 2010-09-15 09:14:52 -04:00
Jeremy Solt
c4fbfaecdd fetchmail patch from Dan Walsh 2010-09-15 09:14:52 -04:00
Jeremy Solt
01c441355e icecast patch from Dan Walsh 2010-09-15 09:14:52 -04:00
Jeremy Solt
2a2b6a79fa nslcd patch from Dan Walsh 2010-09-15 09:14:52 -04:00
Jeremy Solt
5271920764 nut patch from Dan Walsh 2010-09-15 09:14:52 -04:00
Jeremy Solt
c17ad385ac openct patch from Dan Walsh 2010-09-15 09:14:52 -04:00
Chris PeBenito
25d796ed37 Unconditional staff and user oidentd home config access from Dominick Grift. 2010-09-15 08:20:16 -04:00
Dominick Grift
941e3db567 Access for confined users to oidentd user home content is unconditional.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 08:05:41 -04:00
Dan Walsh
6dfe56b4e5 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-14 16:39:10 -04:00
Dan Walsh
43a0339db4 add labeling for /root/.debug 2010-09-14 15:29:18 -04:00
Dan Walsh
d7f2020c46 - Allow all domains that can use cgroups to search tmpfs_t directory
- Allow init to send audit messages
2010-09-14 15:18:34 -04:00
Miroslav Grepl
323c9f13bb Fixes for vmware-host policy 2010-09-14 19:28:55 +02:00
Dan Walsh
c2dae98501 Allow a couple of sandbox issues.
Remove postgresl managing of etc_files, until I find out why it is needed.
Dontaudit leaks from rpm to mount
2010-09-14 10:02:43 -04:00
Dan Walsh
4251ae1004 Add labels for /lib/readahead.
Add back gnome_setattr interface
2010-09-13 16:15:43 -04:00
Dan Walsh
5ef740e54b Fix gnome_setattr_config_home
Allow exec of sandbox_file_type by calling apps
Fix typos
2010-09-13 14:47:02 -04:00
Dan Walsh
3034a8d941 Fix some names in passenger policy 2010-09-13 10:26:10 -04:00
Miroslav Grepl
94820e4290 Move passenger policy to services 2010-09-13 15:10:30 +02:00
Dan Walsh
536f28a2bf Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-13 08:43:40 -04:00
Dan Walsh
1a40cbf63e Fix boolean descriptions 2010-09-13 08:43:35 -04:00
Miroslav Grepl
3a3212619a Allow dovecot-deliver to create tmp files
Allow tor to send signals to itself
2010-09-13 13:12:24 +02:00
Miroslav Grepl
d7de04f8d4 - Add passenger policy 2010-09-13 11:49:37 +02:00
Dan Walsh
366396d855 Fix cert calls in telepath, boinc, kerberos
Add sys_admin to xend to allow it to start
Add oident calls to staff_t
2010-09-10 13:18:49 -04:00
Dan Walsh
cab9bc9c58 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy; branch 'master' of http://oss.tresys.com/git/refpolicy
Conflicts:
	policy/modules/admin/amanda.if
	policy/modules/system/init.te
	policy/modules/system/miscfiles.if
	policy/modules/system/miscfiles.te
	policy/modules/system/userdomain.if
2010-09-10 13:02:25 -04:00
Dan Walsh
d7544f0d25 rename mdadm_map_t to mdadm_var_run_t 2010-09-10 12:14:25 -04:00
Dan Walsh
0b8f4cfe16 More fixes for mozilla_plugin_t
Allow telepathy domains to send themselves sigkill
Label /etc/httpd/alias/*db as cert_t
Allow fprintd to sys_nice
2010-09-10 12:10:13 -04:00
Chris PeBenito
da12b54802 Module version bumps for cert patch. 2010-09-10 11:31:22 -04:00
Chris PeBenito
e9d6dfb8b1 Fix missed deprecated interface usage from the cert patch. Add back a few rolecap tags. 2010-09-10 11:31:00 -04:00