Disable transition from dbus_session_domain to telepathy for F14
Allow boinc_project to use shm
Allow certmonger to search through directories that contain certs
Allow fail2ban the DAC Override so it can read log files owned by non root users
Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Squash with 84812bc8dd814709734c2b6d1ef2ff2b84adc35d
Syntax error.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
This is a role capability.
This is a role capability.
This is a role capability.
This is a role capability.
This is a role capability.
This is a role capability.
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fprintd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.
Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.
As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.
Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
The latest revision of the labeled policy patches which enable both labeled
and unlabeled policy support for NetLabel. This revision takes into account
Chris' feedback from the first version and reduces the number of interface
calls in each domain down to two at present: one for unlabeled access, one for
NetLabel access. The older, transport layer specific interfaces, are still
present for use by third-party modules but are not used in the default policy
modules.
trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
This patch changes the policy to use the netmsg initial SID as the "base"
SID/context for NetLabel packets which only have MLS security attributes.
Currently we use the unlabeled initial SID which makes it very difficult to
distinquish between actual unlabeled packets and those packets which have MLS
security attributes.