Dan Walsh
2968e06818
Update f14
2010-08-26 12:55:57 -04:00
Dan Walsh
a947daf6df
Update f14
2010-08-26 10:27:35 -04:00
Dan Walsh
3eaa993945
UPdate for f14 policy
2010-08-26 09:41:21 -04:00
Chris PeBenito
00ca404a20
Remove unnecessary require on cgroup_admin().
2010-08-09 09:10:24 -04:00
Chris PeBenito
d687db9b42
Whitespace fixes on cgroup.
2010-08-09 08:52:39 -04:00
Dominick Grift
61d7ee58a4
Confine /sbin/cgclear.
...
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-09 08:47:15 -04:00
Dominick Grift
288845a638
Services layer xml files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:29 -04:00
Chris PeBenito
8da88970be
Accountsd cleanup.
2010-08-03 09:50:40 -04:00
Chris PeBenito
d0eebed0b7
Move accountsd to services.
2010-08-03 09:31:53 -04:00
Chris PeBenito
a7ee7f819a
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 09:20:22 -04:00
Chris PeBenito
9d4395a736
MojoMojo from Lain Arnell.
2010-08-02 09:28:06 -04:00
Chris PeBenito
a72e42f485
Interface documentation standardization patch from Dan Walsh.
2010-08-02 09:22:09 -04:00
Chris PeBenito
29f3bfa464
Fix JIT usage for freshclam.
...
http://marc.info/?l=selinux&m=127893898208934&w=2
2010-07-13 08:39:54 -04:00
Chris PeBenito
4b76ea5f51
Module version bump for fa1847f
.
2010-07-12 14:02:18 -04:00
Dominick Grift
fa1847f4a2
Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-09 09:43:04 -04:00
Chris PeBenito
3c4e9fce8e
Make spamassassin optional for milter, from Russell Coker.
2010-07-07 08:55:57 -04:00
Chris PeBenito
bca0cdb86e
Remove duplicate/redundant rules, from Russell Coker.
2010-07-07 08:41:20 -04:00
Chris PeBenito
1db1836ab9
Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role().
2010-07-06 13:17:05 -04:00
Dominick Grift
7e5463b58c
fix cgroup_admin
...
When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-01 09:02:58 -04:00
Chris PeBenito
113d2e023d
Minor tweaks and module version bump for a00fc1c
.
2010-06-25 09:51:34 -04:00
Dominick Grift
a00fc1c317
hddtemp fixes.
...
Clean up network control section.
Implement hddtemp_etc_t for /etc/sysconfig/hddtemp. The advantages are:
- hddtemp_t no longer needs access to read all generic etc_t files.
- allows us to implement a meaningful hddtemp_admin()
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-25 09:43:54 -04:00
Chris PeBenito
9a4d292902
Netutils patch from Dan Walsh.
...
ping gets leaked log descriptor from nagios.
Label send_arp as ping_exec_t
2010-06-17 10:16:19 -04:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
5c942ceb83
AFS patch from Dan Walsh.
2010-06-10 08:08:23 -04:00
Chris PeBenito
b521229560
Abrt patch from Dan Walsh.
...
Abrt uses /var/spool/abrt now and changed the name of its lock
Now uses a stream socket
Installs debuginfo packages
sys_nice itself
2010-06-10 07:58:00 -04:00
Chris PeBenito
53f9abbe68
Clean up cgroup. Rename cgconfigparser to cgconfig.
2010-06-08 09:15:41 -04:00
Chris PeBenito
0041a78ef7
Remove cgroup_t usage in cgroup_admin() since it is not owned by the module.
2010-06-08 09:12:03 -04:00
Chris PeBenito
04dcd73fe3
Whitespace fixes in cgroup and init.
2010-06-08 08:47:26 -04:00
Dominick Grift
ddf821332f
add libcg policy.
...
Libcgroup automates cgroup management.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-08 08:38:22 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Chris PeBenito
7934ac10d3
Module version bump for 1184392 and more.
...
* module version bump
* make apache and unconfined portions optiona
* rearrange lines
2010-05-24 13:08:09 -04:00
Chris PeBenito
ca28376c4d
Module version bump for 7942f7f.
2010-05-24 13:08:09 -04:00
Chris PeBenito
bdf5e19931
Module version bump for 383bd32.
2010-05-24 13:08:09 -04:00
Chris PeBenito
63583f4e29
Module version bump for f61ef24.
2010-05-24 13:08:09 -04:00
Chris PeBenito
a107f875bd
Remove redundant optional and libs_* calls in clogd.
2010-05-24 13:08:08 -04:00
Chris PeBenito
dcb7227286
Module version bump for 51ad76f.
2010-05-24 13:08:08 -04:00
Jeremy Solt
6430c79a29
whitespace fix for clogd
2010-05-24 13:08:08 -04:00
Jeremy Solt
6055ab8d1d
clogd policy from Dan Walsh
...
edits:
- style and whitespace fixes
- removed read_lnk_files_pattern from shm interface
- removed permissive line
2010-05-24 13:08:08 -04:00
Jeremy Solt
7a8e6a8fba
whitespace fixes for cluster suite patch
2010-05-24 13:08:08 -04:00
Jeremy Solt
21d23c878e
Removed unnecessary comments
...
Removed 'SELinux policy for' from policy summaries
Removed rgmanager interface for semaphores (doesn't appear to be needed or used)
Removed redundant calls to libs_use_ld_so and libs_use_shared_libs
Fixed rhcs interface names to match naming rules
Merged tmpfs and semaphore/shm interfaces
2010-05-24 13:08:08 -04:00
Jeremy Solt
538cf9ab83
Redhat Cluster Suite Policy from Dan Walsh
...
Edits:
- Style and whitespace fixes
- Removed interfaces for default_t from ricci.te - this didn't seem right
- Removed link files from rgmanager_manage_tmpfs_files
- Removed rdisc.if patch. it was previously committed
- Not including kernel_kill interface call for rgmanager
- Not including ldap interfaces in rgmanager.te (currently not in refpolicy)
- Not including files_create_var_run_dirs call for rgmanager (not in refpolicy)
2010-05-24 13:08:08 -04:00
Jeremy Solt
37194ac055
dnsmasq patch from Dan Walsh
...
- cron_manage_pid_files call removed until further explanation
2010-05-24 13:08:07 -04:00
Jeremy Solt
4ac0cd30fa
Remove nagios_rw_inherited_tmp_files interface
2010-05-24 13:08:07 -04:00
Jeremy Solt
99bbe34881
Nagios patch from Dan Walsh
...
Edits:
- Removed permissive lines
- Removed tunable for broken symptoms
- Style and whitespace fixes
2010-05-24 13:08:07 -04:00
Jeremy Solt
599e8ff702
Create type and allow squid to manage its own tmpfs files
2010-05-24 13:08:07 -04:00
Jeremy Solt
d86c09846b
squid patch from Dan Walsh
...
Edits:
- Added netport to corenetwork.te.in
2010-05-24 13:08:07 -04:00
Jeremy Solt
fb543d0df1
remove rules for nx_server_home_ssh_t since they are already provided by the ssh template
2010-05-24 13:08:07 -04:00
Jeremy Solt
316cdb1d0d
nx patch from Dan Walsh
...
Edits:
- Style and whitespace fixes
- Removed read_lnk_files_pattern from nx_read_home_files
- Delete declaration of nx_server_home_ssh_t and files_type since the template already does this
2010-05-24 13:08:07 -04:00
Chris PeBenito
d9e4cbd2ce
Postfix patch from Dan Walsh.
2010-05-21 08:56:49 -04:00
Chris PeBenito
9ea85eaa8b
Sendmail patch from Dan Walsh.
2010-05-20 08:36:38 -04:00
Chris PeBenito
b276e36914
Procmail patch from Dan Walsh.
2010-05-20 08:17:06 -04:00
Chris PeBenito
e19b8d1c2e
MTA patch from Dan Walsh.
2010-05-19 09:00:39 -04:00
Chris PeBenito
088b65e52b
SSH patch from Dan Walsh.
2010-05-19 08:31:17 -04:00
Chris PeBenito
4e698b0fca
Cups patch from Dan Walsh.
2010-05-18 10:59:37 -04:00
Chris PeBenito
1b2f08ea10
Abrt patch from Dan Walsh.
2010-05-18 10:18:12 -04:00
Chris PeBenito
e9e43f04b3
Plymouthd policy from Dan Walsh.
2010-05-18 09:54:18 -04:00
Chris PeBenito
b0c2cae14a
Hal patch from Dan Walsh.
...
Lots of random access for hal.
2010-05-18 09:06:36 -04:00
Chris PeBenito
299db7080c
CVS patch from Dan Walsh.
...
cvs needs dac_override when it tries to read shadow
2010-05-14 10:24:11 -04:00
Chris PeBenito
bcc6e65421
SETroubleshoot patch from Dan Walsh.
...
Policy to handle the fixit button in setroubleshoot.
2010-05-13 13:22:53 -04:00
Chris PeBenito
ada61e1529
Asterisk patch from Dan Walsh.
...
asterisk_manage_lib_files(logrotate_t)
asterisk_exec(logrotate_t)
Needs net_admin
Drops capabilities
connects to unix_stream
execs itself
Requests kernel load modules
Execs shells
Connects to postgresql and snmp ports
Reads urand and generic usb devices
Has mysql and postgresql back ends
sends mail
2010-05-13 11:35:58 -04:00
Chris PeBenito
24e0b9b3a4
Munin patch from Dan Walsh.
2010-05-13 11:20:54 -04:00
Chris PeBenito
27afb97c29
Minor fixes on a2524cf
. Module version bump.
2010-05-11 08:33:04 -04:00
Chris PeBenito
aeb7a4e180
Whitespace fixes on cobbler.
2010-05-11 08:23:02 -04:00
Jeremy Solt
a2524cfa77
cobbler patch from Dan Walsh
2010-05-11 08:17:33 -04:00
Chris PeBenito
fb3fc9e4f0
Cyrus patch from Dan Walsh.
2010-05-03 15:14:50 -04:00
Chris PeBenito
4804cd43a0
Clamav patch from Dan Walsh.
2010-05-03 15:01:35 -04:00
Chris PeBenito
d8eb3c71c6
Dovecot patch from Dan Walsh.
2010-05-03 14:37:19 -04:00
Chris PeBenito
baea7b1dc6
Networkmanager patch from Dan Walsh.
2010-05-03 14:01:26 -04:00
Chris PeBenito
a3108c60c0
Consolekit patch from Dan Walsh.
2010-05-03 10:21:48 -04:00
Chris PeBenito
b0076a1413
Arpwatch patch from Dan Walsh.
2010-05-03 09:49:33 -04:00
Chris PeBenito
98ac98623c
Dbus patch from Dan Walsh.
2010-05-03 09:34:42 -04:00
Chris PeBenito
61738f11ec
Devicekit patch from Dan Walsh.
2010-05-03 09:01:46 -04:00
Chris PeBenito
87a9469fc9
Add networking rules for spamd to connect to mysql/postgresql over the network, from Chris St. Pierre.
2010-04-27 10:31:47 -04:00
Chris PeBenito
45696ab282
Add missing secmark rules in ntop, from Dominick Grift.
2010-04-27 09:31:30 -04:00
Chris PeBenito
a53c6c65a4
FTP patch from Dan Walsh.
2010-04-26 15:15:23 -04:00
Chris PeBenito
d7ebbd9d22
Module version bump for 34838aa
.
2010-04-26 13:40:21 -04:00
Jeremy Solt
34838aa62a
Samba patch from Dan Walsh
...
- signal interfaces
- fusefs support
- bug 566984: getattrs on all blk and chr files
Did not include:
- changes related to samba_unconfined_script_t and samba_unconfined_net_t
- samba_helper_template (didn't appear to be used)
- manage_lnk_files_pattern in samba_manage_var_files
- signal allow rule in samba_domtrans_winbind_helper
- samba_role_notrans
- userdom_manage_user_home_content
Some style and spacing fixes
2010-04-26 13:28:21 -04:00
Chris PeBenito
05a2e3e2d7
Lircd patch from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
e07fbc004d
Add DenyHosts from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
44b3808ba5
Djbdns patch from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
5c3274d7bf
Module version bump for 4b121a5
.
2010-04-19 10:23:11 -04:00
Chris PeBenito
46879922d8
Additional whitespace fix in nis.
2010-04-19 10:20:19 -04:00
Jeremy Solt
f49fc19e5a
Style changes
2010-04-19 10:19:46 -04:00
Jeremy Solt
4b121a5f53
nis patch from Dan Walsh
...
Made a couple style changes.
Removed unnecessary require in nis_use_ypbind interface
2010-04-19 10:19:44 -04:00
Chris PeBenito
da5940411c
Additional whitespace fixes in certmonger.
2010-04-19 10:17:24 -04:00
Jeremy Solt
0e5494a3d9
Fix some whitespace and style issues.
2010-04-19 10:07:20 -04:00
Jeremy Solt
33793ec2ce
certmonger policy from Dan Walsh
...
Removed manage_var_run and manage_var_lib interfaces
Added missing requires to admin interface
Removed permissive line
Fixed some spacing / style issues
2010-04-19 10:07:17 -04:00
Chris PeBenito
86ff008754
Module version bump for 4f7b413
.
2010-04-19 10:05:22 -04:00
Jeremy Solt
e6e2a769ac
Remove excess white space from ntop.te
...
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt
4f7b413cdc
Ntop policy from Dan Walsh
...
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito
98759716fe
Module version bump for 46e16a2
.
2010-04-19 09:54:13 -04:00
Jeremy Solt
d86d4f6069
Move optional policy to correct location for style
2010-04-19 09:50:42 -04:00
Jeremy Solt
01bfe1d20e
kerberos patch from Dan Walsh
2010-04-19 09:50:39 -04:00
KaiGai Kohei
ec8d32c8e9
[BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)
...
I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.
In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.
And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.
2010-04-12 10:37:21 -04:00
Chris PeBenito
23ad802a9d
Module version bump for 5d3214f
and 795b733
.
2010-04-12 10:01:39 -04:00
Jeremy Solt
795b733a71
pcscd patch from Dan Walsh: manage pub files and fifo files
2010-04-12 09:10:37 -04:00
Jeremy Solt
5d3214f5a9
gpsd path from Dan Walsh
2010-04-12 09:07:50 -04:00
Dominick Grift
91b12ad94c
Move kernel_request_load_module(gssd_t) to the proper place.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:22 -04:00
Dominick Grift
6d9925c872
Fix requires for apache tmp interfaces.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:12 -04:00
Chris PeBenito
b577852a98
Portreserve patch from Dan Walsh.
2010-04-05 14:50:23 -04:00