Commit Graph

693 Commits

Author SHA1 Message Date
Dan Walsh
2968e06818 Update f14 2010-08-26 12:55:57 -04:00
Dan Walsh
a947daf6df Update f14 2010-08-26 10:27:35 -04:00
Dan Walsh
3eaa993945 UPdate for f14 policy 2010-08-26 09:41:21 -04:00
Chris PeBenito
00ca404a20 Remove unnecessary require on cgroup_admin(). 2010-08-09 09:10:24 -04:00
Chris PeBenito
d687db9b42 Whitespace fixes on cgroup. 2010-08-09 08:52:39 -04:00
Dominick Grift
61d7ee58a4 Confine /sbin/cgclear.
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-09 08:47:15 -04:00
Dominick Grift
288845a638 Services layer xml files.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:29 -04:00
Chris PeBenito
8da88970be Accountsd cleanup. 2010-08-03 09:50:40 -04:00
Chris PeBenito
d0eebed0b7 Move accountsd to services. 2010-08-03 09:31:53 -04:00
Chris PeBenito
a7ee7f819a Docs standardizing on the role portion of run interfaces. Additional docs cleanup. 2010-08-03 09:20:22 -04:00
Chris PeBenito
9d4395a736 MojoMojo from Lain Arnell. 2010-08-02 09:28:06 -04:00
Chris PeBenito
a72e42f485 Interface documentation standardization patch from Dan Walsh. 2010-08-02 09:22:09 -04:00
Chris PeBenito
29f3bfa464 Fix JIT usage for freshclam.
http://marc.info/?l=selinux&m=127893898208934&w=2
2010-07-13 08:39:54 -04:00
Chris PeBenito
4b76ea5f51 Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
Dominick Grift
fa1847f4a2 Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-09 09:43:04 -04:00
Chris PeBenito
3c4e9fce8e Make spamassassin optional for milter, from Russell Coker. 2010-07-07 08:55:57 -04:00
Chris PeBenito
bca0cdb86e Remove duplicate/redundant rules, from Russell Coker. 2010-07-07 08:41:20 -04:00
Chris PeBenito
1db1836ab9 Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
Dominick Grift
7e5463b58c fix cgroup_admin
When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-01 09:02:58 -04:00
Chris PeBenito
113d2e023d Minor tweaks and module version bump for a00fc1c. 2010-06-25 09:51:34 -04:00
Dominick Grift
a00fc1c317 hddtemp fixes.
Clean up network control section.
Implement hddtemp_etc_t for /etc/sysconfig/hddtemp. The advantages are:
- hddtemp_t no longer needs access to read all generic etc_t files.
- allows us to implement a meaningful hddtemp_admin()

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-25 09:43:54 -04:00
Chris PeBenito
9a4d292902 Netutils patch from Dan Walsh.
ping gets leaked log descriptor from nagios.

Label send_arp as ping_exec_t
2010-06-17 10:16:19 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
5c942ceb83 AFS patch from Dan Walsh. 2010-06-10 08:08:23 -04:00
Chris PeBenito
b521229560 Abrt patch from Dan Walsh.
Abrt uses /var/spool/abrt now and changed the name of its lock

Now uses a stream socket

Installs debuginfo packages

sys_nice itself
2010-06-10 07:58:00 -04:00
Chris PeBenito
53f9abbe68 Clean up cgroup. Rename cgconfigparser to cgconfig. 2010-06-08 09:15:41 -04:00
Chris PeBenito
0041a78ef7 Remove cgroup_t usage in cgroup_admin() since it is not owned by the module. 2010-06-08 09:12:03 -04:00
Chris PeBenito
04dcd73fe3 Whitespace fixes in cgroup and init. 2010-06-08 08:47:26 -04:00
Dominick Grift
ddf821332f add libcg policy.
Libcgroup automates cgroup management.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-08 08:38:22 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
7934ac10d3 Module version bump for 1184392 and more.
* module version bump
* make apache and unconfined portions optiona
* rearrange lines
2010-05-24 13:08:09 -04:00
Chris PeBenito
ca28376c4d Module version bump for 7942f7f. 2010-05-24 13:08:09 -04:00
Chris PeBenito
bdf5e19931 Module version bump for 383bd32. 2010-05-24 13:08:09 -04:00
Chris PeBenito
63583f4e29 Module version bump for f61ef24. 2010-05-24 13:08:09 -04:00
Chris PeBenito
a107f875bd Remove redundant optional and libs_* calls in clogd. 2010-05-24 13:08:08 -04:00
Chris PeBenito
dcb7227286 Module version bump for 51ad76f. 2010-05-24 13:08:08 -04:00
Jeremy Solt
6430c79a29 whitespace fix for clogd 2010-05-24 13:08:08 -04:00
Jeremy Solt
6055ab8d1d clogd policy from Dan Walsh
edits:
 - style and whitespace fixes
 - removed read_lnk_files_pattern from shm interface
 - removed permissive line
2010-05-24 13:08:08 -04:00
Jeremy Solt
7a8e6a8fba whitespace fixes for cluster suite patch 2010-05-24 13:08:08 -04:00
Jeremy Solt
21d23c878e Removed unnecessary comments
Removed 'SELinux policy for' from policy summaries
Removed rgmanager interface for semaphores (doesn't appear to be needed or used)
Removed redundant calls to libs_use_ld_so and libs_use_shared_libs
Fixed rhcs interface names to match naming rules
Merged tmpfs and semaphore/shm interfaces
2010-05-24 13:08:08 -04:00
Jeremy Solt
538cf9ab83 Redhat Cluster Suite Policy from Dan Walsh
Edits:
 - Style and whitespace fixes
 - Removed interfaces for default_t from ricci.te - this didn't seem right
 - Removed link files from rgmanager_manage_tmpfs_files
 - Removed rdisc.if patch. it was previously committed
 - Not including kernel_kill interface call for rgmanager
 - Not including ldap interfaces in rgmanager.te (currently not in refpolicy)
 - Not including files_create_var_run_dirs call for rgmanager (not in refpolicy)
2010-05-24 13:08:08 -04:00
Jeremy Solt
37194ac055 dnsmasq patch from Dan Walsh
- cron_manage_pid_files call removed until further explanation
2010-05-24 13:08:07 -04:00
Jeremy Solt
4ac0cd30fa Remove nagios_rw_inherited_tmp_files interface 2010-05-24 13:08:07 -04:00
Jeremy Solt
99bbe34881 Nagios patch from Dan Walsh
Edits:
- Removed permissive lines
- Removed tunable for broken symptoms
- Style and whitespace fixes
2010-05-24 13:08:07 -04:00
Jeremy Solt
599e8ff702 Create type and allow squid to manage its own tmpfs files 2010-05-24 13:08:07 -04:00
Jeremy Solt
d86c09846b squid patch from Dan Walsh
Edits:
 - Added netport to corenetwork.te.in
2010-05-24 13:08:07 -04:00
Jeremy Solt
fb543d0df1 remove rules for nx_server_home_ssh_t since they are already provided by the ssh template 2010-05-24 13:08:07 -04:00
Jeremy Solt
316cdb1d0d nx patch from Dan Walsh
Edits:
 - Style and whitespace fixes
 - Removed read_lnk_files_pattern from nx_read_home_files
 - Delete declaration of nx_server_home_ssh_t and files_type since the template already does this
2010-05-24 13:08:07 -04:00
Chris PeBenito
d9e4cbd2ce Postfix patch from Dan Walsh. 2010-05-21 08:56:49 -04:00
Chris PeBenito
9ea85eaa8b Sendmail patch from Dan Walsh. 2010-05-20 08:36:38 -04:00
Chris PeBenito
b276e36914 Procmail patch from Dan Walsh. 2010-05-20 08:17:06 -04:00
Chris PeBenito
e19b8d1c2e MTA patch from Dan Walsh. 2010-05-19 09:00:39 -04:00
Chris PeBenito
088b65e52b SSH patch from Dan Walsh. 2010-05-19 08:31:17 -04:00
Chris PeBenito
4e698b0fca Cups patch from Dan Walsh. 2010-05-18 10:59:37 -04:00
Chris PeBenito
1b2f08ea10 Abrt patch from Dan Walsh. 2010-05-18 10:18:12 -04:00
Chris PeBenito
e9e43f04b3 Plymouthd policy from Dan Walsh. 2010-05-18 09:54:18 -04:00
Chris PeBenito
b0c2cae14a Hal patch from Dan Walsh.
Lots of random access for hal.
2010-05-18 09:06:36 -04:00
Chris PeBenito
299db7080c CVS patch from Dan Walsh.
cvs needs dac_override when it tries to read shadow
2010-05-14 10:24:11 -04:00
Chris PeBenito
bcc6e65421 SETroubleshoot patch from Dan Walsh.
Policy to handle the fixit button in setroubleshoot.
2010-05-13 13:22:53 -04:00
Chris PeBenito
ada61e1529 Asterisk patch from Dan Walsh.
asterisk_manage_lib_files(logrotate_t)
    asterisk_exec(logrotate_t)

Needs net_admin

Drops capabilities
connects to unix_stream

execs itself

Requests kernel load modules

Execs shells

Connects to postgresql and snmp ports

Reads urand and generic usb devices

Has mysql and postgresql back ends
sends mail
2010-05-13 11:35:58 -04:00
Chris PeBenito
24e0b9b3a4 Munin patch from Dan Walsh. 2010-05-13 11:20:54 -04:00
Chris PeBenito
27afb97c29 Minor fixes on a2524cf. Module version bump. 2010-05-11 08:33:04 -04:00
Chris PeBenito
aeb7a4e180 Whitespace fixes on cobbler. 2010-05-11 08:23:02 -04:00
Jeremy Solt
a2524cfa77 cobbler patch from Dan Walsh 2010-05-11 08:17:33 -04:00
Chris PeBenito
fb3fc9e4f0 Cyrus patch from Dan Walsh. 2010-05-03 15:14:50 -04:00
Chris PeBenito
4804cd43a0 Clamav patch from Dan Walsh. 2010-05-03 15:01:35 -04:00
Chris PeBenito
d8eb3c71c6 Dovecot patch from Dan Walsh. 2010-05-03 14:37:19 -04:00
Chris PeBenito
baea7b1dc6 Networkmanager patch from Dan Walsh. 2010-05-03 14:01:26 -04:00
Chris PeBenito
a3108c60c0 Consolekit patch from Dan Walsh. 2010-05-03 10:21:48 -04:00
Chris PeBenito
b0076a1413 Arpwatch patch from Dan Walsh. 2010-05-03 09:49:33 -04:00
Chris PeBenito
98ac98623c Dbus patch from Dan Walsh. 2010-05-03 09:34:42 -04:00
Chris PeBenito
61738f11ec Devicekit patch from Dan Walsh. 2010-05-03 09:01:46 -04:00
Chris PeBenito
87a9469fc9 Add networking rules for spamd to connect to mysql/postgresql over the network, from Chris St. Pierre. 2010-04-27 10:31:47 -04:00
Chris PeBenito
45696ab282 Add missing secmark rules in ntop, from Dominick Grift. 2010-04-27 09:31:30 -04:00
Chris PeBenito
a53c6c65a4 FTP patch from Dan Walsh. 2010-04-26 15:15:23 -04:00
Chris PeBenito
d7ebbd9d22 Module version bump for 34838aa. 2010-04-26 13:40:21 -04:00
Jeremy Solt
34838aa62a Samba patch from Dan Walsh
- signal interfaces
 - fusefs support
 - bug 566984: getattrs on all blk and chr files

Did not include:
 - changes related to samba_unconfined_script_t and samba_unconfined_net_t
 - samba_helper_template (didn't appear to be used)
 - manage_lnk_files_pattern in samba_manage_var_files
 - signal allow rule in samba_domtrans_winbind_helper
 - samba_role_notrans
 - userdom_manage_user_home_content

Some style and spacing fixes
2010-04-26 13:28:21 -04:00
Chris PeBenito
05a2e3e2d7 Lircd patch from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito
e07fbc004d Add DenyHosts from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito
44b3808ba5 Djbdns patch from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito
5c3274d7bf Module version bump for 4b121a5. 2010-04-19 10:23:11 -04:00
Chris PeBenito
46879922d8 Additional whitespace fix in nis. 2010-04-19 10:20:19 -04:00
Jeremy Solt
f49fc19e5a Style changes 2010-04-19 10:19:46 -04:00
Jeremy Solt
4b121a5f53 nis patch from Dan Walsh
Made a couple style changes.
Removed unnecessary require in nis_use_ypbind interface
2010-04-19 10:19:44 -04:00
Chris PeBenito
da5940411c Additional whitespace fixes in certmonger. 2010-04-19 10:17:24 -04:00
Jeremy Solt
0e5494a3d9 Fix some whitespace and style issues. 2010-04-19 10:07:20 -04:00
Jeremy Solt
33793ec2ce certmonger policy from Dan Walsh
Removed manage_var_run and manage_var_lib interfaces
Added missing requires to admin interface
Removed permissive line
Fixed some spacing / style issues
2010-04-19 10:07:17 -04:00
Chris PeBenito
86ff008754 Module version bump for 4f7b413. 2010-04-19 10:05:22 -04:00
Jeremy Solt
e6e2a769ac Remove excess white space from ntop.te
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt
4f7b413cdc Ntop policy from Dan Walsh
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito
98759716fe Module version bump for 46e16a2. 2010-04-19 09:54:13 -04:00
Jeremy Solt
d86d4f6069 Move optional policy to correct location for style 2010-04-19 09:50:42 -04:00
Jeremy Solt
01bfe1d20e kerberos patch from Dan Walsh 2010-04-19 09:50:39 -04:00
KaiGai Kohei
ec8d32c8e9 [BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)
I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.

In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.

And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.
2010-04-12 10:37:21 -04:00
Chris PeBenito
23ad802a9d Module version bump for 5d3214f and 795b733. 2010-04-12 10:01:39 -04:00
Jeremy Solt
795b733a71 pcscd patch from Dan Walsh: manage pub files and fifo files 2010-04-12 09:10:37 -04:00
Jeremy Solt
5d3214f5a9 gpsd path from Dan Walsh 2010-04-12 09:07:50 -04:00
Dominick Grift
91b12ad94c Move kernel_request_load_module(gssd_t) to the proper place.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:22 -04:00
Dominick Grift
6d9925c872 Fix requires for apache tmp interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:12 -04:00
Chris PeBenito
b577852a98 Portreserve patch from Dan Walsh. 2010-04-05 14:50:23 -04:00