rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
2,615 Commits 8 Branches 92 Tags 37 MiB
46e16a2d2a
Commit Graph

965 Commits

Author SHA1 Message Date
Chris PeBenito
064d1b469e Rename rtkit_schedule() to rtkit_scheduled(). 2010-03-22 09:54:58 -04:00
Chris PeBenito
e13a9ef5fe Module version bump for ac19f1a. 2010-03-22 08:59:04 -04:00
Chris PeBenito
c7a4cf3179 Module version bump for 9681df1. 2010-03-22 08:58:41 -04:00
Chris PeBenito
32103f250f Module version bump for d3b5907. 2010-03-22 08:58:20 -04:00
Chris PeBenito
340af119b0 Minor tweaks on icecast. 2010-03-22 08:56:32 -04:00
Jeremy Solt
584dfaca45 icecast policy from Dan Walsh 
Fixed some style and spacing issues
Replace manage_var_run interface with manage_pid_files with fewer permissions
Replaced rkit_daemon_system_domain with rtkit_schedule
 2010-03-22 08:49:54 -04:00
Jeremy Solt
ac19f1ac26 rtkit patch from Dan Walsh: 
rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
Needs sys_nice capability
Needs to getsched on all domains.
Fix bug in te file

Me:
changed interface name from rtkit_daemon_system_domain to rtkit_schedule
Already had sys_nice capability
 2010-03-22 08:41:42 -04:00
Jeremy Solt
9681df1c8d postgresql patch from Dan Walsh: 
"File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info"

Moved signal interface for style.
 2010-03-22 08:39:15 -04:00
Jeremy Solt
d3b5907ea4 openvpn needs ipc_lock capability, connects to http ports, 
and manages net_conf_t files - from Dan Walsh
 2010-03-22 08:36:47 -04:00
Chris PeBenito
47293bd8d6 Tftp patch from Dan Walsh. 2010-03-19 15:56:14 -04:00
Chris PeBenito
788ba75491 Uucp patch from Dan Walsh. 2010-03-19 15:49:12 -04:00
Chris PeBenito
bed0a44560 Zebra patch from Dan Walsh. 2010-03-19 15:45:25 -04:00
Chris PeBenito
bc31d12725 Libraries patch from Dan Walsh. 2010-03-19 14:21:23 -04:00
Chris PeBenito
0d86ea1d7b Xen patch from Dan Walsh. 2010-03-19 11:54:50 -04:00
Chris PeBenito
b60df9f57d Getty patch from Dan Walsh. 2010-03-19 11:05:56 -04:00
Chris PeBenito
1fa92b8a55 Sysnetwork patch from Dan Walsh. 2010-03-18 15:40:04 -04:00
Chris PeBenito
ddd786e404 Init patch from Dan Walsh. 2010-03-18 10:19:49 -04:00
Chris PeBenito
153ed8751a Authlogin patch from Dan Walsh. 2010-03-18 08:59:25 -04:00
Chris PeBenito
4fbcd778de Iptables patch from Dan Walsh. 2010-03-18 08:10:21 -04:00
Chris PeBenito
a124c0a81f Udev patch from Dan Walsh. 2010-03-17 15:17:48 -04:00
Chris PeBenito
7a8807b627 Logging patch from Dan Walsh. 2010-03-17 14:40:06 -04:00
Chris PeBenito
90e65feca5 Ipsec patch from Dan Walsh. 2010-03-17 13:52:07 -04:00
Chris PeBenito
d13c6758a4 Modutils patch from Dan Walsh. 2010-03-17 11:59:14 -04:00
Chris PeBenito
0417386142 Kernel patch from Dan Walsh. 2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502 Domain patch from Dan Walsh. 2010-03-17 10:02:07 -04:00
Chris PeBenito
7b50b7053d Module version bump for 6a03548. 2010-03-17 09:42:46 -04:00
Jeremy Solt
6a035482dc amavis uses uptime which reads utmp, and reads certs - from Dan Walsh 2010-03-17 09:41:18 -04:00
Chris PeBenito
827060cb04 Style fixes and module version bumps for 38fc1bd. 2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180 Likewise policy. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-03-17 08:48:45 -04:00
Chris PeBenito
2a62db7883 Module version bump for 414a570. 2010-03-16 15:28:36 -04:00
Jeremy Solt
414a5704df fetchmail executes programs in bin (uname), from Dan Walsh 2010-03-16 15:27:40 -04:00
Chris PeBenito
e8871c2092 Add additional documentation to kernel_request_load_module(). 2010-03-16 15:08:00 -04:00
Chris PeBenito
5911f3dbca Module version bump for 935151a. 2010-03-16 14:35:09 -04:00
Chris PeBenito
c6491af860 Module version bump for d12f18e. 2010-03-16 14:34:50 -04:00
Chris PeBenito
9a59893e5a Module version bump for d7ec247. 2010-03-16 14:34:23 -04:00
Chris PeBenito
9570fc108e Module version bump for 591af7b. 2010-03-16 14:34:05 -04:00
Chris PeBenito
ce693cbbec Module version bump for ae07c9e. 2010-03-16 14:33:43 -04:00
Chris PeBenito
1656bf730f Whitespace fixes in mailman. 2010-03-16 13:51:51 -04:00
Jeremy Solt
935151afcd Change kernel_load_module to kernel_request_load_module for howl from Dan Walsh 2010-03-16 13:44:55 -04:00
Jeremy Solt
d12f18e452 Change kernel_load_module to kernel_request_load_module from Dan Walsh 2010-03-16 13:44:52 -04:00
Jeremy Solt
d7ec24785b File context update for certmaster from Dan Walsh 2010-03-16 13:44:50 -04:00
Jeremy Solt
591af7be0c file context updates from Dan Walsh 2010-03-16 13:44:48 -04:00
Jeremy Solt
ae07c9e2e8 Screen needs to setattr on user_ttydevice_t from Dan Walsh 2010-03-16 13:36:45 -04:00
Chris PeBenito
fad6e761bf Whitespace fix for mcelog. 2010-03-16 13:15:38 -04:00
Chris PeBenito
fce868d074 Module version bump for f7d413a. 2010-03-16 13:15:00 -04:00
Chris PeBenito
bf140fc32c Rearrange interfaces in fail2ban. 2010-03-16 13:14:46 -04:00
Chris PeBenito
580279da88 Module version bump for 74b51e6. 2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7 Whitespace fixes for smoltclient. 2010-03-16 13:11:53 -04:00
Chris PeBenito
ba1c45337b Module version bump for 3137148. 2010-03-16 13:10:14 -04:00
Jeremy Solt
1484157201 mcelog policy from Dan Walsh 
Me: Removed permissive line, and fixed a couple style issues
 2010-03-16 11:47:07 -04:00
Jeremy Solt
f7d413af27 fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh 
Did not include dontaudit_leaks interface
Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set
 2010-03-16 11:44:35 -04:00
Jeremy Solt
74b51e6db2 Firstboot sends dbus messages from Dan Walsh 
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
 2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd Policy for smolt sendProfile client from Dan Walsh 2010-03-16 11:37:56 -04:00
Jeremy Solt
31371480b0 Run interface for ptchown from Dan Walsh 2010-03-16 11:34:58 -04:00
Chris PeBenito
37e2499ed1 Module version bump for 1d3d00b. 2010-03-12 11:43:09 -05:00
Chris PeBenito
ce0570dc6d Module version bump for e172614. 2010-03-12 11:42:28 -05:00
Chris PeBenito
7af0e9bc95 Filesystem patch from Dan Walsh. 2010-03-12 11:40:59 -05:00
Chris PeBenito
9e506eb236 Rearrange lines in alsa an mysql. 2010-03-12 08:59:23 -05:00
Chris PeBenito
e172614b57 Whitespace cleanup on mysql.if. 2010-03-12 08:55:34 -05:00
Jeremy Solt
1d3d00b279 Manage alsa writable config files interface from Dan Walsh 
Moved term_dontaudit_use_console for style.
 2010-03-12 08:54:29 -05:00
Jeremy Solt
12a6a53f63 mysql policy from Dan Walsh 
My changes to patch:
A couple changes to match style.
Removed files_dontaudit_search_all_mountpoints(mysqld_safe_t), it doesn't exist in refpolicy
 2010-03-12 08:54:29 -05:00
Chris PeBenito
2f0e3a4e7e Raid patch from Dan Walsh. 2010-03-09 15:33:29 -05:00
Chris PeBenito
30496b1575 Iscsi and tgtd patches from Dan Walsh. 2010-03-09 15:17:16 -05:00
Chris PeBenito
939eaf2f13 Fstools patch from Dan Walsh. 2010-03-09 14:32:17 -05:00
Chris PeBenito
d0a6df5c47 Miscfiles patch from Dan Walsh. 2010-03-09 10:44:55 -05:00
Chris PeBenito
547d62ea9e Module version bump for ddae1cc. 2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec Creates sock files in /tmp, reads network state. - From Dan Walsh 
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
 2010-03-09 09:32:23 -05:00
Chris PeBenito
bd063de6c4 Fix another corenetwork typo. 2010-03-08 11:04:40 -05:00
Chris PeBenito
6f9c3c4895 Module version bump for 42fa15b. 2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa Module version bump for 3fcdc39. 2010-03-08 10:02:58 -05:00
Chris PeBenito
5dac50953f Module version bump for cf3da95. 2010-03-08 10:02:34 -05:00
Chris PeBenito
e2e1b6721b Minor style fixes. 2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75 Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh 2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764 shorewall log file from Dan Walsh 2010-03-08 09:34:37 -05:00
Jeremy Solt
cf3da95084 Allow cdrecord_t to execute bin_t from Dan Walsh 
growisofs executes mkisofs
 2010-03-08 09:34:37 -05:00
Chris PeBenito
4af2b3fb98 Add back missing s0 on network_port(). 2010-03-08 07:59:56 -05:00
Chris PeBenito
09b92dcc3c Guest patch from Dan Walsh. 2010-03-05 14:09:49 -05:00
Chris PeBenito
9c709c46a1 Corenetwork patch from Dan Walsh. 2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b Corecommands patch from Dan Walsh. 2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc Devices patch from Dan Walsh. 2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba Storage patch from Dan Walsh. 2010-03-04 14:23:44 -05:00
Dominick Grift
183f79e38e Fix cobbler_admin interface to require cobblerd_initrc_exec_t. 
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-03-04 14:12:41 -05:00
Chris PeBenito
eeb7616f5e Corenetwork patch from Dan Walsh. 2010-03-04 13:50:46 -05:00
Chris PeBenito
1112a5bc20 Module version bump for be47d75. 2010-03-04 09:18:04 -05:00
Chris PeBenito
ec0205ff73 Module version bump for e1e78df. 2010-03-04 09:18:04 -05:00
Chris PeBenito
b7070a9f3d Module version bump for 52b215f. 2010-03-04 09:18:04 -05:00
Chris PeBenito
cb6385d0ba Module version bump for cf5e81d. 2010-03-04 09:18:04 -05:00
Chris PeBenito
c4faa1db8e Module version bump for 96b7e9f. 2010-03-04 09:18:04 -05:00
Chris PeBenito
812f30af02 Module version bump for a005018. 2010-03-04 09:18:04 -05:00
Chris PeBenito
4931c57e4b Add additional comments for e1e78df. 2010-03-04 09:18:04 -05:00
Jeremy Solt
4d2680e508 hotplug transition to brctl from Dan Walsh 2010-03-04 09:18:04 -05:00
Jeremy Solt
9a1f0d21e1 Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim 
Patch from Dan Walsh
 2010-03-04 09:18:03 -05:00
Jeremy Solt
15ae77bd77 Domain transition for apmd to vbetool from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt
6a9ef9e852 gen_require typo fix in dbadm.if from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt
a739053cf5 Changed amavis_initrc_domtrans domain summary to match style. 2010-03-04 09:18:03 -05:00
Jeremy Solt
6665c3c768 Changed arpwatch_initrc_domtrans domain summary to match style. 
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
 2010-03-04 09:18:03 -05:00
Dominick Grift
d783374bc9 Various arpwatch fixes. 
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-03-04 09:18:03 -05:00
Jeremy Solt
6eed0aa57c Modified apcupsd_initrc_domtrans interface summary to match style. 
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
 2010-03-04 09:18:03 -05:00
Dominick Grift
eda6417669 Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes. 
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-03-04 09:18:03 -05:00
Jeremy Solt
3b814894c7 Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake). 
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
 2010-03-04 09:18:02 -05:00