Commit Graph

4520 Commits

Author SHA1 Message Date
Dominick Grift
7d1f5642b0 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-24 12:44:39 +02:00
Dominick Grift
7832131bae XML summary fixes.
XML summary fixes.
2010-09-24 12:44:37 +02:00
Dominick Grift
a25335e1fa Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-24 12:44:16 +02:00
Dominick Grift
4781493e45 Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
2010-09-24 12:44:16 +02:00
Dominick Grift
e2d9aa29c5 Source is x_domain and not xserver_t. Moving to x_domain local policy. 2010-09-24 12:44:16 +02:00
Dominick Grift
568349bd70 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.

The process and capability IPC goes on top of local policy.

The process and capability IPC goes on top of local policy.
2010-09-24 12:44:16 +02:00
Dominick Grift
daed45f480 Redundant: Included userdom_user_home_content already has this.
Redundant: Included userdom_user_home_content already has this.

Redundant: Included userdom_user_home_content already has this.

Redundant: Included userdom_search_user_home_dirs already has this.

Redundant: Included userdom_user_home_content already has this.
2010-09-24 12:44:16 +02:00
Dominick Grift
6aa632a63e Remove stray semi-colon. 2010-09-24 12:44:15 +02:00
Dominick Grift
aaf8a677ba Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:44:14 +02:00
Dominick Grift
8b858f2652 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-24 12:37:05 +02:00
Dominick Grift
ce6df09d63 Redundant: Included inetd_service_domain has this.
Redundant: Included inetd_tcp_service_domain has this.

Redundant: Included inetd_tcp_service_domain has this. Conditional init_daemon_domain has it also.

Redundant: Included inetd_tcp_service_domain has this.
2010-09-24 12:33:58 +02:00
Dominick Grift
fae9473242 Support network connect mysql DB. 2010-09-24 12:33:28 +02:00
Dominick Grift
5492a180fd There is already an optional policy block for daemontools. Join the two. 2010-09-24 12:33:28 +02:00
Dominick Grift
9444a138f5 Consistent ordering of declarations. 2010-09-24 12:33:28 +02:00
Dominick Grift
3c4ffa3294 Use domtrans_pattern where possible. 2010-09-24 12:33:27 +02:00
Dominick Grift
1e2abee10b Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:33:26 +02:00
Dominick Grift
39178aaf8a This is no declaration. Moving to local policy. 2010-09-24 12:27:59 +02:00
Dominick Grift
09873e59ca These were duplicate TE rules. 2010-09-24 12:27:59 +02:00
Dominick Grift
1507cc2a79 Internal interaction goes before external interface calls. 2010-09-24 12:27:59 +02:00
Dominick Grift
86225e1f16 These interface calls are more suitable here. Might want to implement boolean spamd_network_connect_db. 2010-09-24 12:27:59 +02:00
Dominick Grift
54590acde7 Replace type and attributes statements by comma delimiters where possible. 2010-09-24 12:27:59 +02:00
Dan Walsh
42c814d215 - Cleanup policy via dgrift
- Allow dovecot_deliver to append to inherited log files
- Lots of fixes for consolehelper
2010-09-23 17:40:24 -04:00
Dan Walsh
e027e93f2c More typos 2010-09-23 17:39:31 -04:00
Dan Walsh
fad629745b fix typo 2010-09-23 17:31:09 -04:00
Dan Walsh
55bffb7189 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-23 17:20:36 -04:00
Dan Walsh
7c94a3ab0d Allow consolehelper to read fonts and config files in user homedir 2010-09-23 15:14:34 -04:00
Dominick Grift
730ec51878 This is git system content. 2010-09-23 17:28:34 +02:00
Dominick Grift
78ea2abe0f Search parent directory to be able to interact with targets content. 2010-09-23 16:22:26 +02:00
Dominick Grift
a5ea1490d4 Merge branch 'base' 2010-09-23 15:07:33 +02:00
Dan Walsh
f4dc198843 Make hal a dbus_system_domain
Allow dovecot to append all logs
2010-09-23 08:59:40 -04:00
Dominick Grift
ac5201ecde Use permission sets where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
cefe9f9919 Replace type and attributes statements by comma delimiters where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
18f2a72d7f Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-23 14:59:23 +02:00
Dominick Grift
0f7c400223 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-23 14:59:23 +02:00
Dominick Grift
c2b2d22b35 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-23 14:59:23 +02:00
Dominick Grift
1b39decc10 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.
2010-09-23 14:59:22 +02:00
Dominick Grift
8725d6334d This permission is already allowed by included mmap_file_perms. 2010-09-23 14:55:33 +02:00
Dominick Grift
11ad1dae65 Source is postdrop and not local. Moving to postdrop local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
a7b40a9c25 Internal interaction goes before external interface calls. 2010-09-23 14:55:33 +02:00
Dominick Grift
f6e8660dcb These are not declarations move them to local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
9bd88470ac Redundant: All domains are allowed this access by default. 2010-09-23 14:52:41 +02:00
Dominick Grift
6d185571f2 Location /usr/libsexec/sesh does not exist. sesh is in /usr/libexec/sesh. 2010-09-23 14:49:38 +02:00
Dominick Grift
46d410612e Looks like /usr/bin/git-shell and /usr/libexec/git-core/git-shell are hard-linked. This causes conflicting filespecs (shell_exec_t for /usr/bin/git-shell and bin_t for /usr/libexec/git-core/git-shell)
Specify shell_exec_t for /usr/libexec/git-core/git-shell.
2010-09-23 14:49:38 +02:00
Dominick Grift
a8fbd94d6c Reduntant: Included init_daemon_domain already has this. 2010-09-23 14:48:05 +02:00
Dan Walsh
1d153ea0ea - Fix up Xguest policy 2010-09-22 18:36:47 -04:00
Dan Walsh
5d82597463 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-22 16:46:04 -04:00
Dan Walsh
6ed3f15e82 Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc
Allow shutdown to write utmp and search /var/log
Allow mozilla_plugin to send nsplugin signals
Split out samba_run_unconfined_net from unconfined_domain stuff.  TO allow unconfined.pp module to be removed
Allow nrpe to send signal and sigkill to the plugins
Fix up xguest to allow it to read hwdata and gconf_etc_t
Allow initrc_t to manage faillog
2010-09-22 16:42:32 -04:00
Dominick Grift
148e08d34f XML summary fixes.
XML summary fixes.
2010-09-22 15:41:46 +02:00
Dominick Grift
3a3e7db078 Use filetrans_pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
44f8aa190c Use stream connect pattern. 2010-09-22 15:41:46 +02:00