rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4,480 Commits 8 Branches 96 Tags 37 MiB
50dacaca09
Commit Graph

62 Commits

Author SHA1 Message Date
Dan Walsh
fbd9ca071a - Turn off default transition to mozilla_plugin and telepathy domains from unconfined user 
- Turn off iptables from unconfined user
- Allow sudo to send signals to any domains the user could have transitioned to.
- Passwd in single user mode needs to talk to console_device_t
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
- locate tried to read a symbolic link, will dontaudit
- New labels for telepathy-sunshine content in homedir
- Google is storing other binaries under /opt/google/talkplugin
- bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug
- Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15
- modemmanger and bluetooth send dbus messages to devicekit_power
- Samba needs to getquota on filesystems labeld samba_share_t
 2010-10-01 12:06:09 -04:00
Dan Walsh
1d153ea0ea - Fix up Xguest policy 2010-09-22 18:36:47 -04:00
Dan Walsh
ea3b7b5dff - Add vnstat policy 
- allow libvirt to send audit messages
- Allow chrome-sandbox to search nfs_t
 2010-09-16 18:00:00 -04:00
Daniel J Walsh
3f1005a67d - Make boot with systemd in enforcing mode 2010-07-15 20:04:35 +00:00
Daniel J Walsh
bca242c772 - Add xdm_var_run_t to xserver_stream_connect_xdm 
- Add cmorrord and mpd policy from Miroslav Grepl
 2010-06-02 19:36:11 +00:00
Daniel J Walsh
a72c31df34 - Update to upstream 2010-03-18 15:47:35 +00:00
Daniel J Walsh
89ad5ea38f - Turn on puppet policy 
- Update to dgrift git policy
 2010-01-14 21:49:18 +00:00
Daniel J Walsh
ee88b050c5 - Add asterisk policy back in 2009-11-20 16:55:54 +00:00
Daniel J Walsh
85582d623f - Allow users to exec restorecond 2009-09-25 18:47:07 +00:00
Daniel J Walsh
72bc25da0e - Allow xserver to use netlink_kobject_uevent_socket 2009-09-07 01:29:07 +00:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Daniel J Walsh
cbedd06c12 - Add kdump policy for Miroslav Grepl 
- Turn off execstack boolean
 2009-08-12 20:09:21 +00:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl 
- Turn off execstack boolean
 2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
9160520a0e - Allow certmaster to override dac permissions 2009-07-27 22:09:57 +00:00
Daniel J Walsh
d982e7e091 - Fixes for podsleuth 2009-04-18 12:13:36 +00:00
Daniel J Walsh
1d1c058a4e - Add git web policy 2009-02-10 16:08:36 +00:00
Daniel J Walsh
6a09cfb688 - Allow hal/pm-utils to look at /var/run/video.rom 
- Add ulogd policy
 2008-11-05 18:26:36 +00:00
Daniel J Walsh
d8e5d05b6e - Allow openoffice execstack/execmem privs 2008-10-28 20:06:14 +00:00
Daniel J Walsh
4450ddb039 - Fixes for logrotate, alsa 2008-07-30 13:44:15 +00:00
Daniel J Walsh
fbea0df606 add init_upstart boolean 2008-05-19 17:48:06 +00:00
Daniel J Walsh
2d8ff5157a - Remove old booleans from targeted-booleans.conf file 2008-04-28 21:24:59 +00:00
Daniel J Walsh
5a576e06f0 - Allow passwd to communicate with user sockets to change gnome-keyring 2008-04-08 19:17:28 +00:00
Daniel J Walsh
27943de6a0 - Allow radvd to use fifo_file 
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
    the boolean is set
 2008-04-05 10:39:06 +00:00
Daniel J Walsh
b7229ad8bb - Prepare policy for beta release 
- Change some of the system domains back to unconfined
- Turn on some of the booleans
 2008-02-28 05:01:51 +00:00
Daniel J Walsh
8d4af9d064 - Fixes from yum-cron 
- Update to latest upstream
 2008-02-20 22:44:00 +00:00
Daniel J Walsh
7c2be34d14 - Allow usertypes to read/write noxattr file systems 2008-01-28 16:48:49 +00:00
Daniel J Walsh
7330e86b90 - Update to upstream 2007-11-10 14:14:41 +00:00
Daniel J Walsh
cd8aa3b448 - Update to upstream 2007-10-24 19:31:28 +00:00
Daniel J Walsh
d50690ad8f - Update to upstream 2007-10-24 03:29:53 +00:00
Daniel J Walsh
fa0d1c8884 - Update to upstream 2007-10-23 23:13:09 +00:00
Daniel J Walsh
8fd9df6414 - Remove homedir_template 2007-10-05 19:47:10 +00:00
Daniel J Walsh
922f646a26 - Remove homedir_template 2007-10-05 11:43:46 +00:00
Daniel J Walsh
0f8f545d1a - Fix prelink to handle execmod 2007-07-24 14:39:01 +00:00
Daniel J Walsh
a4ec9b75e1 - Remove ifdef strict policy from upstream 2007-06-22 19:21:00 +00:00
Daniel J Walsh
057603fbda - Update to latest from upstream 2007-05-07 18:07:26 +00:00
Daniel J Walsh
cc1be2260f - Revert Nemiver change 
- Set sudo as a corecmd so prelink will work, remove sudoedit mapping,
    since this will not work, it does not transition.
- Allow samba to execute useradd
 2007-02-23 15:35:01 +00:00
Daniel J Walsh
1a24735d8f - Fix file context for nemiver 2007-02-15 00:19:30 +00:00
Daniel J Walsh
a384d73899 - Allow prelink when run from rpm to create tmp files Resolves: #221865 
- Remove file_context for exportfs Resolves: #221181
- Allow spamassassin to create ~/.spamassissin Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves: #200110
 2007-01-09 15:24:41 +00:00
Daniel J Walsh
6157a7e6e4 - More fixes for MLS 2006-12-11 12:35:45 +00:00
Daniel J Walsh
06b64f8c21 - Allow xen to connect to xen port 2006-11-10 20:37:08 +00:00
Daniel J Walsh
d095a0e65b - Add perms for swat 2006-11-01 00:09:08 +00:00
Daniel J Walsh
6b97615edf - Allow daemons to dump core files to / 2006-10-30 21:18:40 +00:00
Daniel J Walsh
201e1d333f - Fix dovecot, amanda 2006-09-27 19:49:43 +00:00
Daniel J Walsh
861af1c0df - Add tty access to all domains boolean 
- Fix gnome-pty-helper context for ia64
 2006-09-13 12:00:21 +00:00
Daniel J Walsh
543bc335c1 - Change allow_execstack to default to on, for RHEL5 Beta. This is required 
because of a Java compiler problem. Hope to turn off for next beta
 2006-08-11 15:39:50 +00:00
Daniel J Walsh
c7b7392126 - add boolean to allow zebra to write config files 2006-07-19 20:06:35 +00:00
Daniel J Walsh
31c47be0fe - setroubleshootd fixes 2006-07-19 18:39:31 +00:00
Daniel J Walsh
d819090e1f - Multiple fixes 2006-07-12 02:50:30 +00:00
Daniel J Walsh
8bee3a4a58 - Update to upstream 2006-07-09 09:51:33 +00:00