Commit Graph

698 Commits

Author SHA1 Message Date
Daniel J Walsh
5a576e06f0 - Allow passwd to communicate with user sockets to change gnome-keyring 2008-04-08 19:17:28 +00:00
Daniel J Walsh
7f851af8d9 - Fix initial install 2008-04-08 03:17:46 +00:00
Daniel J Walsh
c3c4a525c2 - 2008-04-06 12:06:47 +00:00
Daniel J Walsh
27943de6a0 - Allow radvd to use fifo_file
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
    the boolean is set
2008-04-05 10:39:06 +00:00
Daniel J Walsh
c66f2bc425 - Allow nsplugin to read /etc/mozpluggerrc, user_fonts
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t
2008-04-01 09:21:21 +00:00
Daniel J Walsh
294ea7a213 - Allow initrc_t to dbus chat with consolekit. 2008-03-29 18:36:09 +00:00
Daniel J Walsh
e54cb216a8 - Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed
2008-03-28 22:07:45 +00:00
Daniel J Walsh
f70afcdd9e - Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs
2008-03-26 06:17:27 +00:00
Daniel J Walsh
bf3d39e959 - Fix file context for MATLAB
- Fixes for xace
2008-03-21 23:24:11 +00:00
Daniel J Walsh
5ea3f10caf - Allow stunnel to transition to inetd children domains
- Make unconfined_dbusd_t an unconfined domain
2008-03-20 16:11:16 +00:00
Daniel J Walsh
94b7be909e 2008-03-18 21:10:02 +00:00
Daniel J Walsh
ba9e5e8244 - Fixes for qemu/virtd 2008-03-17 21:42:05 +00:00
Daniel J Walsh
97081dcb9d - Fix bug in mozilla policy to allow xguest transition
- This will fix the
2008-03-14 21:17:21 +00:00
Daniel J Walsh
a6e1280791 - Fix bug in mozilla policy to allow xguest transition
- This will fix the
2008-03-14 21:13:24 +00:00
Daniel J Walsh
d593d26c1d - Allow nsplugin to run acroread 2008-03-14 15:59:07 +00:00
Daniel J Walsh
987b10f86d - Add cups_pdf policy
- Add openoffice policy to run in xguest
2008-03-14 00:25:00 +00:00
Daniel J Walsh
7f811bf534 - prewika needs to contact mysql
- Allow syslog to read system_map files
2008-03-13 12:58:25 +00:00
Daniel J Walsh
ceda8feb68 - Change init_t to an unconfined_domain 2008-03-12 12:39:48 +00:00
Daniel J Walsh
0879f489ab - Allow init to transition to initrc_t on shell exec.
- Fix init to be able to sendto init_t.
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
- More mls fixes
2008-03-12 01:10:44 +00:00
Bill Nottingham
110bce3a29 fixes for init, rhgb. also, fix the build 2008-03-11 22:46:00 +00:00
Daniel J Walsh
2041ac3d49 - Additional changes for MLS policy 2008-03-10 20:58:06 +00:00
Daniel J Walsh
1bf67d57ed - Fix initrc_context generation for MLS 2008-03-06 22:25:06 +00:00
Daniel J Walsh
dc57e68eff - Fixes for libvirt 2008-03-05 23:11:52 +00:00
Daniel J Walsh
5947905ef9 - Allow bitlebee to read locale_t 2008-03-04 21:38:18 +00:00
Daniel J Walsh
d8c160273b - More xselinux rules 2008-02-29 22:33:22 +00:00
Daniel J Walsh
9a0f35b9ad - Change httpd_$1_script_r*_t to httpd_$1_content_r*_t 2008-02-29 22:18:30 +00:00
Daniel J Walsh
338714fc7f - 2008-02-28 21:51:10 +00:00
Daniel J Walsh
b7229ad8bb - Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 05:01:51 +00:00
Daniel J Walsh
40ce26840e - Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 04:35:56 +00:00
Daniel J Walsh
533c755e4d - Allow nsplugin_config execstack/execmem
- Allow nsplugin_t to read alsa config
- Change apache to use user content
2008-02-28 03:32:23 +00:00
Daniel J Walsh
c092cc1478 - Add cyphesis policy 2008-02-26 23:02:51 +00:00
Daniel J Walsh
063999dd85 2008-02-26 19:24:53 +00:00
Daniel J Walsh
27b2b09ffe - 2008-02-26 16:15:00 +00:00
Daniel J Walsh
f75033d612 - Update to upstream fixes 2008-02-26 13:45:23 +00:00
Daniel J Walsh
5ca2ff99b6 - Add xace support 2008-02-22 20:32:52 +00:00
Daniel J Walsh
8bd036a289 - Add fusectl file system 2008-02-21 19:43:52 +00:00
Daniel J Walsh
541ba8edec - Fixes from yum-cron
- Update to latest upstream
2008-02-20 18:52:50 +00:00
Daniel J Walsh
e5acebe58c 2008-02-20 18:30:31 +00:00
Daniel J Walsh
306393505f - Fix userdom_list_user_files 2008-02-19 22:20:15 +00:00
Daniel J Walsh
eb3e9fbc68 - Merge with upstream 2008-02-18 21:31:18 +00:00
Daniel J Walsh
7e1e7bed89 - Allow udev to send audit messages 2008-02-14 21:05:32 +00:00
Daniel J Walsh
9870c64ba7 - Add additional login users interfaces
- userdom_admin_login_user_template(staff)
2008-02-13 22:13:58 +00:00
Daniel J Walsh
49295b262f - More fixes for polkit 2008-02-12 18:41:35 +00:00
Daniel J Walsh
ebe074be56 - More fixes for polkit 2008-02-11 22:53:26 +00:00
Daniel J Walsh
57ac1cab83 - Update to upstream 2008-02-06 21:47:42 +00:00
Daniel J Walsh
4637b67d50 - Fixes for staff_t 2008-02-05 21:25:09 +00:00
Daniel J Walsh
b53db53c9f - Add policy for kerneloops
- Add policy for gnomeclock
2008-02-05 18:31:25 +00:00
Daniel J Walsh
881d64a16e - Fixes for libvirt 2008-02-04 21:41:59 +00:00
Daniel J Walsh
60c693e546 - Fixes for nsplugin 2008-02-03 13:39:47 +00:00
Daniel J Walsh
11ac4bcde1 - Additional ports for vnc and allow qemu and libvirt to search all
directories
2008-02-02 15:42:44 +00:00
Daniel J Walsh
b19d470cd4 - Update to upstream
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
Daniel J Walsh
e1060e24d5 - Allow fail2ban to create a socket in /var/run 2008-02-01 13:49:05 +00:00
Daniel J Walsh
59d6fbb642 - Allow allow_httpd_mod_auth_pam to work 2008-01-31 20:59:05 +00:00
Daniel J Walsh
7c124f5e42 - Allow allow_httpd_mod_auth_pam to work 2008-01-31 19:32:51 +00:00
Daniel J Walsh
f18a882ba5 - Add audisp policy and prelude 2008-01-30 21:34:13 +00:00
Daniel J Walsh
0f70114e58 - Allow all user roles to executae samba net command 2008-01-30 13:56:22 +00:00
Daniel J Walsh
7c2be34d14 - Allow usertypes to read/write noxattr file systems 2008-01-28 16:48:49 +00:00
Daniel J Walsh
7c7d59935b - Fix nsplugin to allow flashplugin to work in enforcing mode 2008-01-24 18:12:25 +00:00
Daniel J Walsh
0939872058 - Allow pam_selinux_permit to kill all processes 2008-01-23 18:24:12 +00:00
Daniel J Walsh
cc5bb89ef0 - Allow ptrace or user processes by users of same type
- Add boolean for transition to nsplugin
2008-01-22 19:46:50 +00:00
Daniel J Walsh
ef19b75773 - Allow nsplugin sys_nice, getsched, setsched 2008-01-22 17:35:34 +00:00
Daniel J Walsh
b3c8a04083 - Allow login programs to talk dbus to oddjob 2008-01-21 21:42:26 +00:00
Daniel J Walsh
98f84cb0ed - Add procmail_log support
- Lots of fixes for munin
2008-01-21 15:57:25 +00:00
Daniel J Walsh
e26fef9ac3 - Allow setroubleshoot to read policy config and send audit messages 2008-01-15 20:43:04 +00:00
Daniel J Walsh
8a40d69539 - Allow users to execute all files in homedir, if boolean set
- Allow mount to read samba config
2008-01-14 19:47:11 +00:00
Daniel J Walsh
27c7d85aab - Fixes for xguest to run java plugin 2008-01-13 14:01:50 +00:00
Daniel J Walsh
4be3ba520d - dontaudit pam_t and dbusd writing to user_home_t 2008-01-11 19:45:47 +00:00
Daniel J Walsh
5baf53aabd - Update gpg to allow reading of inotify 2008-01-08 19:58:56 +00:00
Daniel J Walsh
a502c55197 - Change user and staff roles to work correctly with varied perms 2008-01-03 22:13:09 +00:00
Daniel J Walsh
c64ec27caa - Fix munin log,
- Eliminate duplicate mozilla file context
- fix wpa_supplicant spec
2007-12-31 21:47:39 +00:00
Daniel J Walsh
88ae3f5e0c - Fix role transition from unconfined_r to system_r when running rpm
- Allow unconfined_domains to communicate with user dbus instances
2007-12-30 15:12:11 +00:00
Daniel J Walsh
5d13344539 - Fix role transition fro unconfined_r to system_r when running rpm 2007-12-24 12:01:17 +00:00
Daniel J Walsh
0ec33db4ff - Let all uncofined domains communicate with dbus unconfined 2007-12-21 07:58:04 +00:00
Daniel J Walsh
673eaaeafb - Run rpm in system_r 2007-12-20 21:26:31 +00:00
Daniel J Walsh
5615fe1b3d - Zero out customizable types 2007-12-19 21:45:51 +00:00
Daniel J Walsh
9a2cf87457 - Fix definiton of admin_home_t 2007-12-19 10:42:06 +00:00
Daniel J Walsh
2f257cb996 - Fix munin file context 2007-12-19 09:27:15 +00:00
Daniel J Walsh
91c2fa9d31 - Allow cron to run unconfined apps 2007-12-18 13:59:31 +00:00
Daniel J Walsh
99d3676891 - Modify default login to unconfined_u 2007-12-17 22:49:08 +00:00
Daniel J Walsh
4d59c29e33 - Dontaudit dbus user client search of /root 2007-12-14 12:40:39 +00:00
Daniel J Walsh
5928688f61 - Dontaudit dbus user client search of /root 2007-12-13 22:42:22 +00:00
Daniel J Walsh
76e3401243 - Update to upstream 2007-12-13 18:44:18 +00:00
Daniel J Walsh
4c6f2dd6a3 - Fixes for polkit
- Allow xserver to ptrace
2007-12-12 14:53:07 +00:00
Daniel J Walsh
7dfe3eb3ef - Add polkit policy
- Symplify userdom context, remove automatic per_role changes
2007-12-11 06:08:33 +00:00
Daniel J Walsh
a1341a85df - Update to upstream
- Allow httpd_sys_script_t to search users homedirs
2007-12-06 21:37:36 +00:00
Daniel J Walsh
02654b8fb4 - Update to upstream
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:19:13 +00:00
Daniel J Walsh
d195fc7e87 - Update to upstreamddddddddddddd
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:11:46 +00:00
Daniel J Walsh
320f3e6459 - Allow rpm_script to transition to unconfined_execmem_t 2007-12-04 00:15:27 +00:00
Daniel J Walsh
3b47cb03b7 Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> 3.2.1-1
- Remove user based home directory separation
2007-12-03 00:15:23 +00:00
Daniel J Walsh
9186dc57d9 - Remove user based home directory separation 2007-11-30 22:33:18 +00:00
Daniel J Walsh
3a54e4809f - Remove user specific crond_t 2007-11-28 16:56:57 +00:00
Daniel J Walsh
0fffbad8de - Merge with upstream
- Allow xsever to read hwdata_t
- Allow login programs to setkeycreate
2007-11-26 15:40:45 +00:00
Daniel J Walsh
ddf4ec413f - Update to upstream 2007-11-19 20:09:32 +00:00
Daniel J Walsh
7330e86b90 - Update to upstream 2007-11-10 14:14:41 +00:00
Daniel J Walsh
36404444a8 - Update to upstream 2007-11-07 19:42:24 +00:00
Daniel J Walsh
fa0d1c8884 - Update to upstream 2007-10-23 23:13:09 +00:00
Daniel J Walsh
d0649e9167 - Allow XServer to read /proc/self/cmdline 2007-10-22 14:27:29 +00:00
Daniel J Walsh
30dfdc7f05 - Fixes for hald_mac
- Treat unconfined_home_dir_t as a home dir
- dontaudit rhgb writes to fonts and root
2007-10-19 21:21:40 +00:00
Daniel J Walsh
3375c34d9a - Fix dnsmasq
- Allow rshd full login privs
2007-10-19 15:01:30 +00:00
Daniel J Walsh
6455c9d6b5 - Allow rshd to connect to ports > 1023 2007-10-18 22:33:41 +00:00