Commit Graph

3100 Commits

Author SHA1 Message Date
Dan Walsh
5d82597463 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-22 16:46:04 -04:00
Dan Walsh
6ed3f15e82 Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc
Allow shutdown to write utmp and search /var/log
Allow mozilla_plugin to send nsplugin signals
Split out samba_run_unconfined_net from unconfined_domain stuff.  TO allow unconfined.pp module to be removed
Allow nrpe to send signal and sigkill to the plugins
Fix up xguest to allow it to read hwdata and gconf_etc_t
Allow initrc_t to manage faillog
2010-09-22 16:42:32 -04:00
Dominick Grift
148e08d34f XML summary fixes.
XML summary fixes.
2010-09-22 15:41:46 +02:00
Dominick Grift
3a3e7db078 Use filetrans_pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
44f8aa190c Use stream connect pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
8bde5ef68b Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-22 15:41:46 +02:00
Dominick Grift
96d3c0d35c Make git daemon executable file an application executable file. 2010-09-22 15:41:46 +02:00
Dominick Grift
08c4bb080f Search parent directory to be able to interact with targets content. 2010-09-22 15:41:45 +02:00
Dominick Grift
38039abcd1 These interface calls are more suitable here. Also should rename boolean to ftpd_network_connect_db and possibly split mysql and postgresql. 2010-09-22 15:41:45 +02:00
Dominick Grift
02687a7034 Move calls to external interfaces below policy that governs internal interaction.
Move calls to external interfaces below policy that governs internal interaction.
2010-09-22 15:41:45 +02:00
Dominick Grift
d542026b86 The capability IPC goes on top of the local policy.
The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.
2010-09-22 15:41:45 +02:00
Dominick Grift
b952f9532a This is a duplicate declaration.
This is a duplicate declaration.
2010-09-22 15:41:45 +02:00
Dominick Grift
ef521e9919 Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
2010-09-22 15:41:43 +02:00
Dominick Grift
68ac47d8c5 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:41:42 +02:00
Dominick Grift
0bdd855157 This is not required here. 2010-09-22 15:39:46 +02:00
Dominick Grift
82c971533a Youre not allowed to directly use external types. 2010-09-22 15:39:46 +02:00
Dominick Grift
59c544a437 Redundant: All deamons are already allowed this access by default. 2010-09-22 15:39:46 +02:00
Dominick Grift
edcc8aa20d Redundant: Included init_daemon_domain already has this. 2010-09-22 15:39:44 +02:00
Dominick Grift
1dfc76f76b Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-22 15:39:43 +02:00
Dominick Grift
9a0f7994cb Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:35:31 +02:00
Dominick Grift
9c7f2af2ed Redundant: Is already permitted by included rw_chr_file_perms. 2010-09-22 15:35:29 +02:00
Dominick Grift
72ba80bf88 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-22 15:35:28 +02:00
Miroslav Grepl
b0a5fc3c27 Allow boinc projects to execute java 2010-09-21 16:03:36 +02:00
Dominick Grift
fc0d3d55f8 Merge branch 'base' 2010-09-21 13:57:06 +02:00
Dominick Grift
f262674898 Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
2010-09-21 13:50:00 +02:00
Dominick Grift
612346475b XML summary fixes.
XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.
2010-09-21 13:50:00 +02:00
Dominick Grift
0eef2ca0f7 Use brace extension where possible.
Use brace extension where possible.
2010-09-21 13:50:00 +02:00
Dominick Grift
69d1431276 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-21 13:50:00 +02:00
Dominick Grift
5ce19e3980 Type zarafa_server_t is not a file type. 2010-09-21 13:50:00 +02:00
Dominick Grift
e130679fa0 This is a role capability.
This is a role capability.

This is a role capability.
2010-09-21 13:50:00 +02:00
Dominick Grift
7bc4e83ea9 Redundant: Included files_search_var_lib already permits access to list generic var directories. 2010-09-21 13:50:00 +02:00
Dominick Grift
ddbd71a506 Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.
2010-09-21 13:49:59 +02:00
Dominick Grift
5a98a53ade Missing required type. 2010-09-21 13:49:59 +02:00
Dominick Grift
d696185c23 Use stream connect pattern. 2010-09-21 13:49:59 +02:00
Dominick Grift
b85c14f0b0 Allow users to ptrace and send any signal to their pyzor agent.
Allow users to ptrace and send any signal to their razor agent.
2010-09-21 13:49:59 +02:00
Dominick Grift
6cd6ed35bd Use ps_process_pattern to read state. 2010-09-21 13:49:59 +02:00
Dominick Grift
2a724571c9 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-21 13:49:58 +02:00
Dominick Grift
3507be9506 Move this to were the other is and where it should be.
Move this to were the other is and where it should be.
2010-09-21 13:47:31 +02:00
Dominick Grift
2528a2d701 Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.
2010-09-21 13:47:30 +02:00
Dominick Grift
b46b3ad67f Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.
2010-09-21 13:16:29 +02:00
Dominick Grift
30bbb6a533 This is not a role capability. 2010-09-21 13:16:29 +02:00
Miroslav Grepl
d15b40a537 Fixed badly chosen type of interface for some interfaces 2010-09-21 09:09:43 +02:00
Dominick Grift
6ec59cc63d Redundant: This is already allowed by included admin_pattern for mpd_var_lib_t. 2010-09-20 19:34:45 +02:00
Dominick Grift
a053765caf Redundant: This is already permitted by included manage_dirs_pattern. 2010-09-20 18:18:44 +02:00
Dominick Grift
cbd9541b90 Added for use in admin interfaces with admin_patterns for lock types.. 2010-09-20 18:18:44 +02:00
Dominick Grift
7a37620aaa These are duplicates and redundants. 2010-09-20 18:18:44 +02:00
Dominick Grift
8e3f53a057 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-20 18:18:44 +02:00
Dominick Grift
61f4064286 Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.
2010-09-20 18:18:44 +02:00
Dominick Grift
55c2e0e0a4 This is a role capability.
This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.
2010-09-20 18:18:44 +02:00
Dominick Grift
8ab34f0132 XML summary fixes.
XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.
2010-09-20 18:18:44 +02:00