Jeremy Solt
2b012bacb6
Prelude patch from Dan Walsh
2010-03-29 08:36:15 -04:00
Jeremy Solt
84ce9c3333
Bluetooth patch (sys_admin and debugfs) from Dan Walsh
...
Added comments to reference redhat bugs
2010-03-29 08:36:05 -04:00
Jeremy Solt
4c05dff3d1
avahi patch from Dan Walsh
...
Didn't include the file read in the dbus_chat interface.
2010-03-29 08:36:00 -04:00
Jeremy Solt
dcbb332992
chronyd patch from Dan Walsh
...
Fixed a couple style/spacing issues.
Added files_search_etc for chronyd_keys file
2010-03-29 08:35:52 -04:00
Jeremy Solt
c586c1bfa6
Give dcc setgid from Dan Walsh
2010-03-29 08:35:34 -04:00
Chris PeBenito
7656af7a6f
Module version bump for c37d843
.
2010-03-23 08:07:19 -04:00
Chris PeBenito
be8311279e
Minor bind XML tweaks.
2010-03-23 08:05:00 -04:00
Jeremy Solt
c37d843fa1
bind patch from Dan Walsh
...
some fixes in interfaces, added bind_setattr_zone_dirs interface
sysnet_read_config not needed with auth_use_nsswitch
Did not include init_read_script_tmp_files for named_t
2010-03-23 08:01:05 -04:00
Chris PeBenito
390b8a821b
Radvd patch from Dan Walsh.
2010-03-22 15:19:50 -04:00
Chris PeBenito
1b22152c2c
Rdisc patch from Dan Walsh.
2010-03-22 15:09:27 -04:00
Chris PeBenito
6c40309ef1
Module version bump for 1d348bd
.
2010-03-22 13:53:24 -04:00
Jeremy Solt
1d348bd253
Afs needs sys_admin, sends signals, and resolves hostnames from Dan Walsh
2010-03-22 13:52:19 -04:00
Chris PeBenito
df29613c72
Module version bump for 75c8a69
.
2010-03-22 13:51:35 -04:00
Jeremy Solt
75c8a691ee
gitosis read/manage lib interfaces from Dan Walsh
...
Only giving manage_files_pattern for gitosis_manage_lib_files
2010-03-22 13:48:39 -04:00
Chris PeBenito
cf7eb082d2
Sasl patch from Dan Walsh.
2010-03-22 11:22:25 -04:00
Chris PeBenito
449d2069ac
Snmp patch from Dan Walsh.
2010-03-22 11:08:31 -04:00
Chris PeBenito
08d7c7339b
Sysstat patch from Dan Walsh.
2010-03-22 10:47:41 -04:00
Chris PeBenito
98ac3f5ace
Telnet patch from Dan Walsh.
2010-03-22 10:40:37 -04:00
Chris PeBenito
461b53e028
Tuned patch from Dan Walsh.
2010-03-22 10:33:31 -04:00
Chris PeBenito
7630200e1b
Virt patch from Dan Walsh.
2010-03-22 10:24:34 -04:00
Chris PeBenito
064d1b469e
Rename rtkit_schedule() to rtkit_scheduled().
2010-03-22 09:54:58 -04:00
Chris PeBenito
e13a9ef5fe
Module version bump for ac19f1a
.
2010-03-22 08:59:04 -04:00
Chris PeBenito
c7a4cf3179
Module version bump for 9681df1
.
2010-03-22 08:58:41 -04:00
Chris PeBenito
32103f250f
Module version bump for d3b5907
.
2010-03-22 08:58:20 -04:00
Chris PeBenito
340af119b0
Minor tweaks on icecast.
2010-03-22 08:56:32 -04:00
Jeremy Solt
584dfaca45
icecast policy from Dan Walsh
...
Fixed some style and spacing issues
Replace manage_var_run interface with manage_pid_files with fewer permissions
Replaced rkit_daemon_system_domain with rtkit_schedule
2010-03-22 08:49:54 -04:00
Jeremy Solt
ac19f1ac26
rtkit patch from Dan Walsh:
...
rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
Needs sys_nice capability
Needs to getsched on all domains.
Fix bug in te file
Me:
changed interface name from rtkit_daemon_system_domain to rtkit_schedule
Already had sys_nice capability
2010-03-22 08:41:42 -04:00
Jeremy Solt
9681df1c8d
postgresql patch from Dan Walsh:
...
"File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info"
Moved signal interface for style.
2010-03-22 08:39:15 -04:00
Jeremy Solt
d3b5907ea4
openvpn needs ipc_lock capability, connects to http ports,
...
and manages net_conf_t files - from Dan Walsh
2010-03-22 08:36:47 -04:00
Chris PeBenito
47293bd8d6
Tftp patch from Dan Walsh.
2010-03-19 15:56:14 -04:00
Chris PeBenito
788ba75491
Uucp patch from Dan Walsh.
2010-03-19 15:49:12 -04:00
Chris PeBenito
bed0a44560
Zebra patch from Dan Walsh.
2010-03-19 15:45:25 -04:00
Chris PeBenito
bc31d12725
Libraries patch from Dan Walsh.
2010-03-19 14:21:23 -04:00
Chris PeBenito
0d86ea1d7b
Xen patch from Dan Walsh.
2010-03-19 11:54:50 -04:00
Chris PeBenito
b60df9f57d
Getty patch from Dan Walsh.
2010-03-19 11:05:56 -04:00
Chris PeBenito
1fa92b8a55
Sysnetwork patch from Dan Walsh.
2010-03-18 15:40:04 -04:00
Chris PeBenito
ddd786e404
Init patch from Dan Walsh.
2010-03-18 10:19:49 -04:00
Chris PeBenito
153ed8751a
Authlogin patch from Dan Walsh.
2010-03-18 08:59:25 -04:00
Chris PeBenito
4fbcd778de
Iptables patch from Dan Walsh.
2010-03-18 08:10:21 -04:00
Chris PeBenito
a124c0a81f
Udev patch from Dan Walsh.
2010-03-17 15:17:48 -04:00
Chris PeBenito
7a8807b627
Logging patch from Dan Walsh.
2010-03-17 14:40:06 -04:00
Chris PeBenito
90e65feca5
Ipsec patch from Dan Walsh.
2010-03-17 13:52:07 -04:00
Chris PeBenito
d13c6758a4
Modutils patch from Dan Walsh.
2010-03-17 11:59:14 -04:00
Chris PeBenito
0417386142
Kernel patch from Dan Walsh.
2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502
Domain patch from Dan Walsh.
2010-03-17 10:02:07 -04:00
Chris PeBenito
7b50b7053d
Module version bump for 6a03548
.
2010-03-17 09:42:46 -04:00
Jeremy Solt
6a035482dc
amavis uses uptime which reads utmp, and reads certs - from Dan Walsh
2010-03-17 09:41:18 -04:00
Chris PeBenito
827060cb04
Style fixes and module version bumps for 38fc1bd
.
2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
2a62db7883
Module version bump for 414a570
.
2010-03-16 15:28:36 -04:00
Jeremy Solt
414a5704df
fetchmail executes programs in bin (uname), from Dan Walsh
2010-03-16 15:27:40 -04:00
Chris PeBenito
e8871c2092
Add additional documentation to kernel_request_load_module().
2010-03-16 15:08:00 -04:00
Chris PeBenito
5911f3dbca
Module version bump for 935151a
.
2010-03-16 14:35:09 -04:00
Chris PeBenito
c6491af860
Module version bump for d12f18e
.
2010-03-16 14:34:50 -04:00
Chris PeBenito
9a59893e5a
Module version bump for d7ec247
.
2010-03-16 14:34:23 -04:00
Chris PeBenito
9570fc108e
Module version bump for 591af7b
.
2010-03-16 14:34:05 -04:00
Chris PeBenito
ce693cbbec
Module version bump for ae07c9e
.
2010-03-16 14:33:43 -04:00
Chris PeBenito
1656bf730f
Whitespace fixes in mailman.
2010-03-16 13:51:51 -04:00
Jeremy Solt
935151afcd
Change kernel_load_module to kernel_request_load_module for howl from Dan Walsh
2010-03-16 13:44:55 -04:00
Jeremy Solt
d12f18e452
Change kernel_load_module to kernel_request_load_module from Dan Walsh
2010-03-16 13:44:52 -04:00
Jeremy Solt
d7ec24785b
File context update for certmaster from Dan Walsh
2010-03-16 13:44:50 -04:00
Jeremy Solt
591af7be0c
file context updates from Dan Walsh
2010-03-16 13:44:48 -04:00
Jeremy Solt
ae07c9e2e8
Screen needs to setattr on user_ttydevice_t from Dan Walsh
2010-03-16 13:36:45 -04:00
Chris PeBenito
fad6e761bf
Whitespace fix for mcelog.
2010-03-16 13:15:38 -04:00
Chris PeBenito
fce868d074
Module version bump for f7d413a
.
2010-03-16 13:15:00 -04:00
Chris PeBenito
bf140fc32c
Rearrange interfaces in fail2ban.
2010-03-16 13:14:46 -04:00
Chris PeBenito
580279da88
Module version bump for 74b51e6
.
2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7
Whitespace fixes for smoltclient.
2010-03-16 13:11:53 -04:00
Chris PeBenito
ba1c45337b
Module version bump for 3137148
.
2010-03-16 13:10:14 -04:00
Jeremy Solt
1484157201
mcelog policy from Dan Walsh
...
Me: Removed permissive line, and fixed a couple style issues
2010-03-16 11:47:07 -04:00
Jeremy Solt
f7d413af27
fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh
...
Did not include dontaudit_leaks interface
Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set
2010-03-16 11:44:35 -04:00
Jeremy Solt
74b51e6db2
Firstboot sends dbus messages from Dan Walsh
...
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd
Policy for smolt sendProfile client from Dan Walsh
2010-03-16 11:37:56 -04:00
Jeremy Solt
31371480b0
Run interface for ptchown from Dan Walsh
2010-03-16 11:34:58 -04:00
Chris PeBenito
37e2499ed1
Module version bump for 1d3d00b
.
2010-03-12 11:43:09 -05:00
Chris PeBenito
ce0570dc6d
Module version bump for e172614
.
2010-03-12 11:42:28 -05:00
Chris PeBenito
7af0e9bc95
Filesystem patch from Dan Walsh.
2010-03-12 11:40:59 -05:00
Chris PeBenito
9e506eb236
Rearrange lines in alsa an mysql.
2010-03-12 08:59:23 -05:00
Chris PeBenito
e172614b57
Whitespace cleanup on mysql.if.
2010-03-12 08:55:34 -05:00
Jeremy Solt
1d3d00b279
Manage alsa writable config files interface from Dan Walsh
...
Moved term_dontaudit_use_console for style.
2010-03-12 08:54:29 -05:00
Jeremy Solt
12a6a53f63
mysql policy from Dan Walsh
...
My changes to patch:
A couple changes to match style.
Removed files_dontaudit_search_all_mountpoints(mysqld_safe_t), it doesn't exist in refpolicy
2010-03-12 08:54:29 -05:00
Chris PeBenito
2f0e3a4e7e
Raid patch from Dan Walsh.
2010-03-09 15:33:29 -05:00
Chris PeBenito
30496b1575
Iscsi and tgtd patches from Dan Walsh.
2010-03-09 15:17:16 -05:00
Chris PeBenito
939eaf2f13
Fstools patch from Dan Walsh.
2010-03-09 14:32:17 -05:00
Chris PeBenito
d0a6df5c47
Miscfiles patch from Dan Walsh.
2010-03-09 10:44:55 -05:00
Chris PeBenito
547d62ea9e
Module version bump for ddae1cc
.
2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec
Creates sock files in /tmp, reads network state. - From Dan Walsh
...
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
2010-03-09 09:32:23 -05:00
Chris PeBenito
bd063de6c4
Fix another corenetwork typo.
2010-03-08 11:04:40 -05:00
Chris PeBenito
6f9c3c4895
Module version bump for 42fa15b
.
2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa
Module version bump for 3fcdc39
.
2010-03-08 10:02:58 -05:00
Chris PeBenito
5dac50953f
Module version bump for cf3da95
.
2010-03-08 10:02:34 -05:00
Chris PeBenito
e2e1b6721b
Minor style fixes.
2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75
Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764
shorewall log file from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
cf3da95084
Allow cdrecord_t to execute bin_t from Dan Walsh
...
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito
4af2b3fb98
Add back missing s0 on network_port().
2010-03-08 07:59:56 -05:00
Chris PeBenito
09b92dcc3c
Guest patch from Dan Walsh.
2010-03-05 14:09:49 -05:00
Chris PeBenito
9c709c46a1
Corenetwork patch from Dan Walsh.
2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b
Corecommands patch from Dan Walsh.
2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc
Devices patch from Dan Walsh.
2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba
Storage patch from Dan Walsh.
2010-03-04 14:23:44 -05:00
Dominick Grift
183f79e38e
Fix cobbler_admin interface to require cobblerd_initrc_exec_t.
...
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-04 14:12:41 -05:00
Chris PeBenito
eeb7616f5e
Corenetwork patch from Dan Walsh.
2010-03-04 13:50:46 -05:00
Chris PeBenito
1112a5bc20
Module version bump for be47d75.
2010-03-04 09:18:04 -05:00
Chris PeBenito
ec0205ff73
Module version bump for e1e78df.
2010-03-04 09:18:04 -05:00
Chris PeBenito
b7070a9f3d
Module version bump for 52b215f.
2010-03-04 09:18:04 -05:00
Chris PeBenito
cb6385d0ba
Module version bump for cf5e81d.
2010-03-04 09:18:04 -05:00
Chris PeBenito
c4faa1db8e
Module version bump for 96b7e9f.
2010-03-04 09:18:04 -05:00
Chris PeBenito
812f30af02
Module version bump for a005018.
2010-03-04 09:18:04 -05:00
Chris PeBenito
4931c57e4b
Add additional comments for e1e78df.
2010-03-04 09:18:04 -05:00
Jeremy Solt
4d2680e508
hotplug transition to brctl from Dan Walsh
2010-03-04 09:18:04 -05:00
Jeremy Solt
9a1f0d21e1
Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
...
Patch from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
15ae77bd77
Domain transition for apmd to vbetool from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
6a9ef9e852
gen_require typo fix in dbadm.if from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
a739053cf5
Changed amavis_initrc_domtrans domain summary to match style.
2010-03-04 09:18:03 -05:00
Jeremy Solt
6665c3c768
Changed arpwatch_initrc_domtrans domain summary to match style.
...
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
2010-03-04 09:18:03 -05:00
Dominick Grift
d783374bc9
Various arpwatch fixes.
...
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
6eed0aa57c
Modified apcupsd_initrc_domtrans interface summary to match style.
...
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
2010-03-04 09:18:03 -05:00
Dominick Grift
eda6417669
Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.
...
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
3b814894c7
Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
...
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
2010-03-04 09:18:02 -05:00
Dominick Grift
88340b904a
Various amavis fixes.
...
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:02 -05:00
Chris PeBenito
402bbb9fe9
Improve documentation of udev_read_db().
2010-03-03 14:16:36 -05:00
Chris PeBenito
b675cec7f8
Improve documentation of seutil_sigchld_newrole().
2010-03-03 14:16:22 -05:00
Chris PeBenito
4a4436a778
Add examples to documentation of common corenetwork interfaces.
2010-03-03 13:42:15 -05:00
Chris PeBenito
a6bafb5a25
Module version bump for bf530f5
.
2010-03-03 13:11:58 -05:00
Dominick Grift
bf530f532c
Various permission set fixes.
...
Fix various interfaces to use permission sets for compatiblity with open permission.
Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.
The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
Chris PeBenito
b58db31da6
Improve the documentation of application_domain().
2010-03-03 10:37:58 -05:00
Chris PeBenito
d24a7df15c
Improve the documentation of auth_use_nsswitch().
2010-03-03 10:37:37 -05:00
Chris PeBenito
0bbb165448
Improve the documentation of nis_use_ypbind().
2010-03-03 10:37:15 -05:00
Dominick Grift
4cb24aed7b
Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
Chris PeBenito
c46376e665
Improve documentation for userdomain interfaces:
...
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00
Chris PeBenito
88daf126f2
Improve the documentation of domain interfaces:
...
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652
Improve the documentation of ubac_constrained().
2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e
Improve the documentation of devices interfaces:
...
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69
Improve filesystem interfaces:
...
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
42f1b11482
Module version bump for 03dd57f
.
2010-03-01 13:34:10 -05:00
Dominick Grift
03dd57fe7b
Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
Chris PeBenito
7cf2858e4a
Improve the documentation of files interfaces:
...
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
5fb5bf2686
Additional docs for logging_log_filetrans().
2010-03-01 10:38:24 -05:00
Chris PeBenito
42eb0f10a9
Improve the documentation of corenetwork interfaces
...
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
14e543cb1c
Improve the documentation of unconfined_domain().
2010-02-26 13:47:17 -05:00
Chris PeBenito
45185c0783
Improve the documentation of logging_log_file() and logging_log_filetrans().
2010-02-26 09:34:41 -05:00
Chris PeBenito
3a744d1275
Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
2010-02-26 08:58:32 -05:00
Chris PeBenito
13f000d2ef
Improve the documentation of:
...
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()
2010-02-25 16:00:58 -05:00
Chris PeBenito
d6887176c1
Improve sysnet_read_config() documentation.
2010-02-25 13:54:34 -05:00
Chris PeBenito
81a0fb4024
Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage.
2010-02-25 13:53:52 -05:00
Chris PeBenito
7a0c0b4088
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 12:59:11 -05:00
Chris PeBenito
fd813456a4
Add additional documentation to files_type().
2010-02-25 10:41:12 -05:00
Chris PeBenito
6dadd3995e
Rearrange files interfaces.
2010-02-25 08:32:22 -05:00
Chris PeBenito
6e48775f75
Improve documentation on logging_send_syslog_msg().
2010-02-24 15:56:05 -05:00
Chris PeBenito
fca4a96bae
Improve documentation on files_read_etc_files().
2010-02-24 15:20:03 -05:00
Chris PeBenito
611bc9311d
Improve documentation on miscfiles_read_localization().
2010-02-24 14:56:07 -05:00
Chris PeBenito
d124921979
Module version bump for cd17345
.
2010-02-24 10:13:12 -05:00
Dominick Grift
cd17345324
Various abrt fixes.
...
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:11:51 -05:00
Chris PeBenito
2040268b01
Module version bump for 534e57b
.
2010-02-24 10:08:41 -05:00
Dominick Grift
534e57b770
Various afs fixes.
...
Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:07:28 -05:00
Dominick Grift
6306637c89
mysqlmanagerd_var_run_t is not a domain type.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:00:05 -05:00
Chris PeBenito
1021460884
Minor tweaks and module version bump for 68cda59
.
2010-02-23 13:58:18 -05:00
Chris Richards
68cda59844
Add MySQL Manager to MySQL policy module
...
Second submission to fix mistakes from first.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
Chris PeBenito
1049180cd8
Automount patch from Dan Walsh.
2010-02-19 13:50:01 -05:00
Chris PeBenito
fa03ecc046
Shorewall patch from Dan Walsh.
2010-02-19 11:53:19 -05:00
Chris PeBenito
6ae29c7378
Vbetool patch from Dan Walsh.
2010-02-19 11:34:28 -05:00
Chris PeBenito
4fd0889171
Java patch from Dan Walsh.
2010-02-19 11:21:38 -05:00
Chris PeBenito
1e0f483a18
Mono patch from Dan Walsh.
2010-02-19 10:42:43 -05:00
Chris PeBenito
a777957b49
Rename qemu_unconfined_t to unconfined_qemu_t.
2010-02-19 10:27:09 -05:00
Chris PeBenito
8a1c9c505f
Rearrage qemu.if.
2010-02-19 10:16:28 -05:00
Chris PeBenito
72295e93e1
Qemu patch from Dan Walsh.
2010-02-19 10:15:19 -05:00
Chris PeBenito
29b580ce8f
Add sectoolm by Miroslav Grepl.
2010-02-19 09:39:06 -05:00
Chris PeBenito
4796d07ee0
Wine patch from Dan Walsh.
2010-02-19 09:17:51 -05:00
Chris PeBenito
6a9da24987
Useradd home dir creation fix from Gentoo.
2010-02-17 20:34:23 -05:00
Chris PeBenito
2f84a77d22
Syslog fixes from Gentoo.
2010-02-17 20:33:53 -05:00
Chris PeBenito
8b8501991e
Clean up leaked portage file descriptors.
2010-02-17 20:33:31 -05:00
Chris PeBenito
d08a3df046
Ssh key creation fix from Gentoo.
2010-02-17 20:32:08 -05:00
Chris PeBenito
2c05132062
Utmp fix from Gentoo.
2010-02-17 20:31:46 -05:00
Chris PeBenito
72c8a37c2b
Setfiles fix from Gentoo.
2010-02-17 20:30:42 -05:00
Chris PeBenito
679a63d09f
Mount usbfs fix from Gentoo.
2010-02-17 20:30:13 -05:00
Chris PeBenito
aadcb968f9
Move netlink route sockets from nsswitch to DNS name resolve.
2010-02-17 20:28:59 -05:00
Chris PeBenito
15d80e3646
Misc portage fixes.
2010-02-17 20:25:39 -05:00
Chris PeBenito
05bd2f9837
Portage fixes for installing SELinux-aware programs.
2010-02-17 20:23:41 -05:00
Chris PeBenito
c06a4452e2
Xguest patch from Dan Walsh.
2010-02-17 09:23:17 -05:00
Chris PeBenito
6f30d7e770
Pulseaudio patch from Dan Walsh.
2010-02-16 15:13:08 -05:00
Chris PeBenito
a513794b4c
Chronyd from Miroslav Grepl.
2010-02-16 14:53:59 -05:00
Chris PeBenito
3fb2b72c65
Ccs patch from Dan Walsh.
2010-02-16 11:28:08 -05:00
Chris PeBenito
0ab2c1eae9
Clear xserver TODO.
2010-02-12 10:29:41 -05:00
Chris PeBenito
6246e7d30a
Non-drawing X client support for consolekit.
2010-02-12 10:29:00 -05:00
Chris PeBenito
1322a1af4d
Remove redundant conditional user_ping terminal rules.
2010-02-11 14:35:38 -05:00
Chris PeBenito
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
Chris PeBenito
ed03a5b916
Sudo patch from Dan Walsh.
2010-02-11 09:15:45 -05:00
Chris PeBenito
ca5dc2f1cb
Consoletype patch from Dan Walsh.
2010-02-11 08:56:53 -05:00
Chris PeBenito
21673b238a
Hal patch from Dan Walsh.
2010-02-11 08:42:00 -05:00
Chris PeBenito
3079cbceb1
Virt/svirt patch from Dan Walsh.
2010-02-09 10:28:17 -05:00
Chris PeBenito
aa9e3b4b65
Ktalk patch from Dan Walsh.
2010-02-09 10:28:00 -05:00
Chris PeBenito
16412e2ff9
Merge branch 'master' of git+ssh://cpebenito@oss.tresys.com/home/git/refpolicy
2010-02-08 14:47:06 -05:00
Chris PeBenito
27eab81f2f
Misc fixes for 1031ee6
.
2010-02-08 13:38:48 -05:00
Chris PeBenito
7d2f96783c
Module version number bump for 1031ee6
.
2010-02-08 13:37:42 -05:00
Dominick Grift
1031ee6f6a
Implement cobblerd policy.
...
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.
Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.
As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.
Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
Chris PeBenito
2d743657f4
Userdomain patch from Stefan Schulze Frielinghaus.
2010-02-08 11:43:44 -05:00
Chris PeBenito
e526fca176
Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl.
2010-02-08 11:29:12 -05:00
Chris PeBenito
4ebfec7303
Add pyicqt from Stefan Schulze Frielinghaus.
2010-02-08 10:58:16 -05:00
Chris PeBenito
22a2874dbf
Add dbadm, from KaiGai Kohei.
2010-02-08 10:34:08 -05:00
Chris PeBenito
edc2f7dea4
Fix home_ssh_t usage.
2010-01-25 08:34:28 -05:00
Chris PeBenito
82b5d290cc
PPP patch from Dan Walsh.
2010-01-15 15:46:07 -05:00
Chris PeBenito
cde15072d0
SSH patch from Dan Walsh.
2010-01-15 15:28:27 -05:00
Chris PeBenito
fee5bb73bc
Uucp patch from Dan Walsh.
2010-01-08 10:37:47 -05:00
Chris PeBenito
c155e042d8
Sendmail patch from Dan Walsh.
2010-01-08 10:37:37 -05:00
Chris PeBenito
3624ef76d2
Mailman patch from Dan Walsh.
2010-01-08 10:37:23 -05:00
Chris PeBenito
8a8b24a4ba
Lircd patch from Dan Walsh.
2010-01-08 10:37:13 -05:00
Chris PeBenito
07ba15168b
Courier patch from Dan Walsh.
2010-01-08 10:37:01 -05:00
Chris PeBenito
d2acef78f4
Inetd patch from Dan Walsh.
2010-01-08 10:36:49 -05:00
Chris PeBenito
c292cb96ad
Avahi patch from Dan Walsh.
2010-01-08 10:35:47 -05:00
Chris PeBenito
00808a9b13
Fprintd patch from Dan Walsh.
2010-01-07 11:51:17 -05:00
Chris PeBenito
ef6ea56c4b
Fetchmail patch from Dan Walsh.
2010-01-07 11:51:05 -05:00
Chris PeBenito
84a45c9617
Exim patch from Dan Walsh.
2010-01-07 11:50:55 -05:00
Chris PeBenito
4dd84bbf0e
Dovecot patch from Dan Walsh.
2010-01-07 11:50:47 -05:00
Chris PeBenito
14c7865f1f
Ddclient patch from Dan Walsh.
2010-01-07 11:50:35 -05:00
Chris PeBenito
dcabb11eb5
DCC patch from Dan Walsh.
2010-01-07 11:50:20 -05:00
Chris PeBenito
30958fb7e7
Cyrus patch from Dan Walsh.
2010-01-07 11:49:55 -05:00
Chris PeBenito
192fb874f5
Clamav patch from Dan Walsh.
2010-01-07 11:49:44 -05:00
Chris PeBenito
c5155ac008
Bluetooth patch from Dan Walsh.
2010-01-07 11:49:32 -05:00
Chris PeBenito
96831fe421
Move rules from mta mailserver delivery from interface to .te to use the attribute.
2010-01-07 09:56:21 -05:00
Chris PeBenito
9c40673ff5
MTA patch from Dan Walsh.
2010-01-07 09:48:35 -05:00
Chris PeBenito
2650ca57ec
Tftp patch from Dan Walsh.
2010-01-07 09:01:10 -05:00
Chris PeBenito
f3890b25db
Sssd patch from Dan Walsh.
2010-01-07 09:00:59 -05:00
Chris PeBenito
207c4d1e6e
Snmp patch from Dan Walsh.
2010-01-07 09:00:48 -05:00
Chris PeBenito
82cdffce58
ntp patch from Dan Walsh.
2010-01-07 09:00:39 -05:00
Chris PeBenito
f37b7bd0cb
gpsd patch from Dan Walsh.
2010-01-07 08:59:38 -05:00
Chris PeBenito
b11dcd43b6
Tuned patch from Dan Walsh.
2009-12-18 10:45:56 -05:00
Chris PeBenito
ff785b93df
Rpcbind patch from Dan Walsh.
2009-12-18 10:45:39 -05:00
Chris PeBenito
733f494802
Radvd patch from Dan Walsh.
2009-12-18 10:45:29 -05:00
Chris PeBenito
b36ae9786f
Privoxy patch from Dan Walsh.
2009-12-18 10:45:22 -05:00
Chris PeBenito
1232a50c5f
Prelude patch from Dan Walsh.
2009-12-18 10:45:09 -05:00
Chris PeBenito
6df09cfef7
PCSCD patch from Dan Walsh.
2009-12-18 10:44:59 -05:00
Chris PeBenito
2d59a828b6
Nslcd patch from Dan Walsh.
2009-12-18 10:44:49 -05:00
Chris PeBenito
80f0587459
Mysql patch from Dan Walsh.
2009-12-18 10:44:35 -05:00
Chris PeBenito
d3c612ffd8
Modemmanager patch from Dan Walsh.
2009-12-18 10:44:26 -05:00
Chris PeBenito
0000b795ea
Milter patch from Dan Walsh.
2009-12-18 10:42:08 -05:00
Chris PeBenito
a32226612a
Memcached patch from Dan Walsh.
2009-12-18 10:41:56 -05:00
Chris PeBenito
6aa333b47e
Kerneloops patch from Dan Walsh.
2009-12-18 10:41:41 -05:00
Chris PeBenito
e1b8b54739
Kerberos patch from Dan Walsh.
2009-12-18 10:40:53 -05:00
Chris PeBenito
7d05af77c3
Irqbalance patch from Dan Walsh.
2009-12-18 10:39:36 -05:00
Chris PeBenito
d7b98c8902
GPM patch from Dan Walsh.
2009-12-18 10:39:23 -05:00
Chris PeBenito
ce8a71a960
Fail2ban patch from Dan Walsh.
2009-12-18 10:39:10 -05:00
Chris PeBenito
bd21cb1e09
Certmaster patch from Dan Walsh.
2009-12-18 10:38:57 -05:00
Chris PeBenito
a7d606860b
Bitlbee patch from Dan Walsh.
2009-12-18 10:38:30 -05:00
Chris PeBenito
5894c3e4fb
Amavis patch from Dan Walsh.
2009-12-18 10:38:17 -05:00
Chris PeBenito
32f27a7489
asterisk patch from Dan Walsh.
2009-12-18 10:37:52 -05:00
Chris PeBenito
7e81399d84
apm patch from Dan Walsh.
2009-12-18 10:35:31 -05:00
Chris PeBenito
41c139dc77
afs patch from Dan Walsh.
2009-12-18 10:35:03 -05:00
Chris PeBenito
b84d6ec491
smartmon patch from Dan Walsh.
2009-12-18 10:33:50 -05:00
Chris PeBenito
7fc72a02d9
Changelog and version bump for X object manager changes.
2009-12-03 10:40:42 -05:00
Chris PeBenito
e331a05c77
Merge branch 'master' into xselinux
2009-12-03 10:13:41 -05:00
Chris PeBenito
46b03739ac
Seunshare patch from Dan Walsh.
2009-12-01 10:31:28 -05:00
Chris PeBenito
d7776f58c2
Screen patch from Dan Walsh.
2009-12-01 10:31:17 -05:00
Chris PeBenito
6394ea6143
Podsleuth patch from Dan Walsh.
2009-12-01 10:30:50 -05:00
Chris PeBenito
b77daab0ed
Mozilla patch from Dan Walsh.
2009-12-01 10:30:30 -05:00
Chris PeBenito
36ded4bd36
GPG patch from Dan Walsh.
2009-12-01 10:30:07 -05:00
Chris PeBenito
962d6fb9b0
Calamaris patch from Dan Walsh.
2009-12-01 10:29:51 -05:00
Chris PeBenito
7491a9ed62
Iptables and modutils patches from Dan Walsh.
2009-12-01 09:23:11 -05:00
Chris PeBenito
d913e793ae
Kismet and tzdata patches from Dan Walsh.
2009-11-25 15:12:52 -05:00
Chris PeBenito
0cad9a734e
RAID patch from Dan Walsh.
2009-11-25 11:17:19 -05:00
Chris PeBenito
77c71b54e5
Fstools and Xen patches from Dan Walsh.
2009-11-25 10:27:31 -05:00
Chris PeBenito
e21162e471
Kdump reads the kernel core.
2009-11-25 10:04:40 -05:00
Chris PeBenito
837163cfe7
UDEV patch from Dan Walsh.
2009-11-25 09:44:14 -05:00
Chris PeBenito
832c1be4ca
IPSEC patch from Dan Walsh.
2009-11-24 14:09:10 -05:00
Chris PeBenito
5ed061769e
Application patch from Dan Walsh.
2009-11-24 11:48:39 -05:00
Chris PeBenito
dccbb80cb0
Whitespace cleanup.
2009-11-24 11:11:38 -05:00
Chris PeBenito
0f982dada2
ISCSI patch from Dan Walsh.
2009-11-24 11:08:22 -05:00
Chris PeBenito
0a119a0142
Setrans patch from Dan Walsh.
2009-11-24 09:41:03 -05:00
Chris PeBenito
bd34ef71df
LVM patch from Dan Walsh.
2009-11-24 09:19:45 -05:00
Chris PeBenito
9dfdd48fec
Miscfiles patch from Dan Walsh.
2009-11-24 09:04:48 -05:00
Chris PeBenito
910b1d8ecb
Files patch from Dan Walsh.
2009-11-24 08:49:15 -05:00
Chris PeBenito
290aa8a020
Corecommands patch from Dan Walsh.
2009-11-23 13:47:36 -05:00
Chris PeBenito
f4b9dc3b00
Filesystem patch from Dan Walsh.
2009-11-23 13:46:51 -05:00
Chris PeBenito
d6c3ed8557
Add terminal patch from Dan Walsh.
2009-11-19 14:57:49 -05:00
Chris PeBenito
b51e8e0b42
Add devices patch from Dan Walsh.
2009-11-19 09:44:19 -05:00
Chris PeBenito
e276b8e5d0
Add kernel patch from Dan Walsh
2009-11-19 09:25:38 -05:00
Chris PeBenito
53c73dc785
Add storage patch, from Dan Walsh.
2009-11-19 09:03:36 -05:00
Chris PeBenito
ed3a1f559a
bump module versions for release.
2009-11-17 10:05:56 -05:00
Chris PeBenito
e6d8fd1e50
additional cleanup for e877913
.
2009-11-11 11:28:50 -05:00
Craig Grube
e8779130bf
adding puppet configuration management system
...
Signed-off-by: Craig Grube <Craig.Grube@cobham.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-11 08:37:16 -05:00
Chris PeBenito
f272825b2d
one further rearrangement of tgtd.
2009-11-03 09:41:24 -05:00
Chris PeBenito
222d5b5987
clean up 0bca409
and add changelog entry.
2009-11-03 09:25:37 -05:00
Matthew Ife
0bca409d74
RESET tgtd daemon.
...
This one makes an effort to check for syntax and that it actually compiles.
Signed-off-by: Matthew Ife <deleriux@airattack-central.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-11-03 09:11:43 -05:00
Chris PeBenito
9448ca6e07
restore removed aliases.
2009-11-02 08:48:58 -05:00
Eamon Walsh
5025a463cf
Drop the xserver_unprotected interface.
...
The motivation for this was xdm_t objects not getting cleaned up,
so the user session tried to interact with them. But since the
default user type is unconfined this problem has gone away for now.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-30 08:55:58 -04:00
Eamon Walsh
5242ecceac
X Object Manager policy revisions to xserver.if.
...
X Object Manager policy revisions to xserver.if.
This commit consists of two parts:
1. Revisions to xserver_object_types_template and
xserver_common_x_domain_template. This reflects the dropping
of many of the specific event, extension, and property types.
2. New interfaces:
xserver_manage_core_devices: Gives control over core mouse/keyboard.
xserver_unprotected: Allows all clients to access a domain's X objects.
Modified interfaces:
xserver_unconfined: Added x_domain typeattribute statement.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:26 -04:00
Eamon Walsh
f267f85390
X Object Manager policy revisions to xserver.te.
...
X Object Manager policy revisions to xserver.te.
This commit consists of three main parts:
1. Code movement. There were X object manager-related statements
scattered somewhat throughout the file; these have been consolidated,
which resulted in some other statements moving (e.g. iceauth_t).
2. Type changes. Many of the specific event, extension, and property
types have been dropped for the time being. The rootwindow_t and
remote_xclient_t types have been renamed, and a root_xcolormap_t
type has been (re-)added. This is for naming consistency.
An "xserver_unprotected" alias has been added for use in labeling
clients whose resources should be globally accessible (e.g. xdm_t).
3. Policy changes. These are mostly related to devices, which now have
separate x_keyboard and x_pointer classes. The "Hacks" section
has been cleaned up, and various other classes have had the default
permissions tweaked.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-28 10:03:22 -04:00
Chris PeBenito
b04669aaea
add tuned from miroslav grepl.
2009-10-26 09:42:11 -04:00
Chris PeBenito
a1a45de06e
reorganize a92ee50
2009-10-22 10:35:45 -04:00
Dominick Grift
a92ee50126
Implement screen-locking feature.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-22 10:33:05 -04:00
Chris PeBenito
808341bb9b
revise MCS constraints to use only MCS-specific attributes.
2009-10-07 11:48:14 -04:00
Chris PeBenito
4be8dd10b9
add seunshare from dan.
2009-09-28 15:40:06 -04:00
Chris PeBenito
5a6b1fe2b4
add dkim from stefan schulze frielinghaus.
2009-09-17 09:12:33 -04:00
Chris PeBenito
21b1d1096f
add gnomeclock from dan.
2009-09-16 08:38:58 -04:00
Chris PeBenito
ed70158a39
add rtkit from dan.
2009-09-15 09:53:24 -04:00
Chris PeBenito
1d3b9e384c
clean up xscreensaver.
2009-09-15 09:41:42 -04:00
corentin.labbe
31f9c109c1
SELinux xscreensaver policy support
...
Hello
This a patch for adding xscreensaver policy.
I think it need a specific policy because of the auth_domtrans_chk_passwd.
cordially
Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
2009-09-15 08:46:28 -04:00
Chris PeBenito
c141d835f1
add modemmanager from dan.
2009-09-14 09:48:13 -04:00
Chris PeBenito
e3a90e358a
add abrt from dan.
2009-09-14 09:22:24 -04:00
Chris PeBenito
6af53d08ed
rearrange readahead rules.
2009-09-09 09:53:28 -04:00