Dominick Grift
61d7ee58a4
Confine /sbin/cgclear.
...
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-09 08:47:15 -04:00
Dominick Grift
a0546c9d1c
System layer xml fixes.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:55 -04:00
Dominick Grift
288845a638
Services layer xml files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:29 -04:00
Chris PeBenito
97b990f86e
Fix corecmd_dontaudit_exec_all_executables doc.
2010-08-05 09:24:41 -04:00
Dominick Grift
705f70f098
Kernel layer xml fixes.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:08:07 -04:00
Chris PeBenito
19ff03977d
Fix usermanage_kill_passwd() parameter doc.
2010-08-05 08:56:31 -04:00
Dominick Grift
77e4b55f70
Admin layer xml fixes.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 08:46:44 -04:00
Dominick Grift
03b86663f0
apps: domain { allowed to transition, allowed access, to not audit }.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 08:20:59 -04:00
Chris PeBenito
8da88970be
Accountsd cleanup.
2010-08-03 09:50:40 -04:00
Chris PeBenito
d0eebed0b7
Move accountsd to services.
2010-08-03 09:31:53 -04:00
Jeremy Solt
c4834a02d2
accountsd policy from Dan Walsh
...
Edits:
- Removed accountsd_manage_var_lib
- Removed optional block for xserver - these interfaces didn't exist
- It looks like sys_ptrace is needed because it reads /proc/pid/loginuid
- Whitespace and style fixes
2010-08-03 09:27:24 -04:00
Chris PeBenito
a7ee7f819a
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 09:20:22 -04:00
Chris PeBenito
9d4395a736
MojoMojo from Lain Arnell.
2010-08-02 09:28:06 -04:00
Chris PeBenito
a72e42f485
Interface documentation standardization patch from Dan Walsh.
2010-08-02 09:22:09 -04:00
Chris PeBenito
27eeb649cc
Virtio disk file context update from Mika Pfluger.
2010-08-02 08:33:41 -04:00
Mika Pflüger
b3f7203d6a
Take virtio disks into account.
...
Signed-off-by: Mika Pflüger <debian@mikapflueger.de>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-08-02 08:25:14 -04:00
Chris PeBenito
64ef2df368
Module version bump for 5563d4c
.
2010-07-22 09:13:11 -04:00
Jeremy Solt
5563d4c4d8
Removing seutil_domtrans_setsebool from anaconda patch - it doesn't exist
2010-07-22 08:49:32 -04:00
Jeremy Solt
b0a6f1b7c2
anaconda patch from Dan Walsh
...
- Did not include the change to unconfined_domain_noaudit
2010-07-22 08:49:32 -04:00
Chris PeBenito
21fdee9dd5
Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
...
We went back and reread the bindreservport code in glibc.
Turns out the range or ports that this will reserve are 512-1024 rather
then 600-1024.
The code actually first tries to reserve a port from 600-1024 and if
they are ALL reserved will try 512-599.
So we need to change corenetwork to reflect this.
2010-07-19 14:22:44 -04:00
Chris PeBenito
29f3bfa464
Fix JIT usage for freshclam.
...
http://marc.info/?l=selinux&m=127893898208934&w=2
2010-07-13 08:39:54 -04:00
Dominick Grift
48c3c37cf2
Remove some redundant attributes from user_home_t.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-12 14:35:22 -04:00
Chris PeBenito
4b76ea5f51
Module version bump for fa1847f
.
2010-07-12 14:02:18 -04:00
Dominick Grift
fa1847f4a2
Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-09 09:43:04 -04:00
Chris PeBenito
f7ffe6c2a9
Add missing ubac constraints on pulseaudio.
2010-07-09 09:14:35 -04:00
Chris PeBenito
c14aebd032
Remove old rbacsep role statements.
2010-07-09 08:38:05 -04:00
Chris PeBenito
072857c425
VMWare patch from Dan Walsh.
2010-07-08 13:43:50 -04:00
Chris PeBenito
f1618ffc6f
Whitespace fix in userhelper.
2010-07-08 10:56:15 -04:00
Chris PeBenito
b70dfcdf8f
RPM patch from Dan Walsh.
2010-07-08 10:53:28 -04:00
Chris PeBenito
2d839c6791
Whitespace fixes in RPM.
2010-07-08 10:12:24 -04:00
Chris PeBenito
7e265a8abb
Add shutdown from Dan Walsh.
2010-07-07 11:10:56 -04:00
Chris PeBenito
b841dffda1
Add livecd from Dan Walsh.
2010-07-07 10:28:25 -04:00
Chris PeBenito
08690c84ad
Remove ethereal module since the application was renamed to wireshark due to trademark issues.
2010-07-07 09:31:57 -04:00
Chris PeBenito
3c4e9fce8e
Make spamassassin optional for milter, from Russell Coker.
2010-07-07 08:55:57 -04:00
Chris PeBenito
bca0cdb86e
Remove duplicate/redundant rules, from Russell Coker.
2010-07-07 08:41:20 -04:00
Chris PeBenito
1db1836ab9
Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role().
2010-07-06 13:17:05 -04:00
Chris PeBenito
a3b0dc5b3c
GPG patch from Dan Walsh.
2010-07-06 10:58:40 -04:00
Chris PeBenito
3bcfe5beb7
Usermanage patch from Dan Walsh.
...
Broken leaks of sockets
useradd runs semanage for -Z.
passwd_t needs sys_nice
useradd run within a samba_controler needs to append to the samba log.
2010-07-06 10:56:20 -04:00
Chris PeBenito
cad4224e8e
Guest patch from Dan Walsh.
...
Dominic asked to remove mono and java from guest_t
2010-07-06 08:35:56 -04:00
Chris PeBenito
ab62f3f1b1
Module version bump for a7521af
.
2010-07-01 10:48:11 -04:00
Jeremy Solt
a7521af67d
firstboot patch from Dan Walsh
...
- Did not include gnome_admin_home_gconf_filetrans
- Whitespace fixes
2010-07-01 10:36:31 -04:00
Dominick Grift
7e5463b58c
fix cgroup_admin
...
When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-01 09:02:58 -04:00
Chris PeBenito
caf1666dc1
Module version bump for 5f04c91
.
2010-06-29 11:26:16 -04:00
Jeremy Solt
5f04c91f30
gitosis patch from Dan Walsh
2010-06-29 11:25:37 -04:00
Chris PeBenito
ab4f820548
Module version bump for b5d89d0
.
2010-06-29 11:03:56 -04:00
Jeremy Solt
b5d89d0325
vpn patch from Dan Walsh
...
fixed gen_require in vpn_relabelfrom_tun_socket interface (wrong type)
removed userdom_read_home_certs (not in refpolicy)
2010-06-29 11:02:45 -04:00
Chris PeBenito
113d2e023d
Minor tweaks and module version bump for a00fc1c
.
2010-06-25 09:51:34 -04:00
Dominick Grift
a00fc1c317
hddtemp fixes.
...
Clean up network control section.
Implement hddtemp_etc_t for /etc/sysconfig/hddtemp. The advantages are:
- hddtemp_t no longer needs access to read all generic etc_t files.
- allows us to implement a meaningful hddtemp_admin()
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-25 09:43:54 -04:00
Chris PeBenito
0cec649be7
WM patch from Dan Walsh.
...
Window manager policy changes needed for MLS policy.
2010-06-25 09:00:19 -04:00
Chris PeBenito
3c79f954d1
Rearrage interfaces in filesystem.
2010-06-22 10:17:42 -04:00