Commit Graph

33 Commits

Author SHA1 Message Date
Miroslav Grepl
7eb3be8dd0 Update config.tgz to reflect changes in default context for SELinux users related to pam_selinux.so which is now used in systemd-users. 2015-09-17 08:34:47 +02:00
Dan Walsh
f1ed4e46ca Add /etc/selinux/targeted/contexts/openssh_contexts 2015-01-03 08:44:45 -05:00
Miroslav Grepl
2397102af8 - Allow freeipmi_ipmidetectd_t to use freeipmi port
- Update freeipmi_domain_template()
- Allow journalctl running as ABRT to read /run/log/journal
- Allow NM to read dispatcher.d directory
- Update freeipmi policy
- Type transitions with a filename not allowed inside conditionals
- Allow tor to bind to hplip port
- Make new type to texlive files in homedir
- Allow zabbix_agent to transition to dmidecode
- Add rules for docker
- Allow sosreport to send signull to unconfined_t
- Add virt_noatsecure and virt_rlimitinh interfaces
- Fix labeling in thumb.fc to add support for /usr/lib64/tumbler-1/tumblerddd support for freeipm
- Add sysadm_u_default_contexts
- Add logging_read_syslog_pid()
- Fix userdom_manage_home_texlive() interface
- Make new type to texlive files in homedir
- Add filename transitions for /run and /lock links
- Allow virtd to inherit rlimit information
2013-12-12 17:23:54 +01:00
Dan Walsh
025a8d6267 Add back correct lxc_contexts and systemd_contexts 2013-11-14 11:03:00 -05:00
Miroslav Grepl
2918baa1a7 Update config.tgz to make cronjob running in userdomain on MLS system 2013-11-11 22:09:41 +01:00
Dan Walsh
d11521e32b Do remove regardless. Update config.tgz with new labels for virt. 2013-11-01 12:09:39 -04:00
Dan Walsh
af7d966e90 Add new labels for qemu and kvm processes to lxc_contexts file 2013-10-29 13:27:31 -04:00
Miroslav Grepl
d483b64c69 Add systemd_contexts to config.tgz 2013-10-25 10:19:17 +02:00
Dan Walsh
973ebb8068 Need to create the policy.kern symbolic link in the shipping policy.
This patch needs to be pushed into RHEL7.  It fixes a blocker bug.
2013-10-11 16:07:22 -04:00
Dan Walsh
824da7f0f1 fix added systemd_contexts to config.tgz 2013-10-04 09:47:42 -04:00
Dan Walsh
5a1e3fe21c add systemd_contexts to config.tgz 2013-10-04 09:44:19 -04:00
Miroslav Grepl
05e00dcdfc * Wed Oct 2 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-85
- Fix lxc labeling in config.tgz
2013-10-02 21:39:51 +02:00
Dan Walsh
5ffaf30661 Add svirt_kvm_net_t to lxc_contexts file 2013-09-30 12:15:39 -04:00
Dan Walsh
381d00a4ba Add svirt_kvm_net_t to lxc_contexts file 2013-09-30 11:11:07 -04:00
Dan Walsh
d5f07ab6fb Add new labels for lxc domains 2013-09-25 16:37:56 -04:00
Dan Walsh
b03c8659de Only build the sandbox.pp file for targeted 2013-09-25 12:53:36 -04:00
Dan Walsh
0d477c9190 Update lxc_contexts with newer labels for virt-sandbox 2013-09-11 13:37:12 -04:00
Dan Walsh
cffdc1cb99 Allow block_suspend cap for samba-net
- Allow t-mission-control to manage gabble cache files
- Allow nslcd to read /sys/devices/system/cpu
- Allow selinux_store to use symlinks
- Allow xdm_t to transition to itself
- Call neutron interfaces instead of quantum
- Allow init to change targed role to make uncofined services (xrdp which now has own systemd unit file) working. We want them to have in unconfined_t
- Make sure directories in /run get created with the correct label
- Make sure /root/.pki gets created with the right label
- try to remove labeling for motion from zoneminder_exec_t to bin_t
- Allow inetd_t to execute shell scripts
- Allow cloud-init to read all domainstate
- Fix to use quantum port
- Add interface netowrkmanager_initrc_domtrans
- Fix boinc_execmem
- Allow t-mission-control to read gabble cache home
- Add labeling for ~/.cache/telepathy/avatars/gabble
- Allow memcache to read sysfs data
- Cleanup antivirus policy and add additional fixes
- Add boolean boinc_enable_execstack
- Add support for couchdb in rabbitmq policy
- Add interface couchdb_search_pid_dirs
- Allow firewalld to read NM state
- Allow systemd running as git_systemd to bind git port
- Fix mozilla_plugin_rw_tmpfs_files()
2013-09-11 08:31:18 -04:00
Dan Walsh
3f48339246 Add more definitions to lxc_contexts file for other types of sandboxes 2013-09-11 08:28:02 -04:00
Dan Walsh
79355670f4 Bump required versions for tool chain. 2013-02-13 09:24:21 -05:00
Dan Walsh
d4e203ba2f Remove unconfined_u content from appconfig-mls 2013-02-05 08:22:13 -05:00
Miroslav Grepl
a270091f19 Make rawhide == f18 2012-12-17 17:21:00 +01:00
Miroslav Grepl
7efcb84ab9 update selinux-policy.spec file 2012-06-07 13:27:36 +02:00
Miroslav Grepl
922fd7b529 Update config.tgz 2012-06-07 11:56:08 +02:00
Miroslav Grepl
24c1488494 Update modules-* files 2012-06-06 15:43:16 +02:00
Miroslav Grepl
4a27edfbeb Sync master with F17 2012-06-06 15:25:27 +02:00
Dan Walsh
05c3d969d7 Add lxc context definitions 2012-04-17 13:07:16 -04:00
Dan Walsh
8872d3d2ac MCS fixes
quota fixes
2011-11-04 13:31:43 -04:00
Dan Walsh
5717c509f3 change qemu_t to svirt_t in mls config file virtual machines, remove config data 2011-11-03 11:29:41 -04:00
Miroslav Grepl
a34c78a0fd - Add sepgsql_contexts file 2011-01-18 10:28:56 +00:00
Miroslav Grepl
923aa2ad32 - Update config.tgz 2011-01-17 19:38:54 +00:00
Daniel J Walsh
7f5d8f30d0 - Update boinc policy
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
2010-07-27 17:28:04 +00:00
Daniel J Walsh
487de6f251 - Add icecast policy
- Cleanup spec file
2010-02-08 22:06:23 +00:00