rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1,162 Commits 8 Branches 92 Tags 37 MiB
64f1ae7c43
Commit Graph

938 Commits

Author SHA1 Message Date
Daniel J Walsh
b11dbbb323 - Allow confined users to manace virt_content_t, since this is home dir 
content
- Allow all domains to read rpm_script_tmp_t which is what shell creates on
    redirection
 2009-04-27 18:56:58 +00:00
Daniel J Walsh
b0991a2dfd - Fix labeling on /var/lib/misc/prelink* 
- Allow xserver to rw_shm_perms with all x_clients
- Allow prelink to execute files in the users home directory
 2009-04-27 14:45:15 +00:00
Daniel J Walsh
89c9c9ae6a - Allow initrc_t to delete dev_null 
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
 2009-04-24 19:28:35 +00:00
Daniel J Walsh
eaaf2ab923 - Allow initrc_t to delete dev_null 
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
 2009-04-24 17:50:36 +00:00
Daniel J Walsh
dac8380cd0 - Allow initrc_t to delete dev_null 
- Allow readahead to configure auditing
 2009-04-24 13:17:08 +00:00
Daniel J Walsh
db0dafaaeb - Update to latest milter code from Paul Howarth 2009-04-24 11:53:55 +00:00
Daniel J Walsh
cd0a396413 - Update to latest milter code from Paul Howarth 2009-04-24 11:42:43 +00:00
Daniel J Walsh
5ce1c49771 - Additional perms for readahead 2009-04-24 04:09:22 +00:00
Daniel J Walsh
4d5adb716e - Allow pulseaudio to acquire_svc on session bus 
- Fix readahead labeling
 2009-04-23 14:48:46 +00:00
Daniel J Walsh
3c498a780b - Allow sshd to read var_lib symlinks for freenx 2009-04-22 19:18:30 +00:00
Daniel J Walsh
a32a1594b6 - Allow nsplugin unix_read and write on users shm and sem 
- Allow sysadm_t to execute su
 2009-04-21 20:31:51 +00:00
Daniel J Walsh
d982e7e091 - Fixes for podsleuth 2009-04-18 12:13:36 +00:00
Daniel J Walsh
dc00fc32b6 *** empty log message *** 2009-04-17 14:19:17 +00:00
Daniel J Walsh
6203f422e2 - Allow cupsd_t to create link files in print_spool_t 2009-04-16 15:14:26 +00:00
Daniel J Walsh
4a0aac139f - Allow audioentroy to read etc files 2009-04-15 12:03:09 +00:00
Daniel J Walsh
685032cae2 - Add fail2ban_var_lib_t 
- Fixes for devicekit_power_t
 2009-04-14 11:02:35 +00:00
Daniel J Walsh
d4af172a64 - Separate out the ucnonfined user from the unconfined.pp package 2009-04-11 12:30:22 +00:00
Daniel J Walsh
90e4193775 - Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t. 2009-04-08 13:18:20 +00:00
Daniel J Walsh
25a47636ae - Upgrade to latest upstream 
- Allow devicekit_disk sys_rawio
 2009-04-08 00:59:46 +00:00
Daniel J Walsh
510c2a3987 - Dontaudit binds to ports < 1024 for named 
- Upgrade to latest upstream
 2009-04-06 17:07:59 +00:00
Daniel J Walsh
04b6828096 - Allow podsleuth to use tmpfs files 2009-04-03 21:27:39 +00:00
Daniel J Walsh
80beeee40e - Add customizable_types for svirt 2009-04-03 19:25:21 +00:00
Daniel J Walsh
f49c57d5e6 - Allow setroubelshoot exec* privs to prevent crash from bad libraries 
- add cpufreqselector
 2009-04-03 14:45:58 +00:00
Daniel J Walsh
90ea5b3fef - Dontaudit listing of /root directory for cron system jobs 2009-04-02 15:23:58 +00:00
Daniel J Walsh
3434a9be73 - Fix missing ld.so.cache label 2009-03-30 16:06:48 +00:00
Daniel J Walsh
c0158a8c68 - Add label for ~/.forward and /root/.forward 2009-03-27 19:48:17 +00:00
Daniel J Walsh
6130d52b7c - Fixes for svirt 2009-03-27 00:01:52 +00:00
Daniel J Walsh
9ca87fc9d8 - Fixes to allow svirt read iso files in homedir 2009-03-24 19:45:02 +00:00
Daniel J Walsh
ec9800856c - Add xenner and wine fixes from mgrepl 2009-03-24 14:33:05 +00:00
Daniel J Walsh
5dce3c12f7 - Add xenner and wine fixes from mgrepl 2009-03-20 18:42:38 +00:00
Daniel J Walsh
bfc78b6af9 - Allow mdadm to read/write mls override 2009-03-18 19:34:57 +00:00
Daniel J Walsh
095146a89d - Change to svirt to only access svirt_image_t 2009-03-17 19:52:35 +00:00
Daniel J Walsh
d4b8dcf968 - Fix libvirt policy 2009-03-16 16:02:20 +00:00
Daniel J Walsh
b12011f2ab - Upgrade to latest upstream 2009-03-12 15:48:51 +00:00
Daniel J Walsh
c240b604f6 - Fixes for iscsid and sssd 
- More cleanups for upgrade from F10 to Rawhide.
 2009-03-11 20:25:16 +00:00
Daniel J Walsh
e72f55aac0 - Add pulseaudio, sssd policy 
- Allow networkmanager to exec udevadm
 2009-03-09 21:58:08 +00:00
Daniel J Walsh
0c34c69a38 - Add pulseaudio context 2009-03-09 16:18:51 +00:00
Daniel J Walsh
a67a1c12aa - Upgrade to latest patches 2009-03-05 21:05:47 +00:00
Daniel J Walsh
0a03cce02d - Fixes for libvirt 2009-03-04 19:41:16 +00:00
Daniel J Walsh
8c3a31a48a - Update to Latest upstream 2009-03-03 20:10:30 +00:00
Daniel J Walsh
496752533e - Further confinement of qemu images via svirt 2009-02-27 21:22:47 +00:00
Jesse Keating
150ff59c76 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-26 00:27:53 +00:00
Daniel J Walsh
52cbcb4196 - Allow NetworkManager to manage /etc/NetworkManager/system-connections 2009-02-20 01:07:59 +00:00
Daniel J Walsh
de67749970 - add virtual_image_context and virtual_domain_context files 2009-02-18 19:45:29 +00:00
Daniel J Walsh
8f6e4365ca - Allow rpcd_t to send signal to mount_t 
- Allow libvirtd to run ranged
 2009-02-18 14:27:36 +00:00
Daniel J Walsh
8c2b68a3e1 - Fix sysnet/net_conf_t 2009-02-17 16:21:42 +00:00
Daniel J Walsh
81794767c6 - Fix squidGuard labeling 2009-02-17 14:07:10 +00:00
Daniel J Walsh
2eec438a0b - Re-add corenet_in_generic_if(unlabeled_t) 2009-02-16 22:54:22 +00:00
Daniel J Walsh
e46e005f04 2009-02-11 20:40:13 +00:00
Daniel J Walsh
d43c255c87 UPdate policycorutils version 2009-02-10 16:10:28 +00:00
Daniel J Walsh
1d1c058a4e - Add git web policy 2009-02-10 16:08:36 +00:00
Daniel J Walsh
bd0db4f147 - Add setrans contains from upstream 2009-02-09 22:07:20 +00:00
Daniel J Walsh
4ed140a4b7 - Allow xdm to create user_tmp_t sockets for switch user to work 2009-02-09 14:23:24 +00:00
Daniel J Walsh
bc861e624e - Fix staff_t domain 2009-02-06 17:48:29 +00:00
Daniel J Walsh
73fe81bbab - Grab remainder of network_peer_controls patch 2009-02-05 13:44:44 +00:00
Daniel J Walsh
659e96fa65 - More fixes for devicekit 2009-02-04 16:24:43 +00:00
Daniel J Walsh
c957c38343 - Upgrade to latest upstream 2009-02-04 04:02:17 +00:00
Daniel J Walsh
574cab47f1 - Add boolean to disallow unconfined_t login 2009-02-03 15:26:10 +00:00
Daniel J Walsh
0554a10b80 - Add back transition from xguest to mozilla 2009-01-30 16:49:11 +00:00
Daniel J Walsh
ab3e55d79a - Add virt_content_ro_t and labeling for isos directory 2009-01-30 15:06:44 +00:00
Daniel J Walsh
2fbeb784fa - Fixes for wicd daemon 2009-01-28 22:23:18 +00:00
Daniel J Walsh
f899107d92 - Fixes for wicd daemon 2009-01-28 17:23:17 +00:00
Daniel J Walsh
48adbeae08 - More mls/rpm fixes 2009-01-26 16:21:59 +00:00
Daniel J Walsh
14c9b9cdc6 - Add policy to make dbus/nm-applet work 2009-01-23 20:35:45 +00:00
Daniel J Walsh
40dd24d39b - Remove polgen-ifgen from post and add trigger to policycoreutils-python 2009-01-22 20:10:48 +00:00
Daniel J Walsh
6f8856e9d4 - Add wm policy 
- Make mls work in graphics mode
 2009-01-21 22:49:23 +00:00
Daniel J Walsh
6cf32a1e8b - Add wm policy 
- Make mls work in graphics mode
 2009-01-21 21:22:11 +00:00
Daniel J Walsh
1b94a1375f - Add wm policy 2009-01-21 20:39:17 +00:00
Daniel J Walsh
2a4bdae89c - Fixed for DeviceKit 2009-01-21 16:17:40 +00:00
Daniel J Walsh
acc137684b - Add devicekit policy 2009-01-19 22:34:56 +00:00
Daniel J Walsh
1d72fb031f - Update to upstream 2009-01-19 17:35:43 +00:00
Daniel J Walsh
7b146db852 - Define openoffice as an x_domain 2009-01-19 14:28:24 +00:00
Daniel J Walsh
eacea1d45d - Define openoffice as an x_domain 2009-01-16 21:32:59 +00:00
Daniel J Walsh
339bf3bba8 - Fixes for reading xserver_tmp_t 2009-01-13 16:22:47 +00:00
Daniel J Walsh
87fb15321a - Allow cups_pdf_t write to nfs_t 2009-01-12 16:59:00 +00:00
Daniel J Walsh
2ed2ff46f8 - Remove audio_entropy policy 2009-01-06 14:46:21 +00:00
Daniel J Walsh
292c49cacc - Update to upstream 2009-01-05 22:55:20 +00:00
Daniel J Walsh
5df2628335 - Allow hal_acl_t to getattr/setattr fixed_disk 2009-01-04 19:45:03 +00:00
Daniel J Walsh
32363900ec - Change userdom_read_all_users_state to include reading symbolic links in 
/proc
 2008-12-27 13:06:14 +00:00
Daniel J Walsh
cf8fd9f0cc - Fix dbus reading /proc information 2008-12-22 22:51:28 +00:00
Daniel J Walsh
bae2e9888e - Add missing alias for home directory content 2008-12-22 19:35:46 +00:00
Daniel J Walsh
33c7eab541 - Fixes for IBM java location 2008-12-17 21:15:08 +00:00
Daniel J Walsh
dcd0c96f34 - Allow unconfined_r unconfined_java_t 2008-12-11 15:21:57 +00:00
Daniel J Walsh
fd2b62ea68 - Add cron_role back to user domains 2008-12-09 21:04:28 +00:00
Daniel J Walsh
9a43d2b055 - Fix sudo setting of user keys 2008-12-08 22:00:56 +00:00
Daniel J Walsh
163db10557 - Allow iptables to talk to terminals 
- Fixes for policy kit
- lots of fixes for booting.
 2008-12-08 16:38:09 +00:00
Daniel J Walsh
2ae1615a14 - Allow iptables to talk to terminals 
- Fixes for policy kit
- lots of fixes for booting.
 2008-12-04 21:43:55 +00:00
Daniel J Walsh
c136db3296 - Allow iptables to talk to terminals 2008-12-04 20:36:26 +00:00
Daniel J Walsh
01ce3df8a6 - Allow iptables to talk to terminals 2008-12-04 18:47:26 +00:00
Daniel J Walsh
bcb1922de7 - Cleanup policy 2008-12-03 23:40:18 +00:00
Daniel J Walsh
739db21a4a - Cleanup policy 2008-12-03 22:18:31 +00:00
Ignacio Vazquez-Abrams
23d6844939 Rebuild for Python 2.6 2008-12-01 15:00:41 +00:00
Daniel J Walsh
02d888c766 - Fix labeling on /var/spool/rsyslog 2008-11-25 19:18:01 +00:00
Daniel J Walsh
0d6e623017 - Allow postgresl to bind to udp nodes 2008-11-06 17:47:54 +00:00
Daniel J Walsh
2a650ea1aa - Allow lvm to dbus chat with hal 
- Allow rlogind to read nfs_t
 2008-11-05 22:21:30 +00:00
Daniel J Walsh
074b12f275 - Fix cyphesis file context 2008-11-05 20:34:06 +00:00
Daniel J Walsh
6a09cfb688 - Allow hal/pm-utils to look at /var/run/video.rom 
- Add ulogd policy
 2008-11-05 18:26:36 +00:00
Daniel J Walsh
411a424e1c - Additional fixes for cyphesis 
- Fix certmaster file context
- Add policy for system-config-samba
 2008-11-04 15:40:31 +00:00
Daniel J Walsh
333ebd64df - Allow dhcpc to restart ypbind 
- Fixup labeling in /var/run
 2008-11-03 21:09:40 +00:00
Daniel J Walsh
1bc89b8d4c - Fix confined users 
- Allow xguest to read/write xguest_dbusd_t
 2008-10-29 20:45:55 +00:00
Daniel J Walsh
2362056f7a - Fix confined users 
- Allow xguest to read/write xguest_dbusd_t
 2008-10-29 17:12:16 +00:00
Daniel J Walsh
812930ae8d - Allow openoffice execstack/execmem privs 2008-10-28 23:22:15 +00:00
Daniel J Walsh
d8e5d05b6e - Allow openoffice execstack/execmem privs 2008-10-28 20:06:14 +00:00
Daniel J Walsh
a3e038c1a1 - Allow openoffice execstack/execmem privs 2008-10-27 21:07:05 +00:00
Daniel J Walsh
4fa9db787c - Allow mozilla to run with unconfined_execmem_t 2008-10-25 11:14:56 +00:00
Daniel J Walsh
798a73de69 - Dontaudit domains trying to write to .xsession-errors 2008-10-24 13:41:09 +00:00
Daniel J Walsh
3281238148 - Allow nsplugin to look at autofs_t directory 2008-10-24 12:14:54 +00:00
Daniel J Walsh
de61cc7d10 - Allow kerneloops to create tmp files 2008-10-23 12:59:31 +00:00
Daniel J Walsh
ae68d97fe5 - More alias for fastcgi 2008-10-22 13:34:13 +00:00
Daniel J Walsh
236d3cc19a - Remove mod_fcgid-selinux package 2008-10-21 18:31:38 +00:00
Daniel J Walsh
b9e15d9766 - Fix dovecot access 2008-10-20 19:53:30 +00:00
Daniel J Walsh
49f48f4a99 - Policy cleanup 2008-10-17 22:03:34 +00:00
Daniel J Walsh
b4cab5a3eb - Remove Multiple spec 
- Add include
- Fix makefile to not call per_role_expansion
 2008-10-16 19:56:59 +00:00
Daniel J Walsh
6115689216 - Remove Multiple spec 
- Add include
- Fix makefile to not call per_role_expansion
 2008-10-16 17:28:39 +00:00
Daniel J Walsh
4b4392dd08 - Fix labeling of libGL 2008-10-15 21:32:30 +00:00
Daniel J Walsh
4125702a20 - Update to upstream 2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9 - Update to upstream 2008-10-11 23:57:43 +00:00
Daniel J Walsh
675bbabe24 - Update to upstream policy 2008-10-09 03:10:32 +00:00
Daniel J Walsh
1062bd3849 - Fixes for confined xwindows and xdm_t 2008-10-06 19:10:48 +00:00
Daniel J Walsh
86369ef439 - Allow confined users and xdm to exec wm 
- Allow nsplugin to talk to fifo files on nfs
 2008-10-03 20:11:22 +00:00
Daniel J Walsh
f1a8278899 - Allow NetworkManager to transition to avahi and iptables 
- Allow domains to search other domains keys, coverup kernel bug
 2008-10-03 15:49:44 +00:00
Daniel J Walsh
b42a1eddf9 - Allow domains to search other domains keys, coverup kernel bug 2008-10-03 15:07:40 +00:00
Daniel J Walsh
094ef3d610 - Fix labeling for oracle 2008-10-01 19:15:34 +00:00
Daniel J Walsh
2ede4ec7ba - Allow nsplugin to comminicate with xdm_tmp_t sock_file 2008-10-01 12:27:11 +00:00
Daniel J Walsh
99873745bf - Change all user tmpfs_t files to be labeled user_tmpfs_t 
- Allow radiusd to create sock_files
 2008-09-30 14:39:16 +00:00
Daniel J Walsh
b709ffd738 - Upgrade to upstream 2008-09-25 18:54:16 +00:00
Daniel J Walsh
ed32c64290 - Allow confined users to login with dbus 2008-09-23 20:14:47 +00:00
Daniel J Walsh
a80e7ac6a3 - Fix transition to nsplugin 2008-09-23 15:14:53 +00:00
Daniel J Walsh
d86efe56b9 - Fix transition to nsplugin 2008-09-22 20:07:59 +00:00
Daniel J Walsh
f0375d509e - Add file context for /dev/mspblk.* 2008-09-22 17:55:56 +00:00
Daniel J Walsh
f77dd2c9db - Fix transition to nsplugin ' 
Thu Sep 18 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes
 2008-09-22 12:33:03 +00:00
Daniel J Walsh
11ef2470b7 - Fix labeling on new pm*log 
- Allow ssh to bind to all nodes
 2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58 - Fix labeling on new pm*log 
- Allow ssh to bind to all nodes
 2008-09-18 19:34:12 +00:00
Daniel J Walsh
16c3ff1596 - Merge upstream changes 
- Add Xavier Toth patches
 2008-09-12 14:21:05 +00:00
Daniel J Walsh
aca77a6f2d - Remove gamin policy 2008-09-08 21:01:42 +00:00
Daniel J Walsh
d0d3073e2f - Add tinyxs-max file system support 2008-09-04 20:59:27 +00:00
Daniel J Walsh
0a219fe07b - Update to upstream 
- New handling of init scripts
 2008-09-03 20:16:35 +00:00
Daniel J Walsh
3ad3552b8a - Allow audit dispatcher to kill his children 2008-08-29 20:54:34 +00:00
Daniel J Walsh
cd8bee594b - Update to upstream 
- Fix crontab use by unconfined user
 2008-08-29 19:29:23 +00:00
Daniel J Walsh
7638e78556 - Allow ifconfig_t to read dhcpc_state_t 2008-08-26 14:46:43 +00:00
Daniel J Walsh
eb7e6dca5e - Allow ifconfig_t to read dhcpc_state_t 2008-08-13 19:24:36 +00:00
Daniel J Walsh
57ae10cc0d - Update to upstream 2008-08-12 15:06:36 +00:00
Daniel J Walsh
1a0f642074 - Update to upstream 2008-08-11 21:19:25 +00:00
Daniel J Walsh
b5d09d1532 - Update to upstream 2008-08-07 20:05:57 +00:00
Daniel J Walsh
0f1bd620e5 - Allow system-config-selinux to work with policykit 2008-08-07 12:22:07 +00:00
Daniel J Walsh
174291bc3e - Fix novel labeling 2008-08-05 20:49:34 +00:00
Daniel J Walsh
170fa29709 - Fix novel labeling 2008-08-01 16:38:49 +00:00
Daniel J Walsh
07bd5c4abb - Consolodate pyzor,spamassassin, razor into one security domain 
- Fix xdm requiring additional perms.
 2008-07-30 13:48:03 +00:00
Daniel J Walsh
8f2532e249 - Fixes for logrotate, alsa 2008-07-25 11:53:34 +00:00
Daniel J Walsh
f12d5b90db - Eliminate vbetool duplicate entry 2008-07-25 04:24:01 +00:00