Commit Graph

523 Commits

Author SHA1 Message Date
Lukas Vrabec
1199c87fda
Update also sources 2018-03-20 12:21:39 +01:00
Lukas Vrabec
8597119053
* Thu Mar 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-6
- Allow rpcd_t domain dac override
- Allow rpm domain to mmap rpm_var_lib_t files
- Allow arpwatch domain to create bluetooth sockets
- Allow secadm_t domain to mmap audit config and log files
- Update init_abstract_socket_activation() to allow also creating tcp sockets
- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain.
- Add SELinux support for systemd-importd
- Create new type bpf_t and label /sys/fs/bpf with this type
2018-03-15 20:41:40 +01:00
Lukas Vrabec
529a517a7a
* Mon Mar 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-5
- Allow bluetooth_t domain to create alg_socket BZ(1554410)
- Allow tor_t domain to execute bin_t files BZ(1496274)
- Allow iscsid_t domain to mmap kernel modules BZ(1553759)
- Update minidlna SELinux policy BZ(1554087)
- Allow motion_t domain to read sysfs_t files BZ(1554142)
- Allow snapperd_t domain to getattr on all files,dirs,sockets,pipes BZ(1551738)
- Allow l2tp_t domain to read ipsec config files BZ(1545348)
- Allow colord_t to mmap home user files BZ(1551033)
- Dontaudit httpd_t creating kobject uevent sockets BZ(1552536)
- Allow ipmievd_t to mmap kernel modules BZ(1552535)
- Allow boinc_t domain to read cgroup files BZ(1468381)
- Backport allow rules from refpolicy upstream repo
- Allow gpg_t domain to bind on all unereserved udp ports
- Allow systemd to create systemd_rfkill_var_lib_t dirs BZ(1502164)
- Allow netlabel_mgmt_t domain to read sssd public files, stream connect to sssd_t BZ(1483655)
- Allow xdm_t domain to sys_ptrace BZ(1554150)
- Allow application_domain_type also mmap inherited user temp files BZ(1552765)
- Update ipsec_read_config() interface
- Fix broken sysadm SELinux module
- Allow ipsec_t to search for bind cache BZ(1542746)
- Allow staff_t to send sigkill to mount_t domain BZ(1544272)
- Label /run/systemd/resolve/stub-resolv.conf as net_conf_t BZ(1471545)
- Label ip6tables.init as iptables_exec_t BZ(1551463)
- Allow hostname_t to use usb ttys BZ(1542903)
- Add fsetid capability to updpwd_t domain BZ(1543375)
- Allow systemd machined send signal to all domains BZ(1372644)
- Dontaudit create netlink selinux sockets for unpriv SELinux users BZ(1547876)
- Allow sysadm_t to create netlink generic sockets BZ(1547874)
- Allow passwd_t domain chroot
- Dontaudit confined unpriviliged users setuid capability
2018-03-12 17:20:32 +01:00
Lukas Vrabec
870fdbbf14
* Tue Mar 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-4
- Allow l2tpd_t domain to create pppox sockets
- Update dbus_system_bus_client() so calling domain could read also system_dbusd_var_lib_t link files BZ(1544251)
- Add interface abrt_map_cache()
- Update gnome_manage_home_config() to allow also map permission BZ(1544270)
- Allow oddjob_mkhomedir_t domain to be dbus system client BZ(1551770)
- Dontaudit kernel bug when several services requesting load kernel module
- Allow traceroute and unconfined domains creating sctp sockets
- Add interface corenet_sctp_bind_generic_node()
- Allow ping_t domain to create icmp sockets
- Allow staff_t to mmap abrt_var_cache_t BZ(1544273)
- Fix typo bug in dev_map_framebuffer() interface BZ(1551842)
- Dontaudit kernel bug when several services requesting load kernel module
2018-03-06 16:16:43 +01:00
Lukas Vrabec
47ee5f4780
Add forgotten sources file 2018-03-05 16:27:57 +01:00
Lukas Vrabec
5a5985a439 * Thu Feb 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-2
- refpolicy: Define extended_socket_class policy capability and socket classes
- Make bluetooth_var_lib_t as mountpoint BZ(1547416)
- Allow systemd to request load kernel module BZ(1547227)
- Allow ipsec_t domain to read l2tpd pid files
- Allow sysadm to read/write trace filesystem BZ(1547875)
- Allow syslogd_t to mmap systemd coredump tmpfs files BZ(1547761)
2018-02-22 15:13:02 +01:00
Lukas Vrabec
3256f1cc3b * Tue Feb 20 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-9
- Fix broken cups Security Module
- Allow dnsmasq_t domain dbus chat with unconfined users. BZ(1532079)
- Allow geoclue to connect to tcp nmea port BZ(1362118)
- Allow pcp_pmcd_t to read mock lib files BZ(1536152)
- Allow abrt_t domain to mmap passwd file BZ(1540666)
- Allow gpsd_t domain to get session id of another process BZ(1540584)
- Allow httpd_t domain to mmap httpd_tmpfs_t files BZ(1540405)
- Allow cluster_t dbus chat with systemd BZ(1540163)
- Add interface raid_stream_connect()
- Allow nscd_t to mmap nscd_var_run_t files BZ(1536689)
- Allow dovecot_delivery_t to mmap mail_home_rw_t files BZ(1531911)
- Make cups_pdf_t domain system dbusd client BZ(1532043)
- Allow logrotate to read auditd_log_t files BZ(1525017)
- Improve snapperd SELinux policy BZ(1514272)
- Allow virt_domain to read virt_image_t files BZ(1312572)
- Allow openvswitch_t stream connect svirt_t
- Update dbus_dontaudit_stream_connect_system_dbusd() interface
- Allow openvswitch domain to manage svirt_tmp_t sock files
- Allow named_filetrans_domain domains to create .heim_org.h5l.kcm-socket sock_file with label sssd_var_run_t BZ(1538210)
- Merge pull request #50 from dodys/pkcs
- Label tcp and udp ports 10110 as nmea_port_t BZ(1362118)
- Allow systemd to access rfkill lib dirs BZ(1539733)
- Allow systemd to mamange raid var_run_t sockfiles and files BZ(1379044)
- Allow vxfs filesystem to use SELinux labels
- Allow systemd to setattr on systemd_rfkill_var_lib_t dirs BZ(1512231)
- Allow few services to dbus chat with snapperd BZ(1514272)
- Allow systemd to relabel system unit symlink to systemd_unit_file_t. BZ(1535180)
- Fix logging as staff_u into Fedora 27
- Fix broken systemd_tmpfiles_run() interface
2018-02-20 09:25:14 +01:00
Lukas Vrabec
b22b1d1da0 * Thu Feb 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-7
- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
- Allow certmonger_t domain to access /etc/pki/pki-tomcat BZ(1542600)
- Allow keepalived_t domain getattr proc filesystem
- Allow init_t to create UNIX sockets for unconfined services (BZ1543049)
- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
2018-02-08 14:38:23 +01:00
Lukas Vrabec
00dcc13b60 * Tue Feb 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-6
- Allow openvswitch_t domain to read cpuid, write to sysfs files and creating openvswitch_tmp_t sockets
- Add new interface ppp_filetrans_named_content()
- Allow keepalived_t read sysctl_net_t files
- Allow puppetmaster_t domtran to puppetagent_t
- Allow kdump_t domain to read kernel ring buffer
- Allow boinc_t to mmap boinc tmpfs files BZ(1540816)
- Merge pull request #47 from masatake/keepalived-signal
- Allow keepalived_t create and write a file under /tmp
- Allow ipsec_t domain to exec ifconfig_exec_t binaries.
- Allow unconfined_domain_typ to create pppd_lock_t directory in /var/lock
- Allow updpwd_t domain to create files in /etc with shadow_t label
2018-02-06 09:58:08 +01:00
Lukas Vrabec
4b0a66cafc * Tue Jan 30 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-5
- Allow opendnssec daemon to execute ods-signer BZ(1537971)
2018-01-30 17:04:16 +01:00
Lukas Vrabec
e9c4389283 * Tue Jan 30 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-4
- rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems)
- Update dbus_role_template() BZ(1536218)
- Allow lldpad_t domain to mmap own tmpfs files BZ(1534119)
- Allow blueman_t dbus chat with policykit_t BZ(1470501)
- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t BZ(1507110)
- Allow postfix_master_t and postfix_local_t to connect to system dbus. BZ(1530275)
- Allow system_munin_plugin_t domain to read sssd public files and allow stream connect to ssd daemon BZ(1528471)
- Allow rkt_t domain to bind on rkt_port_t tcp BZ(1534636)
- Allow jetty_t domain to mmap own temp files BZ(1534628)
- Allow sslh_t domain to read sssd public files and stream connect to sssd. BZ(1534624)
- Consistently label usr_t for kernel/initrd in /usr
- kernel/files.fc: Label /usr/lib/sysimage as usr_t
- Allow iptables sysctl load list support with SELinux enforced
- Label HOME_DIR/.config/systemd/user/* user unit files as systemd_unit_file_t BZ(1531864)
2018-01-30 12:57:41 +01:00
Lukas Vrabec
e7bae02f22 * Fri Jan 19 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-3
- Merge pull request #45 from jlebon/pr/rot-sd-dbus-rawhide
- Allow virt_domains to acces infiniband pkeys.
- Allow systemd to relabelfrom tmpfs_t link files in /var/run/systemd/units/ BZ(1535180)
- Label /usr/libexec/ipsec/addconn as ipsec_exec_t to run this script as ipsec_t instead of init_t
- Allow audisp_remote_t domain write to files on all levels
2018-01-19 12:48:25 +01:00
Lukas Vrabec
de6ed4b466 Added missing container-selinux.tgz sources 2018-01-15 17:47:53 +01:00
Lukas Vrabec
72b2cda3a5 * Mon Jan 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-2
- Allow aide to mmap usr_t files BZ(1534182)
- Allow ypserv_t domain to connect to tcp ports BZ(1534245)
- Allow vmtools_t domain creating vmware_log_t files
- Allow openvswitch_t domain to acces infiniband devices
- Allow dirsrv_t domain to create tmp link files
- Allow pcp_pmie_t domain to exec itself. BZ(153326)
- Update openvswitch SELinux module
- Allow virtd_t to create also sock_files with label virt_var_run_t
- Allow chronyc_t domain to manage chronyd_keys_t files.
- Allow logwatch to exec journal binaries BZ(1403463)
- Allow sysadm_t and staff_t roles to manage user systemd services BZ(1531864)
- Update logging_read_all_logs to allow mmap all logfiles BZ(1403463)
- Add Label systemd_unit_file_t for /var/run/systemd/units/
2018-01-15 17:33:37 +01:00
Lukas Vrabec
22c9764fc4 Update new sources to reflect changes related to python3 dependency 2018-01-08 18:44:57 +01:00
Lukas Vrabec
51dc83b2d4 Commit removes big SELinux policy patches against tresys refpolicy.
We're quite diverted from upstream policy. This change will use tarballs
from github projects:
https://github.com/fedora-selinux/selinux-policy
https://github.com/fedora-selinux/selinux-policy-contrib
2018-01-08 18:28:27 +01:00
Dan Walsh
164fa392ee Fix config.tgz to include lxc_contexts and systemd_contexts 2013-11-14 11:05:22 -05:00
Miroslav Grepl
0f9b0de389 Upload new upstream sources 2013-11-13 15:27:57 +01:00
Miroslav Grepl
e4104d9fc0 Upload updated config.tgz 2013-11-12 12:22:03 +01:00
Miroslav Grepl
e5e41801b0 Upload new upstream sources 2013-01-08 11:50:45 +01:00
Miroslav Grepl
a270091f19 Make rawhide == f18 2012-12-17 17:21:00 +01:00
Miroslav Grepl
46a9c6067c * Thu Aug 2 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-0
- Update to upstream
2012-08-02 07:43:02 +02:00
Miroslav Grepl
d68342900a fix sources 2012-06-07 13:40:47 +02:00
Miroslav Grepl
e392eca2af Upload new sources 2012-06-06 16:09:49 +02:00
Miroslav Grepl
3f8c0984d4 Upload the right source file 2011-06-27 18:20:35 +02:00
Miroslav Grepl
ade486af72 Update to upstream 2011-06-27 18:02:16 +02:00
Miroslav Grepl
6726024e43 Update to upstream 2011-03-08 18:28:56 +00:00
Miroslav Grepl
7288282fd4 - Update to upstream 2011-02-16 18:45:08 +00:00
Dan Walsh
812781becc - Update to ref policy
- cgred needs chown capability
- Add /dev/crash crash_dev_t
2011-02-08 17:50:40 -05:00
Miroslav Grepl
86b1f12f92 - Update to upstream 2011-01-17 18:42:12 +00:00
Miroslav Grepl
d6c5f3679b Update to upstream 2010-12-20 17:43:48 +00:00
Miroslav Grepl
0ba6b243f7 - Update to upstream
- Fix version of policy in spec file
2010-12-15 11:03:25 +00:00
Miroslav Grepl
05f913e88b - Update to upstream
- Cleanup for sandbox
- Add attribute to be able to select sandbox types
2010-11-25 12:21:34 +00:00
Dan Walsh
f4eab7417d Remove bad tar ball from src 2010-11-16 10:59:45 -05:00
Miroslav Grepl
582d2c5d2c - Update to upstream
- Dontaudit leaked sockets from userdomains to user domains
- Fixes for mcelog to handle scripts
- Apply patch from Ruben Kerkhof
- Allow syslog to search spool dirs
2010-11-16 09:46:19 +01:00
Dan Walsh
3e0b7834a6 - Update to upstream
- Add vlock policy
2010-11-05 14:22:36 -04:00
Dan Walsh
06262c1566 - Update to upstream
- Add vlock policy
2010-11-05 12:40:07 -04:00
Dan Walsh
7a208696f9 - Dontaudit sandbox sending sigkill to all user domains
- Add policy for rssh_chroot_helper
- Add missing flask definitions
- Allow udev to relabelto removable_t
- Fix label on /var/log/wicd.log
- Transition to initrc_t from init when executing bin_t
- Add audit_access permissions to file
- Make removable_t a device_node
- Fix label on /lib/systemd/*
2010-10-28 15:55:48 -04:00
Dan Walsh
5a152bc135 - Update to upstream 2010-10-12 16:47:46 -04:00
Dan Walsh
6f934680a8 - Allow smbd to use sys_admin
- Remove duplicate file context for tcfmgr
- Update to upstream
2010-10-07 14:55:49 -04:00
Dan Walsh
a24e6a6700 - Update to upstream 2010-09-16 07:59:03 -04:00
Dan Walsh
a0e8efd42c - Update to upstream 2010-09-13 16:17:15 -04:00
Dan Walsh
64d84cf8ec Allow iptables to read shorewall tmp files
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
2010-09-08 14:17:07 -04:00
Dan Walsh
482c9f3ad9 - Merge upstream fix of mmap_zero
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
2010-09-02 13:43:28 -04:00
Dan Walsh
a7a2367a59 - Merge with upstream 2010-08-30 17:34:52 -04:00
Dan Walsh
6578cf7413 - More access needed for devicekit
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14 - Merge with upstream 2010-08-26 20:35:53 -04:00
Daniel J Walsh
7f5d8f30d0 - Update boinc policy
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
2010-07-27 17:28:04 +00:00
Daniel J Walsh
d66bec6356 - Update to latest policy 2010-07-20 17:48:36 +00:00
Daniel J Walsh
0f2ae00c61 - Update to upstream 2010-07-15 13:11:25 +00:00
Daniel J Walsh
6c42218d9d -Update to upstream 2010-06-28 17:19:34 +00:00
Daniel J Walsh
fa98e0ec52 -Update to upstream 2010-06-21 14:31:26 +00:00
Daniel J Walsh
5f371acada -Update to upstream 2010-06-18 20:14:28 +00:00
Daniel J Walsh
b39ccca147 - Update to upstream 2010-06-08 21:23:21 +00:00
Daniel J Walsh
632048ceb1 - Update to upstream
- Allow prelink script to signal itself
- Cobbler fixes
2010-06-07 21:15:35 +00:00
Daniel J Walsh
bc4089cfaa - Update to upstream 2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34 - Update to upstream 2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e - Merge with upstream 2010-02-16 22:10:14 +00:00
Daniel J Walsh
a62c6405cc - Lots of fixes found in F12 2010-02-02 16:41:03 +00:00
Daniel J Walsh
faec5c2a14 - Update to upstream 2010-01-18 22:40:25 +00:00
Daniel J Walsh
fc05ac0660 - Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
2010-01-11 22:06:55 +00:00
Daniel J Walsh
468fe0b647 - Update to upstream 2010-01-08 22:03:53 +00:00
Daniel J Walsh
b2ccd1a9c8 Update packages 2009-12-18 21:09:01 +00:00
Daniel J Walsh
9eef358da0 - Update to upstream release 2009-12-10 19:20:14 +00:00
Daniel J Walsh
f2a1dcd3d4 - Add asterisk policy back in
- Update to upstream release 2.20091117
2009-11-25 20:19:12 +00:00
Daniel J Walsh
ee88b050c5 - Add asterisk policy back in 2009-11-20 16:55:54 +00:00
Daniel J Walsh
55acbfd715 - Update to upstream release 2.20091117 2009-11-18 22:22:56 +00:00
Daniel J Walsh
5e44eb8657 - Update to upstream 2009-11-14 05:18:01 +00:00
Daniel J Walsh
69290fd9df - Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
ab8f807545 - More fixes 2009-09-09 21:08:02 +00:00
Daniel J Walsh
65c3f9a0a8 - Update to upsteam 2009-08-31 21:27:50 +00:00
Daniel J Walsh
faf9cbbc4b - Update to upstream 2009-08-28 20:55:16 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Daniel J Walsh
43fb726b4b - More fixes from upstream 2009-07-30 21:38:54 +00:00
Daniel J Walsh
c6e2224c70 - Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72 - Update to upstream 2009-07-28 19:08:17 +00:00
Daniel J Walsh
df7055d5b3 - Update to upstream 2009-07-23 21:47:41 +00:00
Daniel J Walsh
2360ff9f3f - Update to upstream 2009-07-15 19:12:04 +00:00
Daniel J Walsh
d9676a6ada - Update to upstream 2009-07-06 21:16:26 +00:00
Daniel J Walsh
7b16d569d8 - Update to upstream
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
a9f0953822 - Update to upstream
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40 - Update to upstream
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529 - Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
d54def1c6f - New version for upstream 2009-06-15 17:59:49 +00:00
Daniel J Walsh
d3ae977ab7 - New version for upstream 2009-06-12 18:59:09 +00:00
Daniel J Walsh
f3d2889157 - Update to upstream 2009-06-09 02:15:29 +00:00
Daniel J Walsh
ef7416c2b8 - Upgrade to upstream 2009-05-22 14:37:43 +00:00
Daniel J Walsh
2e917624ad - Upgrade to latest upstream
- Allow devicekit_disk sys_rawio
2009-04-08 11:58:59 +00:00
Daniel J Walsh
0e78af1c39 - Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream
2009-04-06 19:27:19 +00:00
Daniel J Walsh
9ca87fc9d8 - Fixes to allow svirt read iso files in homedir 2009-03-24 19:45:02 +00:00
Daniel J Walsh
5dce3c12f7 - Add xenner and wine fixes from mgrepl 2009-03-20 18:42:38 +00:00
Daniel J Walsh
b12011f2ab - Upgrade to latest upstream 2009-03-12 15:48:51 +00:00
Daniel J Walsh
a67a1c12aa - Upgrade to latest patches 2009-03-05 21:05:47 +00:00
Daniel J Walsh
8c3a31a48a - Update to Latest upstream 2009-03-03 20:10:30 +00:00
Daniel J Walsh
2eec438a0b - Re-add corenet_in_generic_if(unlabeled_t) 2009-02-16 22:54:22 +00:00
Daniel J Walsh
bd0db4f147 - Add setrans contains from upstream 2009-02-09 22:07:20 +00:00
Daniel J Walsh
c957c38343 - Upgrade to latest upstream 2009-02-04 04:02:17 +00:00
Daniel J Walsh
1d72fb031f - Update to upstream 2009-01-19 17:35:43 +00:00
Daniel J Walsh
292c49cacc - Update to upstream 2009-01-05 22:55:20 +00:00
Daniel J Walsh
b3f084a8c7 - Update to upstream 2009-01-05 22:35:32 +00:00
Daniel J Walsh
fce9b71022 - Fix labeling on /var/spool/rsyslog 2008-11-25 21:08:25 +00:00
Daniel J Walsh
02d888c766 - Fix labeling on /var/spool/rsyslog 2008-11-25 19:18:01 +00:00
Daniel J Walsh
49f48f4a99 - Policy cleanup 2008-10-17 22:03:34 +00:00
Daniel J Walsh
4125702a20 - Update to upstream 2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9 - Update to upstream 2008-10-11 23:57:43 +00:00
Daniel J Walsh
e0b9b8d38f - Update to upstream policy 2008-10-09 10:48:56 +00:00
Daniel J Walsh
f1a8278899 - Allow NetworkManager to transition to avahi and iptables
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:49:44 +00:00
Daniel J Walsh
d611f1191a - Upgrade to upstream 2008-09-26 12:38:56 +00:00
Daniel J Walsh
59571abd0d - Merge upstream changes
- Add Xavier Toth patches
2008-09-16 13:57:15 +00:00
Daniel J Walsh
8a482d67b3 - Merge upstream changes
- Add Xavier Toth patches
2008-09-12 20:36:21 +00:00
Daniel J Walsh
aca77a6f2d - Remove gamin policy 2008-09-08 21:01:42 +00:00
Daniel J Walsh
0a219fe07b - Update to upstream
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
7638e78556 - Allow ifconfig_t to read dhcpc_state_t 2008-08-26 14:46:43 +00:00
Daniel J Walsh
1a0f642074 - Update to upstream 2008-08-11 21:19:25 +00:00
Daniel J Walsh
b5d09d1532 - Update to upstream 2008-08-07 20:05:57 +00:00
Daniel J Walsh
0f1bd620e5 - Allow system-config-selinux to work with policykit 2008-08-07 12:22:07 +00:00
Daniel J Walsh
feefeee019 - Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t 2008-07-17 19:53:32 +00:00
Daniel J Walsh
af0f735167 - Update to upstream 2008-06-12 14:50:00 +00:00
Daniel J Walsh
9ed55bda90 - Merge Upstream 2008-05-30 20:27:06 +00:00
Daniel J Walsh
7fd4585229 - Merge Upstream 2008-05-23 20:05:34 +00:00
Daniel J Walsh
4b7f030014 Update for rawhide 2008-05-19 13:02:56 +00:00
Daniel J Walsh
c43b447f6f Update for rawhide 2008-05-19 13:01:59 +00:00
Daniel J Walsh
f75033d612 - Update to upstream fixes 2008-02-26 13:45:23 +00:00
Daniel J Walsh
5ca2ff99b6 - Add xace support 2008-02-22 20:32:52 +00:00
Daniel J Walsh
541ba8edec - Fixes from yum-cron
- Update to latest upstream
2008-02-20 18:52:50 +00:00
Daniel J Walsh
eb3e9fbc68 - Merge with upstream 2008-02-18 21:31:18 +00:00
Daniel J Walsh
57ac1cab83 - Update to upstream 2008-02-06 21:47:42 +00:00
Daniel J Walsh
b19d470cd4 - Update to upstream
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
Daniel J Walsh
2587107071 - Fix definiton of admin_home_t 2007-12-19 18:00:58 +00:00
Daniel J Walsh
f14d51e840 - Update to upstream 2007-12-13 21:40:00 +00:00
Daniel J Walsh
7dfe3eb3ef - Add polkit policy
- Symplify userdom context, remove automatic per_role changes
2007-12-11 06:08:33 +00:00
Daniel J Walsh
02654b8fb4 - Update to upstream
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:19:13 +00:00
Daniel J Walsh
9186dc57d9 - Remove user based home directory separation 2007-11-30 22:33:18 +00:00
Daniel J Walsh
6e70d63f52 - Remove user based home directory separation 2007-11-30 22:08:19 +00:00
Daniel J Walsh
965b62cceb - Merge with upstream
- Allow xsever to read hwdata_t
- Allow login programs to setkeycreate
2007-11-27 04:11:10 +00:00
Daniel J Walsh
7330e86b90 - Update to upstream 2007-11-10 14:14:41 +00:00
Daniel J Walsh
fa0d1c8884 - Update to upstream 2007-10-23 23:13:09 +00:00
Daniel J Walsh
bf76748359 - Allow cron to search nfs and samba homedirs 2007-09-18 15:09:11 +00:00
Daniel J Walsh
e8b5993e52 - Update an readd modules 2007-08-27 21:43:05 +00:00
Daniel J Walsh
77a22067be - Add setransd for mls policy 2007-08-22 14:46:21 +00:00
Daniel J Walsh
f9778219aa - Update from upstream 2007-08-03 19:53:44 +00:00
Daniel J Walsh
2fac1d6655 - Update with latest changes from upstream 2007-07-26 17:54:24 +00:00
Daniel J Walsh
297dd1a900 - Allow execution of gconf 2007-07-19 14:45:16 +00:00
Daniel J Walsh
af677794a8 - Default to user_u:system_r:unconfined_t 2007-07-03 19:20:47 +00:00
Daniel J Walsh
269acb5ee8 - Remove ifdef strict policy from upstream 2007-06-26 12:09:30 +00:00
Daniel J Walsh
56187c2f8a - Remove ifdef strict policy from upstream 2007-05-31 18:40:35 +00:00
Daniel J Walsh
346d2dccfd 2007-05-21 18:54:40 +00:00
Daniel J Walsh
8cd496f1d6 - Update to latest from upstream 2007-05-14 18:10:58 +00:00
Daniel J Walsh
daa6abe9e1 - Update to latest from upstream 2007-05-04 17:30:10 +00:00
Daniel J Walsh
8a3cefc9a6 - Update to latest from upstream 2007-05-04 17:14:04 +00:00
Daniel J Walsh
a615d5b893 - Update to latest from upstream 2007-05-02 02:53:14 +00:00
Daniel J Walsh
8fea836859 - Update to latest from upstream 2007-05-01 20:53:29 +00:00
Daniel J Walsh
8396b2dbd2 - Upstream bumped the version 2007-04-23 17:00:48 +00:00
Daniel J Walsh
a3b1a2c522 - Update to upstream 2007-04-11 20:55:28 +00:00
Daniel J Walsh
e441a1b48b - Update to upstream 2007-04-11 20:23:53 +00:00
Daniel J Walsh
8e5289e20b - Update to upstream 2007-04-02 19:53:16 +00:00
Daniel J Walsh
ce7f30a258 - Update to upstream 2007-04-02 15:17:45 +00:00
Daniel J Walsh
145e8d73ba - Allow samba to run groupadd 2007-03-23 17:31:13 +00:00
Daniel J Walsh
d3aabaedb4 2007-03-20 15:01:28 +00:00
Daniel J Walsh
2a9b648b37 - More of my patches from upstream 2007-03-11 05:19:36 +00:00
Daniel J Walsh
1fed4c745c - Update to latest from upstream
- Add fail2ban policy
2007-03-01 21:57:47 +00:00
Daniel J Walsh
5ad70cf38c - Update to remove security_t:filesystem getattr problems 2007-02-28 21:23:19 +00:00
Daniel J Walsh
b2ca43f5ca 2007-02-26 22:15:47 +00:00
Daniel J Walsh
fd5c324a94 2007-02-26 16:09:11 +00:00
Daniel J Walsh
af8af9caee 2007-02-26 15:06:22 +00:00
Daniel J Walsh
b7da3b9e3e - Add sepolgen support
- Add bugzilla policy
2007-02-20 17:35:59 +00:00
Daniel J Walsh
df0bef9ac0 - 2007-02-12 16:27:42 +00:00
Daniel J Walsh
e45f5d36d0 - Add ability to generate webadm_t policy
- Lots of new interfaces for httpd
- Allow sshd to login as unconfined_t
2007-01-25 19:07:00 +00:00
Daniel J Walsh
352de5d2ec - Begin adding user confinement to targeted policy 2007-01-22 18:15:16 +00:00
Daniel J Walsh
cc1462b7d0 - Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571
Resolves: #217611 Resolves: #217640 Resolves: #217725
2006-11-29 20:11:02 +00:00
Daniel J Walsh
9e4aeac9dd - Move to upstream version which accepted my patches 2006-11-17 19:21:40 +00:00
Daniel J Walsh
73ea8c2e4d - Update to upstream 2006-11-15 15:22:30 +00:00
Daniel J Walsh
d7e0f9fa0d - Merge with upstream 2006-11-06 21:15:57 +00:00
Daniel J Walsh
6672fcfbdd - Allow mount.nfs to work 2006-10-27 19:16:43 +00:00
Daniel J Walsh
3d011ff2e8 Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4
- Allow noxattrfs to associate with other noxattrfs
2006-10-23 20:54:50 +00:00
Daniel J Walsh
e2eecb7a01 - Refupdate from upstream 2006-10-19 15:52:02 +00:00
Daniel J Walsh
da08298372 - Update to upstream 2006-10-17 18:43:08 +00:00
Daniel J Walsh
f21d67baff - Patch for labeled networking 2006-10-03 18:47:06 +00:00
Daniel J Walsh
8fff699602 - Update to upstream 2006-09-29 19:19:18 +00:00
Daniel J Walsh
a76cf8a10b - Update with upstream 2006-09-26 14:59:58 +00:00
Daniel J Walsh
85bd855811 - Update from upstream 2006-09-22 20:41:12 +00:00
Daniel J Walsh
3f1bb62fc8 - Upgrade to upstream 2006-09-15 18:28:09 +00:00
Daniel J Walsh
937c1cc4df - Update from upstream 2006-09-06 18:29:35 +00:00
Daniel J Walsh
efb08979c0 - Update to upstream 2006-09-05 12:03:37 +00:00
Daniel J Walsh
928af41d8b - Update to upstream 2006-09-01 19:45:39 +00:00
Daniel J Walsh
06027c9ac0 - Upgrade to upstream 2006-08-30 20:59:51 +00:00
Daniel J Walsh
a5dcfa874f - Update to upstream 2006-08-23 20:42:38 +00:00
Daniel J Walsh
3559b5314e - Fixes for stunnel and postgresql
- Update from upstream
2006-08-20 15:11:37 +00:00
Daniel J Walsh
256cfc628c - Update from upstream
- More java fixes
2006-08-12 11:54:51 +00:00
Daniel J Walsh
8da541a5e6 - Quiet down anaconda audit messages 2006-08-08 20:40:36 +00:00
Daniel J Walsh
932c79f792 - Fix setroubleshootd 2006-08-08 00:26:46 +00:00
Daniel J Walsh
26202062d0 - Update to the latest from upstream 2006-08-04 22:58:10 +00:00
Daniel J Walsh
c62a78555a - Remove spamassassin_can_network boolean 2006-07-17 17:14:27 +00:00
Daniel J Walsh
8bee3a4a58 - Update to upstream 2006-07-09 09:51:33 +00:00
Daniel J Walsh
4a291ab8b9 - Update to upstream
- Add new class for kernel key ring
2006-06-22 19:16:49 +00:00
Daniel J Walsh
55d3b8c480 - Update to upstream 2006-06-22 01:15:06 +00:00
Daniel J Walsh
8df543a44d - Update to upstream 2006-06-21 14:01:45 +00:00
Daniel J Walsh
358335b9db - Update from Upstream 2006-06-14 15:48:59 +00:00
Daniel J Walsh
2616c66ff4 - Update to upstream 2006-06-13 18:26:00 +00:00
Daniel J Walsh
3004d53f75 - Update from upstream 2006-06-09 03:03:22 +00:00
Daniel J Walsh
43fe713171 - Update to upstream 2006-05-28 10:56:26 +00:00
Daniel J Walsh
e5e5095da5 - Upgrade to upstream 2006-05-20 12:01:14 +00:00
Daniel J Walsh
75d0fe4f47 - allow hal to read boot_t files
- Upgrade to upstream
2006-05-18 16:07:35 +00:00
Daniel J Walsh
f4d170770a - Update from upstream 2006-05-17 01:40:53 +00:00
Daniel J Walsh
52288bc69c - Update from upstream 2006-05-15 16:20:58 +00:00
Daniel J Walsh
a52275425c - Update to upstream 2006-05-08 19:26:49 +00:00
Daniel J Walsh
529f12c952 - Update to upstream 2006-05-04 17:39:16 +00:00
Daniel J Walsh
9aac41c7eb - Update to upstream 2006-05-01 18:41:55 +00:00
Daniel J Walsh
bbaa1f26d1 - Update to upstream
- Fix postun to only disable selinux on full removal of the packages
2006-04-25 11:03:12 +00:00
Daniel J Walsh
bc0bd84686 - Update to upstream
- Fix postun to only disable selinux on full removal of the packages
2006-04-25 10:59:33 +00:00
Daniel J Walsh
e1490d9794 - Update to latest from upstream
- Allow selinux-policy to be removed and kernel not to crash
2006-04-20 17:43:20 +00:00
Daniel J Walsh
c74f145e08 - Update to latest from upstream
- Add James Antill patch for xen
- Many fixes for pegasus
2006-04-19 12:10:10 +00:00
Daniel J Walsh
ca0597162d - Update to latest from upstream 2006-04-14 19:50:03 +00:00
Daniel J Walsh
c4826d0271 - Update to latest from upstream
- Allow mono and unconfined to talk to initrc_t dbus objects
2006-04-13 21:28:19 +00:00
Daniel J Walsh
5cbfde1710 - Allow secadm_t ability to relabel all files
- Allow ftp to search xferlog_t directories
- Allow mysql to communicate with ldap
- Allow rsync to bind to rsync_port_t
2006-04-11 20:59:57 +00:00
Daniel J Walsh
da5d600a11 - Update to upstream 2006-03-31 20:57:44 +00:00
Daniel J Walsh
bbe0ad9e91 - Update to upstream 2006-03-27 22:47:14 +00:00
Daniel J Walsh
5a014310cd - Update to upstream 2006-03-27 22:07:37 +00:00
Daniel J Walsh
bd3f0ea368 - Fix policyhelp 2006-03-24 16:44:06 +00:00
Daniel J Walsh
414d6d811a - Update to upstream 2006-03-21 19:46:10 +00:00
Daniel J Walsh
727bb2e4d1 - Update to upstream 2006-03-18 04:09:10 +00:00
Daniel J Walsh
21277d9d7a - Add hal changes suggested by Jeremy
- add policyhelp to point at policy html pages
2006-03-04 14:49:35 +00:00
Daniel J Walsh
575aa98fb7 - Update to upstream
- Merged my latest fixes
- Fix cups policy to handle unix domain sockets
2006-02-27 23:00:40 +00:00
Daniel J Walsh
701455e3c5 *** empty log message *** 2006-02-23 15:12:37 +00:00
Daniel J Walsh
585f827b55 *** empty log message *** 2006-02-22 22:46:02 +00:00
Daniel J Walsh
d5ae27dcc7 *** empty log message *** 2006-02-21 20:39:54 +00:00
Daniel J Walsh
31d4d26d94 *** empty log message *** 2006-02-21 15:36:15 +00:00
Daniel J Walsh
3debd0a982 *** empty log message *** 2006-02-20 22:11:40 +00:00
Daniel J Walsh
6e9bcb4a8d *** empty log message *** 2006-02-19 12:17:15 +00:00
Daniel J Walsh
c417f6b886 *** empty log message *** 2006-02-14 17:11:59 +00:00
Daniel J Walsh
32b8716cff *** empty log message *** 2006-02-13 15:55:10 +00:00
Daniel J Walsh
faa80bb2e1 *** empty log message *** 2006-02-11 02:41:50 +00:00
Daniel J Walsh
8f44abd336 *** empty log message *** 2006-02-09 13:56:52 +00:00
Daniel J Walsh
a3a62aba77 *** empty log message *** 2006-02-04 03:03:32 +00:00
Daniel J Walsh
de82d855b5 *** empty log message *** 2006-02-03 14:59:07 +00:00
Daniel J Walsh
681c9dc1a9 - Update to upstream
- Fix rhgb, and other Xorg startups
2006-01-31 00:35:32 +00:00
Daniel J Walsh
33253774cc - Update to upstream
- Fix rhgb
2006-01-28 04:52:34 +00:00
Daniel J Walsh
78265f434d - Update to upstream 2006-01-27 07:06:21 +00:00
Daniel J Walsh
e76babe5db - Update to upstream
- Put back in changes for pup/zen
2006-01-26 15:47:02 +00:00
Daniel J Walsh
7dc3bd1517 - Many changes for MLS
- Turn on strict policy
2006-01-25 16:45:54 +00:00
Daniel J Walsh
a3b5c300fa - Many changes for MLS
- Turn on strict policy
2006-01-24 21:47:16 +00:00
Daniel J Walsh
129ba16c5a - Update to upstream 2006-01-24 15:41:46 +00:00
Daniel J Walsh
30a020fcb8 - Update to upstream
- Turn off execheap execstack for unconfined users
- Add mono/wine policy to allow execheap and execstack for them
- Add execheap for Xdm policy
2006-01-19 19:10:47 +00:00
Daniel J Walsh
2a8b98eb12 - Update to upstream
- Turn off execheap execstack for unconfined users
- Add mono/wine policy to allow execheap and execstack for them
- Add execheap for Xdm policy
2006-01-19 19:08:33 +00:00
Daniel J Walsh
05207b6b63 - Update to upstream 2006-01-17 22:47:12 +00:00
Daniel J Walsh
2e71478caf - Update to upstream 2006-01-17 19:40:15 +00:00
Daniel J Walsh
cdab5cb3e1 - Update to upstream
- Fix ftp Man page
2006-01-17 03:55:13 +00:00
Daniel J Walsh
7ba8b0d5a8 - Update to upstream 2006-01-13 22:32:06 +00:00
Daniel J Walsh
64012806da - Update to upstream 2006-01-11 22:25:06 +00:00
Daniel J Walsh
26e33dff20 - Update to upstream 2006-01-09 20:20:08 +00:00
Daniel J Walsh
a04c1907ac - Handle new location of hal scripts 2006-01-06 13:56:31 +00:00
Daniel J Walsh
026fac633f - Update to upstream 2006-01-04 19:21:36 +00:00
Daniel J Walsh
1ef62fe126 - Add file context for /var/cvs
- Dontaudit webalizer search of homedir
2005-12-14 22:47:12 +00:00
Daniel J Walsh
504da9fea1 - Update from upstream
- Allow unconfined_t to transition to rpm_script_t
2005-12-13 22:13:21 +00:00
Daniel J Walsh
e24a8b160d - Fixes for hal
- Update to upstream
2005-12-13 04:53:03 +00:00
Daniel J Walsh
d4da533c32 - Update to upstream
- Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies
2005-12-10 05:19:29 +00:00
Daniel J Walsh
6f5a3bc6a7 - Update to upstream
- Turn off boolean allow_execstack
2005-12-08 21:56:50 +00:00
Daniel J Walsh
97bd2aa228 Add xdm policy 2005-12-08 05:02:10 +00:00
Daniel J Walsh
46a9067121 Update from upstream 2005-12-07 01:07:26 +00:00
Daniel J Walsh
913e479f74 Update from upstream 2005-12-06 17:44:30 +00:00
Daniel J Walsh
a1e07bd458 Update from upstream 2005-12-06 04:12:01 +00:00
Daniel J Walsh
caeef12f57 Update from upstream 2005-12-02 22:58:20 +00:00
Daniel J Walsh
bd7e86c379 - Fixes for dovecot and saslauthd 2005-12-01 18:16:50 +00:00
Daniel J Walsh
a0336204d8 - Cleanup pegasus and named
- Fix spec file
- Fix up passwd changing applications
2005-11-29 05:22:53 +00:00
Daniel J Walsh
598be154e8 -Update to latest from upstream 2005-11-23 17:11:44 +00:00
Daniel J Walsh
b33f08f453 - Add rules for pegasus and avahi 2005-11-22 22:46:58 +00:00
Daniel J Walsh
d77f56b9f2 - Start building MLS Policy 2005-11-22 18:59:41 +00:00
Daniel J Walsh
1a0a256c0c - Update to upstream 2005-11-18 21:35:08 +00:00
Daniel J Walsh
205d3ff11f - Turn on bash 2005-11-17 03:31:37 +00:00
Daniel J Walsh
f0b87c9d0c - Initial version 2005-11-16 03:43:46 +00:00
Daniel J Walsh
1580c873c7 auto-import selinux-policy-2.0.0-0.6 on branch devel from
selinux-policy-2.0.0-0.6.src.rpm
2005-11-14 23:22:29 +00:00
Daniel J Walsh
ecb5ec4af1 Setup of module selinux-policy 2005-11-14 23:22:09 +00:00