Lukas Vrabec
b22b1d1da0
* Thu Feb 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-7
...
- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
- Allow certmonger_t domain to access /etc/pki/pki-tomcat BZ(1542600)
- Allow keepalived_t domain getattr proc filesystem
- Allow init_t to create UNIX sockets for unconfined services (BZ1543049)
- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
2018-02-08 14:38:23 +01:00
Lukas Vrabec
00dcc13b60
* Tue Feb 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-6
...
- Allow openvswitch_t domain to read cpuid, write to sysfs files and creating openvswitch_tmp_t sockets
- Add new interface ppp_filetrans_named_content()
- Allow keepalived_t read sysctl_net_t files
- Allow puppetmaster_t domtran to puppetagent_t
- Allow kdump_t domain to read kernel ring buffer
- Allow boinc_t to mmap boinc tmpfs files BZ(1540816)
- Merge pull request #47 from masatake/keepalived-signal
- Allow keepalived_t create and write a file under /tmp
- Allow ipsec_t domain to exec ifconfig_exec_t binaries.
- Allow unconfined_domain_typ to create pppd_lock_t directory in /var/lock
- Allow updpwd_t domain to create files in /etc with shadow_t label
2018-02-06 09:58:08 +01:00
Lukas Vrabec
4b0a66cafc
* Tue Jan 30 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-5
...
- Allow opendnssec daemon to execute ods-signer BZ(1537971)
2018-01-30 17:04:16 +01:00
Lukas Vrabec
e9c4389283
* Tue Jan 30 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-4
...
- rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems)
- Update dbus_role_template() BZ(1536218)
- Allow lldpad_t domain to mmap own tmpfs files BZ(1534119)
- Allow blueman_t dbus chat with policykit_t BZ(1470501)
- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t BZ(1507110)
- Allow postfix_master_t and postfix_local_t to connect to system dbus. BZ(1530275)
- Allow system_munin_plugin_t domain to read sssd public files and allow stream connect to ssd daemon BZ(1528471)
- Allow rkt_t domain to bind on rkt_port_t tcp BZ(1534636)
- Allow jetty_t domain to mmap own temp files BZ(1534628)
- Allow sslh_t domain to read sssd public files and stream connect to sssd. BZ(1534624)
- Consistently label usr_t for kernel/initrd in /usr
- kernel/files.fc: Label /usr/lib/sysimage as usr_t
- Allow iptables sysctl load list support with SELinux enforced
- Label HOME_DIR/.config/systemd/user/* user unit files as systemd_unit_file_t BZ(1531864)
2018-01-30 12:57:41 +01:00
Lukas Vrabec
e7bae02f22
* Fri Jan 19 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-3
...
- Merge pull request #45 from jlebon/pr/rot-sd-dbus-rawhide
- Allow virt_domains to acces infiniband pkeys.
- Allow systemd to relabelfrom tmpfs_t link files in /var/run/systemd/units/ BZ(1535180)
- Label /usr/libexec/ipsec/addconn as ipsec_exec_t to run this script as ipsec_t instead of init_t
- Allow audisp_remote_t domain write to files on all levels
2018-01-19 12:48:25 +01:00
Lukas Vrabec
de6ed4b466
Added missing container-selinux.tgz sources
2018-01-15 17:47:53 +01:00
Lukas Vrabec
72b2cda3a5
* Mon Jan 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-2
...
- Allow aide to mmap usr_t files BZ(1534182)
- Allow ypserv_t domain to connect to tcp ports BZ(1534245)
- Allow vmtools_t domain creating vmware_log_t files
- Allow openvswitch_t domain to acces infiniband devices
- Allow dirsrv_t domain to create tmp link files
- Allow pcp_pmie_t domain to exec itself. BZ(153326)
- Update openvswitch SELinux module
- Allow virtd_t to create also sock_files with label virt_var_run_t
- Allow chronyc_t domain to manage chronyd_keys_t files.
- Allow logwatch to exec journal binaries BZ(1403463)
- Allow sysadm_t and staff_t roles to manage user systemd services BZ(1531864)
- Update logging_read_all_logs to allow mmap all logfiles BZ(1403463)
- Add Label systemd_unit_file_t for /var/run/systemd/units/
2018-01-15 17:33:37 +01:00
Lukas Vrabec
22c9764fc4
Update new sources to reflect changes related to python3 dependency
2018-01-08 18:44:57 +01:00
Lukas Vrabec
51dc83b2d4
Commit removes big SELinux policy patches against tresys refpolicy.
...
We're quite diverted from upstream policy. This change will use tarballs
from github projects:
https://github.com/fedora-selinux/selinux-policy
https://github.com/fedora-selinux/selinux-policy-contrib
2018-01-08 18:28:27 +01:00
Dan Walsh
164fa392ee
Fix config.tgz to include lxc_contexts and systemd_contexts
2013-11-14 11:05:22 -05:00
Miroslav Grepl
0f9b0de389
Upload new upstream sources
2013-11-13 15:27:57 +01:00
Miroslav Grepl
e4104d9fc0
Upload updated config.tgz
2013-11-12 12:22:03 +01:00
Miroslav Grepl
e5e41801b0
Upload new upstream sources
2013-01-08 11:50:45 +01:00
Miroslav Grepl
a270091f19
Make rawhide == f18
2012-12-17 17:21:00 +01:00
Miroslav Grepl
46a9c6067c
* Thu Aug 2 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-0
...
- Update to upstream
2012-08-02 07:43:02 +02:00
Miroslav Grepl
d68342900a
fix sources
2012-06-07 13:40:47 +02:00
Miroslav Grepl
e392eca2af
Upload new sources
2012-06-06 16:09:49 +02:00
Miroslav Grepl
3f8c0984d4
Upload the right source file
2011-06-27 18:20:35 +02:00
Miroslav Grepl
ade486af72
Update to upstream
2011-06-27 18:02:16 +02:00
Miroslav Grepl
6726024e43
Update to upstream
2011-03-08 18:28:56 +00:00
Miroslav Grepl
7288282fd4
- Update to upstream
2011-02-16 18:45:08 +00:00
Dan Walsh
812781becc
- Update to ref policy
...
- cgred needs chown capability
- Add /dev/crash crash_dev_t
2011-02-08 17:50:40 -05:00
Miroslav Grepl
86b1f12f92
- Update to upstream
2011-01-17 18:42:12 +00:00
Miroslav Grepl
d6c5f3679b
Update to upstream
2010-12-20 17:43:48 +00:00
Miroslav Grepl
0ba6b243f7
- Update to upstream
...
- Fix version of policy in spec file
2010-12-15 11:03:25 +00:00
Miroslav Grepl
05f913e88b
- Update to upstream
...
- Cleanup for sandbox
- Add attribute to be able to select sandbox types
2010-11-25 12:21:34 +00:00
Dan Walsh
f4eab7417d
Remove bad tar ball from src
2010-11-16 10:59:45 -05:00
Miroslav Grepl
582d2c5d2c
- Update to upstream
...
- Dontaudit leaked sockets from userdomains to user domains
- Fixes for mcelog to handle scripts
- Apply patch from Ruben Kerkhof
- Allow syslog to search spool dirs
2010-11-16 09:46:19 +01:00
Dan Walsh
3e0b7834a6
- Update to upstream
...
- Add vlock policy
2010-11-05 14:22:36 -04:00
Dan Walsh
06262c1566
- Update to upstream
...
- Add vlock policy
2010-11-05 12:40:07 -04:00
Dan Walsh
7a208696f9
- Dontaudit sandbox sending sigkill to all user domains
...
- Add policy for rssh_chroot_helper
- Add missing flask definitions
- Allow udev to relabelto removable_t
- Fix label on /var/log/wicd.log
- Transition to initrc_t from init when executing bin_t
- Add audit_access permissions to file
- Make removable_t a device_node
- Fix label on /lib/systemd/*
2010-10-28 15:55:48 -04:00
Dan Walsh
5a152bc135
- Update to upstream
2010-10-12 16:47:46 -04:00
Dan Walsh
6f934680a8
- Allow smbd to use sys_admin
...
- Remove duplicate file context for tcfmgr
- Update to upstream
2010-10-07 14:55:49 -04:00
Dan Walsh
a24e6a6700
- Update to upstream
2010-09-16 07:59:03 -04:00
Dan Walsh
a0e8efd42c
- Update to upstream
2010-09-13 16:17:15 -04:00
Dan Walsh
64d84cf8ec
Allow iptables to read shorewall tmp files
...
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
2010-09-08 14:17:07 -04:00
Dan Walsh
482c9f3ad9
- Merge upstream fix of mmap_zero
...
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
2010-09-02 13:43:28 -04:00
Dan Walsh
a7a2367a59
- Merge with upstream
2010-08-30 17:34:52 -04:00
Dan Walsh
6578cf7413
- More access needed for devicekit
...
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14
- Merge with upstream
2010-08-26 20:35:53 -04:00
Daniel J Walsh
7f5d8f30d0
- Update boinc policy
...
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
2010-07-27 17:28:04 +00:00
Daniel J Walsh
d66bec6356
- Update to latest policy
2010-07-20 17:48:36 +00:00
Daniel J Walsh
0f2ae00c61
- Update to upstream
2010-07-15 13:11:25 +00:00
Daniel J Walsh
6c42218d9d
-Update to upstream
2010-06-28 17:19:34 +00:00
Daniel J Walsh
fa98e0ec52
-Update to upstream
2010-06-21 14:31:26 +00:00
Daniel J Walsh
5f371acada
-Update to upstream
2010-06-18 20:14:28 +00:00
Daniel J Walsh
b39ccca147
- Update to upstream
2010-06-08 21:23:21 +00:00
Daniel J Walsh
632048ceb1
- Update to upstream
...
- Allow prelink script to signal itself
- Cobbler fixes
2010-06-07 21:15:35 +00:00
Daniel J Walsh
bc4089cfaa
- Update to upstream
2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34
- Update to upstream
2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e
- Merge with upstream
2010-02-16 22:10:14 +00:00
Daniel J Walsh
a62c6405cc
- Lots of fixes found in F12
2010-02-02 16:41:03 +00:00
Daniel J Walsh
faec5c2a14
- Update to upstream
2010-01-18 22:40:25 +00:00
Daniel J Walsh
fc05ac0660
- Move users file to selection by spec file.
...
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
2010-01-11 22:06:55 +00:00
Daniel J Walsh
468fe0b647
- Update to upstream
2010-01-08 22:03:53 +00:00
Daniel J Walsh
b2ccd1a9c8
Update packages
2009-12-18 21:09:01 +00:00
Daniel J Walsh
9eef358da0
- Update to upstream release
2009-12-10 19:20:14 +00:00
Daniel J Walsh
f2a1dcd3d4
- Add asterisk policy back in
...
- Update to upstream release 2.20091117
2009-11-25 20:19:12 +00:00
Daniel J Walsh
ee88b050c5
- Add asterisk policy back in
2009-11-20 16:55:54 +00:00
Daniel J Walsh
55acbfd715
- Update to upstream release 2.20091117
2009-11-18 22:22:56 +00:00
Daniel J Walsh
5e44eb8657
- Update to upstream
2009-11-14 05:18:01 +00:00
Daniel J Walsh
69290fd9df
- Update to upstream
...
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
ab8f807545
- More fixes
2009-09-09 21:08:02 +00:00
Daniel J Walsh
65c3f9a0a8
- Update to upsteam
2009-08-31 21:27:50 +00:00
Daniel J Walsh
faf9cbbc4b
- Update to upstream
2009-08-28 20:55:16 +00:00
Daniel J Walsh
40243d944f
- Allow cupsd_config_t to be started by dbus
...
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5
- Add policycoreutils-python to pre install
2009-08-18 12:34:26 +00:00
Daniel J Walsh
43fb726b4b
- More fixes from upstream
2009-07-30 21:38:54 +00:00
Daniel J Walsh
c6e2224c70
- Fix polkit label
...
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72
- Update to upstream
2009-07-28 19:08:17 +00:00
Daniel J Walsh
df7055d5b3
- Update to upstream
2009-07-23 21:47:41 +00:00
Daniel J Walsh
2360ff9f3f
- Update to upstream
2009-07-15 19:12:04 +00:00
Daniel J Walsh
d9676a6ada
- Update to upstream
2009-07-06 21:16:26 +00:00
Daniel J Walsh
7b16d569d8
- Update to upstream
...
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
a9f0953822
- Update to upstream
...
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40
- Update to upstream
...
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529
- Update to upstream
...
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
d54def1c6f
- New version for upstream
2009-06-15 17:59:49 +00:00
Daniel J Walsh
d3ae977ab7
- New version for upstream
2009-06-12 18:59:09 +00:00
Daniel J Walsh
f3d2889157
- Update to upstream
2009-06-09 02:15:29 +00:00
Daniel J Walsh
ef7416c2b8
- Upgrade to upstream
2009-05-22 14:37:43 +00:00
Daniel J Walsh
2e917624ad
- Upgrade to latest upstream
...
- Allow devicekit_disk sys_rawio
2009-04-08 11:58:59 +00:00
Daniel J Walsh
0e78af1c39
- Dontaudit binds to ports < 1024 for named
...
- Upgrade to latest upstream
2009-04-06 19:27:19 +00:00
Daniel J Walsh
9ca87fc9d8
- Fixes to allow svirt read iso files in homedir
2009-03-24 19:45:02 +00:00
Daniel J Walsh
5dce3c12f7
- Add xenner and wine fixes from mgrepl
2009-03-20 18:42:38 +00:00
Daniel J Walsh
b12011f2ab
- Upgrade to latest upstream
2009-03-12 15:48:51 +00:00
Daniel J Walsh
a67a1c12aa
- Upgrade to latest patches
2009-03-05 21:05:47 +00:00
Daniel J Walsh
8c3a31a48a
- Update to Latest upstream
2009-03-03 20:10:30 +00:00
Daniel J Walsh
2eec438a0b
- Re-add corenet_in_generic_if(unlabeled_t)
2009-02-16 22:54:22 +00:00
Daniel J Walsh
bd0db4f147
- Add setrans contains from upstream
2009-02-09 22:07:20 +00:00
Daniel J Walsh
c957c38343
- Upgrade to latest upstream
2009-02-04 04:02:17 +00:00
Daniel J Walsh
1d72fb031f
- Update to upstream
2009-01-19 17:35:43 +00:00
Daniel J Walsh
292c49cacc
- Update to upstream
2009-01-05 22:55:20 +00:00
Daniel J Walsh
b3f084a8c7
- Update to upstream
2009-01-05 22:35:32 +00:00
Daniel J Walsh
fce9b71022
- Fix labeling on /var/spool/rsyslog
2008-11-25 21:08:25 +00:00
Daniel J Walsh
02d888c766
- Fix labeling on /var/spool/rsyslog
2008-11-25 19:18:01 +00:00
Daniel J Walsh
49f48f4a99
- Policy cleanup
2008-10-17 22:03:34 +00:00
Daniel J Walsh
4125702a20
- Update to upstream
2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9
- Update to upstream
2008-10-11 23:57:43 +00:00
Daniel J Walsh
e0b9b8d38f
- Update to upstream policy
2008-10-09 10:48:56 +00:00