rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4,962 Commits 8 Branches 95 Tags 37 MiB
79355670f4
Commit Graph

4962 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
faf9cbbc4b - Update to upstream 2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f - Remove polkit_auth on upgrades 2009-08-28 18:56:15 +00:00
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template 
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
 2009-08-28 13:29:36 -04:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp 
- Add Sandbox unshare
 2009-08-26 20:19:02 +00:00
Chris PeBenito
fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Daniel J Walsh
07c04f81b6 - Add back in unconfined.pp and unconfineduser.pp 2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337 - Fixes for cdrecord, mdadm, and others 2009-08-26 12:12:39 +00:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
dbb7dd9484 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Daniel J Walsh
7078554d07 - Add capability setting to dhcpc and gpm 2009-08-24 13:09:08 +00:00
Daniel J Walsh
d6f79017f2 - Add capability setting to dhcpc and gpm 2009-08-23 17:39:51 +00:00
Daniel J Walsh
080ce6f2c8 - Add capability setting to dhcpc and gpm 2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393 - Allow cronjobs to read exim_spool_t 2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce - Fix system-config-services policy 2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac - Allow libvirt to change user componant of virt_domain 2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus 
- Add smoltclient policy
 2009-08-18 22:43:34 +00:00
Daniel J Walsh
7a5e03cc74 - Allow cupsd_config_t to be started by dbus 
- Add smoltclient policy
 2009-08-18 22:29:11 +00:00
Chris PeBenito
0484277038 reorganize dbus.fc. 2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1 Gentoo dbus in libexec 2009-08-18 13:13:40 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
LABBE Corentin
58cc9903dd Missing comma in policykit 2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr. 
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
 2009-08-18 09:49:31 -04:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t. 
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
 2009-08-17 13:19:26 -04:00
Chris PeBenito
0bf2bc9156 Fix Makefile info message for installing policy headers 
The Makefile is currently using the policy TYPE (standard|mls|mcs) rather
than the more informative NAME (eg strict, targeted, etc).  Fix the Makefile
to use NAME.
 2009-08-17 09:49:53 -04:00
Chris PeBenito
4254cec711 Add missing x_device rules for XI2 functions, from Eamon Walsh. 
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy.  You can now create one or more
> "master devices" (mouse cursor and keyboard focus).  The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device.  Create/destroy controls the ability to create new master
> devices.
 2009-08-14 13:18:16 -04:00
Daniel J Walsh
b2c5e72a15 - Make all unconfined_domains permissive so we can see what AVC's happen 2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864 - Add pt_chown policy 2009-08-12 20:10:51 +00:00
Daniel J Walsh
cbedd06c12 - Add kdump policy for Miroslav Grepl 
- Turn off execstack boolean
 2009-08-12 20:09:21 +00:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain. 
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
 2009-08-12 14:15:39 -04:00
Chris PeBenito
97e42114db remove redundant xen_append_log() call in hostname. 2009-08-11 14:19:38 -04:00
Chris PeBenito
0f5e26b620 Add btrfs and ext4 to labeling targets. 2009-08-11 09:01:58 -04:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl 
- Turn off execstack boolean
 2009-08-10 18:22:10 +00:00
Chris PeBenito
90286f4292 Fix infrastructure to expand macros in initrc_context when installing. 
The initrc_context file uses the mls_systemhigh macro and needs to be properly
expanded based on the build.conf settings.  Add makefile support to do this.
 2009-08-10 14:00:34 -04:00
Chris PeBenito
e51390dfcb fix refpolicy ticket #48. 2009-08-10 11:14:03 -04:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf - Allow nsplugin to connecto the session bus 
- Allow samba_net to write to coolkey data
 2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f - Allow devicekit_disk to list inotify 2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:37:39 +00:00
Daniel J Walsh
b270c763b4 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:18:06 +00:00
Daniel J Walsh
f3b436ca6a - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 19:37:52 +00:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types. 
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
 2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625 fix ordering in sysnetwork. 2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc fix ordering in raid. 2009-08-05 10:19:28 -04:00