Commit Graph

886 Commits

Author SHA1 Message Date
Dominick Grift
5a98a53ade Missing required type. 2010-09-21 13:49:59 +02:00
Dominick Grift
d696185c23 Use stream connect pattern. 2010-09-21 13:49:59 +02:00
Dominick Grift
b85c14f0b0 Allow users to ptrace and send any signal to their pyzor agent.
Allow users to ptrace and send any signal to their razor agent.
2010-09-21 13:49:59 +02:00
Dominick Grift
2a724571c9 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-21 13:49:58 +02:00
Dominick Grift
3507be9506 Move this to were the other is and where it should be.
Move this to were the other is and where it should be.
2010-09-21 13:47:31 +02:00
Dominick Grift
2528a2d701 Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.
2010-09-21 13:47:30 +02:00
Dominick Grift
b46b3ad67f Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.
2010-09-21 13:16:29 +02:00
Dominick Grift
30bbb6a533 This is not a role capability. 2010-09-21 13:16:29 +02:00
Miroslav Grepl
d15b40a537 Fixed badly chosen type of interface for some interfaces 2010-09-21 09:09:43 +02:00
Dominick Grift
6ec59cc63d Redundant: This is already allowed by included admin_pattern for mpd_var_lib_t. 2010-09-20 19:34:45 +02:00
Dominick Grift
a053765caf Redundant: This is already permitted by included manage_dirs_pattern. 2010-09-20 18:18:44 +02:00
Dominick Grift
7a37620aaa These are duplicates and redundants. 2010-09-20 18:18:44 +02:00
Dominick Grift
8e3f53a057 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-20 18:18:44 +02:00
Dominick Grift
61f4064286 Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.
2010-09-20 18:18:44 +02:00
Dominick Grift
55c2e0e0a4 This is a role capability.
This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.
2010-09-20 18:18:44 +02:00
Dominick Grift
8ab34f0132 XML summary fixes.
XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.
2010-09-20 18:18:44 +02:00
Dominick Grift
624f2f43b1 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-20 18:18:44 +02:00
Dominick Grift
8f0b7460ea Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Syntax error.
Squash me with 959aa527a5394d23b994ecf75347d2445106d0c4

Replace type and attributes statements by comma delimiters where possible.

Syntax error.
Squach me with 779a708452142d6e4ac2ba2a158f724782a03291

Replace type and attributes statements by comma delimiters where possible.

Syntax error.
Squash me with 89180ea115794aadddaa9b356ab1dfcdc9ff102
2010-09-20 18:18:42 +02:00
Dominick Grift
f6bed42b4a This is not a role capability.
This is not a role capability.
2010-09-20 18:15:57 +02:00
Dominick Grift
23952dea2e Use ps_process_pattern to read state. 2010-09-20 18:15:57 +02:00
Dominick Grift
6c99405474 This permission is included with mmap_file_perms. 2010-09-20 18:15:57 +02:00
Dominick Grift
3cc747a38c Allow piranha domains to create their pid directory with their pid file type. 2010-09-20 18:15:57 +02:00
Dominick Grift
c4786dd6ff Implement oident admin. 2010-09-20 18:15:57 +02:00
Dominick Grift
f9c2fa554d Wrong type required. 2010-09-20 18:15:57 +02:00
Dominick Grift
f66acfd9f2 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-20 18:15:57 +02:00
Dominick Grift
db775a32ca Redundant; unused interface plus ypbind_t is not a pid file type. 2010-09-20 18:15:57 +02:00
Dominick Grift
ce87242fca Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Fix typo.
Squash me with f7691806b4a54f3debfabaa403e1472acc17427e
2010-09-20 18:15:55 +02:00
Dominick Grift
dc47bf2b65 Onlt distro redhat currently implements admin_home_t. 2010-09-20 18:15:30 +02:00
Dominick Grift
4e8c6986a2 This type is not required here. 2010-09-20 18:15:30 +02:00
Dominick Grift
d017064d51 Missing required type. 2010-09-20 18:15:29 +02:00
Dominick Grift
1976ddda24 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-20 18:15:28 +02:00
Dominick Grift
e8ea772d89 Allow users to ptrace and send any signal to their lpd agent.
Allow users to ptrace and send any signal to their mock agent.
2010-09-20 18:13:53 +02:00
Dominick Grift
c0ad94be4a Reduntant: getattr_sock_files_pattern already permit this. 2010-09-20 18:13:53 +02:00
Dominick Grift
1c45e20097 Reduntant: stream_connect_pattern already permits this. 2010-09-20 18:13:53 +02:00
Dominick Grift
74d74b9c2c Reduntant: unused, use hal_read_state instead if possible. 2010-09-20 18:13:53 +02:00
Dominick Grift
bece7c48bb Use stream connect pattern.
Use stream connect pattern.
2010-09-20 18:13:50 +02:00
Dominick Grift
ab33cc0cf1 I made a mistake in 618ce85f86, but as it turns out this interface is not required at all. 2010-09-17 15:05:25 +02:00
Dominick Grift
9fa4defbd4 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Squash with 84812bc8dd814709734c2b6d1ef2ff2b84adc35d
Syntax error.
2010-09-17 14:32:48 +02:00
Dominick Grift
4b1644f447 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-17 14:32:47 +02:00
Dominick Grift
3c484f5bdc XML summary fixes.
XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.
2010-09-17 14:32:47 +02:00
Dominick Grift
86f9f96664 The ps_process_pattern includes permission to get attributes of target domain. 2010-09-17 14:32:47 +02:00
Dominick Grift
6bb4d401ee Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.
2010-09-17 14:32:47 +02:00
Dominick Grift
25e284d727 This is a role capability.
This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.
2010-09-17 14:32:47 +02:00
Dominick Grift
f6bcb24b48 Tunable and optional policy goes below.
Tunable and optional policy goes below.
2010-09-17 14:32:47 +02:00
Dominick Grift
b11ba46f38 Use entry_file as entry_point to domain transition.
Squash with e9f4178aa052c15ac7919a06e0c226b846ef7c7b
Duplicate TE rule.
2010-09-17 14:32:47 +02:00
Dominick Grift
28fdb87aed Move system type alias statements to system declarations.
Squash me with 81a5e7c5394ee93d99df472199737cd61f3c24eb
Without this build fails because at the point httpd_var_run_t is not yet declared.
2010-09-17 14:32:47 +02:00
Dominick Grift
b5d5518bb4 Add file context specification for HOME_DIR/\.gitaliases. May not be required but cannot hurt either. 2010-09-17 14:32:47 +02:00
Dominick Grift
618ce85f86 Use can_exec. 2010-09-17 14:32:47 +02:00
Dominick Grift
1e92803c62 Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.
2010-09-17 14:32:47 +02:00
Dominick Grift
89bb445d84 This is not a role capability. 2010-09-17 14:32:47 +02:00
Dominick Grift
dd0d453cdf Allow users to ptrace and send any signal to their bluetooth helper agent.
Allow users to prtrace and send any signal to their cron job.

Allow users to prtrace and send any signal to their cron job.

Allow users to prtrace and send any signal to their cron job.

Allow users to ps, ptrace and send any signal to their session bus.
2010-09-17 14:32:47 +02:00
Dominick Grift
2d6615cf20 Class is supposed to be fifo_file according to summary. 2010-09-17 14:32:47 +02:00
Dominick Grift
eb0e0bcca5 Use domtrans_pattern. 2010-09-17 14:32:47 +02:00
Dominick Grift
0293695add Use stream connect pattern. 2010-09-17 14:32:46 +02:00
Dominick Grift
9b26005b06 Clean up (network) connect DB. 2010-09-17 14:32:46 +02:00
Dominick Grift
7fa5a68a82 Boolean declarations go above. 2010-09-17 14:32:46 +02:00
Dominick Grift
c5eae5f83c Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-17 14:32:43 +02:00
Dominick Grift
1b1f7d01a9 This is a leftover from refpolicy implementation of this functionality. 2010-09-17 14:29:50 +02:00
Dominick Grift
bbdbce34c2 No need for httpd_builtin_scripting to be set for httpd_t to be allowed to read files. 2010-09-17 14:29:50 +02:00
Dominick Grift
c53b75bdd2 Change this functionality to our implementation of this functionality. 2010-09-17 14:29:50 +02:00
Dan Walsh
8c47ad04ba Remove accedentlay added ~ files 2010-09-16 17:48:39 -04:00
Dan Walsh
0a394bf04f Add vnstat policy
allow logrotate to mail syslog files
Allow chrom-sandbox to search nfs_t
Allow libvirt to send audit messages
Dontaudit leaked console to xauth
2010-09-16 17:46:06 -04:00
Miroslav Grepl
be5142fc6f Fixes for cluster policy 2010-09-16 13:44:53 +02:00
Dan Walsh
14ffaf836d Merge upstream 2010-09-16 07:05:26 -04:00
Dan Walsh
a55bb56954 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-16 06:38:13 -04:00
Dominick Grift
9c9e4c8180 This is a role capability.
This is a role capability.

This is a role capability.

Signed-off-by: Dominick Grift <domg472@gmail.com>

This is a role capability.

This is a role capability.
2010-09-16 12:18:34 +02:00
Dominick Grift
0dacd040c3 Whitespace, newline and tab fixes. 2010-09-16 12:18:34 +02:00
Dominick Grift
23ac318d30 Requires system_r role. 2010-09-16 12:18:33 +02:00
Dominick Grift
2f94f46028 Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.
2010-09-16 12:18:33 +02:00
Dominick Grift
2de2341198 Use ps_process_pattern to read state.
Signed-off-by: Dominick Grift <domg472@gmail.com>

Use ps_process_pattern to read state.

Use ps_process_pattern to read state.
2010-09-16 12:18:33 +02:00
Dominick Grift
819518c273 The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

Signed-off-by: Dominick Grift <domg472@gmail.com>

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.
2010-09-16 12:18:33 +02:00
Dominick Grift
dcf87460eb Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-16 12:18:33 +02:00
Dominick Grift
59c0340548 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Use permission sets where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-16 12:18:33 +02:00
Dominick Grift
ba6db03dc0 Redundant: mta_sendmail_domtrans calls domtrans_pattern which already includes these permissions. 2010-09-16 12:18:33 +02:00
Dominick Grift
b35d259348 XML summary ffixes.
XML summary fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>

XML summary fixes.
2010-09-16 12:18:33 +02:00
Dominick Grift
f92662114a Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.
2010-09-16 12:18:33 +02:00
Dominick Grift
4ff4ddfaa3 Allow users to ptrace and send any kind of signal to spamassassin agents. 2010-09-16 12:18:33 +02:00
Dominick Grift
c5caddd673 This type is not required here. 2010-09-16 12:18:33 +02:00
Dominick Grift
b0e9aaafb9 This is not a role capability.
This is not a role capability.

Signed-off-by: Dominick Grift <domg472@gmail.com>

This is not a role capability.
2010-09-16 12:18:31 +02:00
Dominick Grift
a3d20a3c3a Use relabel permission sets where possible. 2010-09-16 12:18:31 +02:00
Dominick Grift
9a2fd7d144 Redundant: This is included with userdom_read_user_home_content_files.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
50e85752ad Allow users to ptrace and send any kind of signal to their ssh agent instead of only a generic signal.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
f416df73dd Redundant: This is included with userdom_search_user_home_content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
a87e8f736c Redundant: domtrans_pattern includes these.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
d0b7562f02 Do not audit interface should not provide permission to read parent directories.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
5ebd1a52a5 Use domtrans_pattern because it include permission the sigchld target domain and other required access to domain transition.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
2d102f8402 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
60d27bf8ab Tunable, optional, if(n)def block go below.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 10:43:14 +02:00
Dominick Grift
2e2a24e07d Use stream_connect_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 10:43:14 +02:00
Dan Walsh
4d71bc3534 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-15 16:06:43 -04:00
Dominick Grift
83029ff3c5 Use relabel permission sets where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
4ec4a49e8a Add missing admin_patterns to rpcbind_admin.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
ac13ad949b Use stream connect pattern.
Use stream_connect_pattern.

Use stream_connect_pattern.

Use stream_connect_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
ad424545db Use ps_process_pattern to read state.
Use ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
87cd6eef3a Reduntant: Is already included with userdom_search_user_home_dirs.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
4eaffd271f Access to get attributes of target pppd_t domain is included with ps_process_pattern.
Access to get attributes of target privoxy_t domain is included with ps_process_pattern.

Access to get attributes of target radiusd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
39e118bc15 Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.

Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
1215dfb87c Allow pads_admin to search parent directories to be able to interact with pads content.
Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.

Allow postgresql admin to search parent directories to be able to manage postgresql content.

Allow prelude_admin to search parent directories to be able to manage prelude content.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
d183137edb XML summary fix.
XML summary fix.

XML summary fix.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
dcbbeeada3 Access to get attributes of target accountsd_t domain is included with ps_process_pattern.
Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.

Access to get attributes of target asterisk_t domain is included with ps_process_pattern.

Permission to get attributes of target automount_t domain is included with ps_process_pattern.

Access to get attributes of target ntpd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00