Commit Graph

4643 Commits

Author SHA1 Message Date
Dan Walsh
aae38f05a6 whoya 2010-08-26 13:16:02 -04:00
Dan Walsh
2968e06818 Update f14 2010-08-26 12:55:57 -04:00
Dan Walsh
18549c23df Fix policy 2010-08-26 11:09:31 -04:00
Dan Walsh
507000a1db reset 2010-08-26 11:03:50 -04:00
Dan Walsh
8f4ec142d7 Modified amanda 2010-08-26 11:02:44 -04:00
Dan Walsh
09154bd53e Reset base 2010-08-26 11:01:06 -04:00
Dan Walsh
e15d0e76e3 Modify amanda 2010-08-26 10:59:43 -04:00
Dan Walsh
0aa4ecc332 F14 2010-08-26 10:56:06 -04:00
Dan Walsh
f9c5576c27 F14 2010-08-26 10:54:59 -04:00
Dan Walsh
e5e9b7bd43 F14 2010-08-26 10:50:47 -04:00
Dan Walsh
a61cba6e07 Rebase constraints 2010-08-26 10:45:39 -04:00
Dan Walsh
9afb2b166a Go with upstream 2010-08-26 10:40:06 -04:00
Dan Walsh
a947daf6df Update f14 2010-08-26 10:27:35 -04:00
Dan Walsh
83eff061a3 Latest f14 2010-08-26 10:26:28 -04:00
Dan Walsh
3eaa993945 UPdate for f14 policy 2010-08-26 09:41:21 -04:00
Chris PeBenito
76a9fe96e4 Module version bumps and changelog for devtmpfs patchset. 2010-08-25 11:19:27 -04:00
Chris PeBenito
0d24805fd0 Trivial tweaks to devtmpfs patches. 2010-08-25 11:18:25 -04:00
Jeremy Solt
2fc79f1ef4 Early devtmpfs access
dontaudit attempts to read/write device_t chr files occurring before udev relabel
allow init_t and initrc_t read/write on device_t chr files (necessary to boot without unconfined)

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
2010-08-25 11:01:27 -04:00
Jeremy Solt
d6e1ef29cd Move devtmpfs to devices from filesystem
Move devtmpfs to devices module (remove from filesystem module)
Make device_t a filesystem
Add interface for associating types with device_t filesystem (dev_associate)
Call dev_associate from dev_filetrans
Allow all device nodes associate with device_t filesystem
Remove dev_tmpfs_filetrans_dev from kernel_t
Remove fs_associate_tmpfs(initctl_t) - redundant, it was in dev_filetrans, now in dev_associate
Mounton interface, to allow the kernel to mounton device_t

Signed-off-by: Jeremy Solt <jsolt@tresys.com>
2010-08-25 11:01:22 -04:00
Dan Walsh
370d04ed3c - Allow seunshare to fowner 2010-08-25 09:45:26 -04:00
Dan Walsh
cc138e86b5 - Allow cron to look at user_cron_spool links
- Lots of fixes for mozilla_plugin_t
- Add sysv file system
- Turn unconfined domains to permissive to find additional avcs
2010-08-24 22:48:06 -04:00
Dan Walsh
3cacc01467 - Update policy for mozilla_plugin_t 2010-08-23 18:16:17 -04:00
Dan Walsh
63265668f0 - Update policy for mozilla_plugin_t 2010-08-23 18:01:46 -04:00
Dan Walsh
66ec626d23 - Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
2010-08-23 17:33:55 -04:00
Dan Walsh
eee39f9d8e - Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
2010-08-23 17:29:52 -04:00
Dan Walsh
19988ca76d - Allow clamscan_t execmem if clamd_use_jit set
- Add policy for firefox plugin-container
2010-08-20 09:36:56 -04:00
Chris PeBenito
c62f1bef77 Dbadm updates from KaiGai Kohei. 2010-08-19 08:41:39 -04:00
Dan Walsh
34e74a1baa - label dead.letter as mail_home_t 2010-08-17 10:05:08 -04:00
Dan Walsh
3798ee962a - label dead.letter as mail_home_t 2010-08-17 07:22:11 -04:00
Chris PeBenito
ab8f919e6f Part of gnome patch from Dan Walsh. 2010-08-12 09:21:36 -04:00
Dan Walsh
b12ede2ac0 * Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 08:58:16 -04:00
Dan Walsh
922cd61e83 * Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 07:55:04 -04:00
Chris PeBenito
a9539a063b Additional kdumpgui cleanup. 2010-08-10 09:21:01 -04:00
Jeremy Solt
46fc0d39e3 Policy for system-config-kdump gui from Dan Walsh
Edits:
 - removed gnome_dontaudit_search_config
 - removed userdom_dontaudit_search_admin_dir
 - whitespace and style fixes
2010-08-10 09:05:43 -04:00
Chris PeBenito
5d6bf457b9 Changelog entry for sambagui. 2010-08-09 09:51:35 -04:00
Jeremy Solt
68e615ec5a system-config-samba dbus service policy from Dan Walsh 2010-08-09 09:37:29 -04:00
Jeremy Solt
c87e150280 roles patch from Dan Walsh to move unwanted interface calls into a ifndef 2010-08-09 09:20:31 -04:00
Chris PeBenito
00ca404a20 Remove unnecessary require on cgroup_admin(). 2010-08-09 09:10:24 -04:00
Chris PeBenito
d687db9b42 Whitespace fixes on cgroup. 2010-08-09 08:52:39 -04:00
Dominick Grift
61d7ee58a4 Confine /sbin/cgclear.
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-09 08:47:15 -04:00
Dominick Grift
a0546c9d1c System layer xml fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:55 -04:00
Dominick Grift
288845a638 Services layer xml files.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:29 -04:00
Chris PeBenito
97b990f86e Fix corecmd_dontaudit_exec_all_executables doc. 2010-08-05 09:24:41 -04:00
Dominick Grift
705f70f098 Kernel layer xml fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:08:07 -04:00
Chris PeBenito
19ff03977d Fix usermanage_kill_passwd() parameter doc. 2010-08-05 08:56:31 -04:00
Dominick Grift
77e4b55f70 Admin layer xml fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 08:46:44 -04:00
Dominick Grift
03b86663f0 apps: domain { allowed to transition, allowed access, to not audit }.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 08:20:59 -04:00
Chris PeBenito
12ab39533b Changelog entry for accountsd. 2010-08-03 09:51:01 -04:00
Chris PeBenito
8da88970be Accountsd cleanup. 2010-08-03 09:50:40 -04:00
Chris PeBenito
d0eebed0b7 Move accountsd to services. 2010-08-03 09:31:53 -04:00