Commit Graph

50 Commits

Author SHA1 Message Date
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
9160520a0e - Allow certmaster to override dac permissions 2009-07-27 22:09:57 +00:00
Daniel J Walsh
d982e7e091 - Fixes for podsleuth 2009-04-18 12:13:36 +00:00
Daniel J Walsh
1d1c058a4e - Add git web policy 2009-02-10 16:08:36 +00:00
Daniel J Walsh
6a09cfb688 - Allow hal/pm-utils to look at /var/run/video.rom
- Add ulogd policy
2008-11-05 18:26:36 +00:00
Daniel J Walsh
d8e5d05b6e - Allow openoffice execstack/execmem privs 2008-10-28 20:06:14 +00:00
Daniel J Walsh
4450ddb039 - Fixes for logrotate, alsa 2008-07-30 13:44:15 +00:00
Daniel J Walsh
fbea0df606 add init_upstart boolean 2008-05-19 17:48:06 +00:00
Daniel J Walsh
2d8ff5157a - Remove old booleans from targeted-booleans.conf file 2008-04-28 21:24:59 +00:00
Daniel J Walsh
5a576e06f0 - Allow passwd to communicate with user sockets to change gnome-keyring 2008-04-08 19:17:28 +00:00
Daniel J Walsh
27943de6a0 - Allow radvd to use fifo_file
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
    the boolean is set
2008-04-05 10:39:06 +00:00
Daniel J Walsh
b7229ad8bb - Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 05:01:51 +00:00
Daniel J Walsh
8d4af9d064 - Fixes from yum-cron
- Update to latest upstream
2008-02-20 22:44:00 +00:00
Daniel J Walsh
7c2be34d14 - Allow usertypes to read/write noxattr file systems 2008-01-28 16:48:49 +00:00
Daniel J Walsh
7330e86b90 - Update to upstream 2007-11-10 14:14:41 +00:00
Daniel J Walsh
cd8aa3b448 - Update to upstream 2007-10-24 19:31:28 +00:00
Daniel J Walsh
d50690ad8f - Update to upstream 2007-10-24 03:29:53 +00:00
Daniel J Walsh
fa0d1c8884 - Update to upstream 2007-10-23 23:13:09 +00:00
Daniel J Walsh
8fd9df6414 - Remove homedir_template 2007-10-05 19:47:10 +00:00
Daniel J Walsh
922f646a26 - Remove homedir_template 2007-10-05 11:43:46 +00:00
Daniel J Walsh
0f8f545d1a - Fix prelink to handle execmod 2007-07-24 14:39:01 +00:00
Daniel J Walsh
a4ec9b75e1 - Remove ifdef strict policy from upstream 2007-06-22 19:21:00 +00:00
Daniel J Walsh
057603fbda - Update to latest from upstream 2007-05-07 18:07:26 +00:00
Daniel J Walsh
cc1be2260f - Revert Nemiver change
- Set sudo as a corecmd so prelink will work, remove sudoedit mapping,
    since this will not work, it does not transition.
- Allow samba to execute useradd
2007-02-23 15:35:01 +00:00
Daniel J Walsh
1a24735d8f - Fix file context for nemiver 2007-02-15 00:19:30 +00:00
Daniel J Walsh
a384d73899 - Allow prelink when run from rpm to create tmp files Resolves: #221865
- Remove file_context for exportfs Resolves: #221181
- Allow spamassassin to create ~/.spamassissin Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves: #200110
2007-01-09 15:24:41 +00:00
Daniel J Walsh
6157a7e6e4 - More fixes for MLS 2006-12-11 12:35:45 +00:00
Daniel J Walsh
06b64f8c21 - Allow xen to connect to xen port 2006-11-10 20:37:08 +00:00
Daniel J Walsh
d095a0e65b - Add perms for swat 2006-11-01 00:09:08 +00:00
Daniel J Walsh
6b97615edf - Allow daemons to dump core files to / 2006-10-30 21:18:40 +00:00
Daniel J Walsh
201e1d333f - Fix dovecot, amanda 2006-09-27 19:49:43 +00:00
Daniel J Walsh
861af1c0df - Add tty access to all domains boolean
- Fix gnome-pty-helper context for ia64
2006-09-13 12:00:21 +00:00
Daniel J Walsh
543bc335c1 - Change allow_execstack to default to on, for RHEL5 Beta. This is required
because of a Java compiler problem. Hope to turn off for next beta
2006-08-11 15:39:50 +00:00
Daniel J Walsh
c7b7392126 - add boolean to allow zebra to write config files 2006-07-19 20:06:35 +00:00
Daniel J Walsh
31c47be0fe - setroubleshootd fixes 2006-07-19 18:39:31 +00:00
Daniel J Walsh
d819090e1f - Multiple fixes 2006-07-12 02:50:30 +00:00
Daniel J Walsh
8bee3a4a58 - Update to upstream 2006-07-09 09:51:33 +00:00
Daniel J Walsh
2616c66ff4 - Update to upstream 2006-06-13 18:26:00 +00:00
Daniel J Walsh
c54f60d6ea - Update from upstream 2006-06-09 02:55:43 +00:00
Daniel J Walsh
43fe713171 - Update to upstream 2006-05-28 10:56:26 +00:00
Daniel J Walsh
89e397d026 - Turn off allow_execmem boolean
- Allow ftp dac_override when allowed to access users homedirs
2006-05-12 02:39:30 +00:00
Daniel J Walsh
5ff36d645b - Update to latest from upstream
- Allow selinux-policy to be removed and kernel not to crash
2006-04-19 17:37:38 +00:00
Daniel J Walsh
67bc5ebb6c - More textrel_shlib_t file path fixes
- Add ada support
2006-04-06 19:08:54 +00:00
Daniel J Walsh
6e9bcb4a8d *** empty log message *** 2006-02-19 12:17:15 +00:00
Daniel J Walsh
7171df22fe - Turn back on execmem since we need it for java, firefox, ooffice 2005-12-12 20:59:35 +00:00
Daniel J Walsh
d4da533c32 - Update to upstream
- Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies
2005-12-10 05:19:29 +00:00
Daniel J Walsh
e1ccb6fe66 - Add two new httpd booleans, turned off by default
httpd_can_network_relay
httpd_can_network_connect_db
2005-12-09 20:59:20 +00:00
Daniel J Walsh
6f5a3bc6a7 - Update to upstream
- Turn off boolean allow_execstack
2005-12-08 21:56:50 +00:00
Daniel J Walsh
e568731790 - Update to upstream 2005-11-21 21:49:31 +00:00