Access to get attributes of target privoxy_t domain is included with ps_process_pattern.
Access to get attributes of target radiusd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.
Allow postgresql admin to search parent directories to be able to manage postgresql content.
Allow prelude_admin to search parent directories to be able to manage prelude content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.
Access to get attributes of target asterisk_t domain is included with ps_process_pattern.
Permission to get attributes of target automount_t domain is included with ps_process_pattern.
Access to get attributes of target ntpd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.
Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Allow hugetlbfs_t to be on device_t file system
Fix for ajaxterm policy
Fix type in dbus_delete_pid_files
Change openvpn to only allow search of users home dir
cleanup of nsplugin interface definition
Latest pm-utils is causing lots of domains to see a leaked lock file
I want mplayer to run as unconfined_execmem_t
mountpoint is causing dbus and init apps to getattr on all filesystems directories
Miroslav update dkim-milter
NetworkManager dbus chats with init
Allow apps that can read user_fonts_t to read the symbolic link
udev needs to manage etc_t
