rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4,761 Commits 8 Branches 97 Tags 37 MiB
8872d3d2ac
Commit Graph

4761 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Walsh
41a18182a5 storage should be in base 2011-08-03 16:21:21 -04:00
Dan Walsh
8becfd3523 Add cfengine policy 2011-08-03 10:22:38 -04:00
Miroslav
2aa62d446f - Add abrt_domain attribute 
- Allow corosync to manage cluster lib files
- Allow corosync to connect to the system DBUS
 2011-08-02 21:35:30 +02:00
Dan Walsh
d0fad1166a Add uuidd module 2011-07-29 10:36:34 -04:00
Dan Walsh
439e115b9d Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-29 09:49:38 -04:00
Dan Walsh
c1eb3ef122 Remove howl, hotplug and kudzu modules, since they are no longer used 2011-07-29 09:49:16 -04:00
Miroslav
58f5509584 - More fixes of rules which cause an explosion in rules by Dan Walsh 2011-07-29 14:18:40 +02:00
Miroslav
0c240d9a87 - Allow rcsmcertd to perform DNS name resolution 
- Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts
- Allow tmux to run as screen
- New policy for collectd
- Allow gkeyring_t to interact with all user apps
- Add rules to allow firstboot to run on machines with the unconfined.pp module
 2011-07-26 17:21:09 +02:00
Dan Walsh
8193baf6c3 Add collectd module to targeted policy 2011-07-25 11:30:08 -04:00
Dan Walsh
300f0d1a1d Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-25 08:49:56 -04:00
Miroslav
f5593ed9be - Allow systemd_logind to send dbus messages with users 
- allow accountsd to read wtmp file
- Allow dhcpd to get and set capabilities
 2011-07-23 09:10:19 +02:00
Dan Walsh
c209cb862f Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-22 16:24:09 -04:00
Miroslav
6e9c2276f7 - Fix oracledb_port definition 
- Allow mount to mounton the selinux file system
- Allow users to list /var directories
 2011-07-22 12:37:49 +02:00
Miroslav
273e934611 systemd fixes 2011-07-21 17:22:47 +02:00
Miroslav
2ed5289fc9 - Add initial policy for abrt_dump_oops_t 
- xtables-multi wants to getattr of the proc fs
- Smoltclient is connecting to abrt
- Dontaudit leaked file descriptors to postdrop
- Allow abrt_dump_oops to look at kernel sysctls
- Abrt_dump_oops_t reads kernel ring buffer
- Allow mysqld to request the kernel to load modules
- systemd-login needs fowner
- Allow postfix_cleanup_t to searh maildrop
 2011-07-19 17:44:23 +02:00
Dan Walsh
dd16c38c4b Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-19 08:17:17 -04:00
Miroslav Grepl
805cc3bcdf - Initial systemd_logind policy 
- Add policy for systemd_logger and additional proivs for systemd_logind
- More fixes for systemd policies
 2011-07-18 08:17:03 +02:00
Dan Walsh
ef582cdc93 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-07-14 13:39:46 -04:00
Dan Walsh
854346f783 add ctdbd policy module 2011-07-14 13:39:22 -04:00
Miroslav Grepl
2b7c0552d7 - Allow setsched for virsh 
- Systemd needs to impersonate cups, which means it needs to create tcp_sock
- iptables: the various /sbin/ip6?tables.* are now symlinks for /sbin/xtables-mult
 2011-07-14 18:49:37 +02:00
Miroslav Grepl
50f07b8abf Fix spec file 2011-07-12 14:59:13 +02:00
Miroslav Grepl
9cf29c17e3 Remove duplicate declaration in ABRT 2011-07-12 10:47:58 +02:00
Miroslav Grepl
40468c4016 Fix typo in modules-targeted.conf 2011-07-12 10:14:13 +02:00
Miroslav Grepl
330eac5848 - A lot of users are running yum -y update while in /root which is causing ldc 
- Allow colord to interact with the users through the tmpfs file system
- Since we changed the label on deferred, we need to allow postfix_qmgr_t to b
- Add label for /var/log/mcelog
- Allow asterisk to read /dev/random if it uses TLS
- Allow colord to read ini files which are labeled as bin_t
- Allow dirsrvadmin sys_resource and setrlimit to use ulimit
- Systemd needs to be able to create sock_files for every label in /var/run di
- Also lists /var and /var/spool directories
- Add openl2tpd to l2tpd policy
- qpidd is reading the sysfs file
 2011-07-12 09:44:07 +02:00
Dan Walsh
5a8295ac0d add l2tpd daemon policy 2011-07-05 16:20:25 -04:00
Dan Walsh
32e78857c1 Removing /usr/lib/debug subs_dist entry. This did not work properly, we need to go back to labeling based on lib_t 2011-07-05 10:45:44 -04:00
Dan Walsh
fb5b77fade Fully path the semodule command 2011-07-01 06:35:11 -04:00
Miroslav Grepl
975370d58e - Change usbmuxd_t to dontaudit attempts to read chr_file 
- Add mysld_safe_exec_t for libra domains to be able to start private mysql dom
- Allow pppd to search /var/lock dir
- Add rhsmcertd policy
 2011-06-30 17:55:41 +02:00
Miroslav Grepl
81fbb0fccd Add updated policy-F16.patch 2011-06-28 16:27:18 +02:00
Miroslav Grepl
3f8c0984d4 Upload the right source file 2011-06-27 18:20:35 +02:00
Miroslav Grepl
ade486af72 Update to upstream 2011-06-27 18:02:16 +02:00
Miroslav Grepl
2885bf8a6e - More fixes 
* http://git.fedorahosted.org/git/?p=selinux-policy.git
 2011-06-27 08:43:05 +02:00
Dan Walsh
7e1b615aa4 Next attempt at getting selinux-policy-* to work without rebuilding policy. 2011-06-16 12:01:25 -04:00
Dan Walsh
cf012ea57e Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-06-16 08:58:41 -04:00
Dan Walsh
8782a92ced Change required policycoreutils and libsemanage 2011-06-16 08:58:19 -04:00
Miroslav Grepl
4fb7b43f62 - Add dspam policy 
- Add lldpad policy
- dovecot auth wants to search statfs #713555
- Allow systemd passwd apps to read init fifo_file
- Allow prelink to use inherited terminals
- Run cherokee in the httpd_t domain
- Allow mcs constraints on node connections
- Implement pyicqt policy
- Fixes for zarafa policy
- Allow cobblerd to send syslog messages
 2011-06-16 10:42:42 +02:00
Dan Walsh
857c813190 Eliminate olpc stuff and other no longer needed files. Update to new system to build policy.* file within payload. 2011-06-09 22:36:45 -04:00
Dan Walsh
d0597c1c15 apply merge 2011-06-08 12:17:39 -04:00
Miroslav Grepl
183e54f534 Old passanger module needs to be removed in spec file 2011-06-08 17:41:02 +02:00
Miroslav Grepl
d8b121329f - Fixes for zabbix 
- init script needs to be able to manage sanlock_var_run_...
- Allow sandlock and wdmd to create /var/run directories...
- mixclip.so has been compiled correctly
- Fix passenger policy module name
 2011-06-08 17:32:27 +02:00
Dan Walsh
5253d49ee9 Update from git 2011-06-07 14:43:31 -04:00
Miroslav Grepl
94cdbacbd8 - Add mailscanner policy from dgrift 
- Allow chrome to optionally be transitioned to
- Zabbix needs these rules when starting the zabbix_server_mysql
- Implement a type for freedesktop openicc standard (~/.local/share/icc)
- Allow system_dbusd_t to read inherited icc_data_home_t files.
- Allow colord_t to read icc_data_home_t content. #706975
- Label stuff under /usr/lib/debug as if it was labeled under /
 2011-06-07 18:12:04 +02:00
Dan Walsh
0535650520 Allow policy.VERSION and modules to ship with package 2011-06-07 11:09:32 -04:00
Dan Walsh
8f6432aac9 Label stuff under /usr/lib/debug as if it was labeled under / 2011-06-06 13:11:10 -04:00
Miroslav Grepl
0e70f655b4 Fix spec file 2011-06-02 15:17:47 +02:00
Miroslav Grepl
a56fb9fa8f - Fixes for sanlock policy 
- Fixes for colord policy
- Other fixes
       * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
 2011-06-02 15:16:46 +02:00
Miroslav Grepl
b817e17405 - Add more fixes for ABRT retrace-server 
- Add telepathy-logger policy
- Add rhev policy
 2011-05-26 14:37:08 +02:00
Miroslav Grepl
a8e065be61 - Add rhev policy module to modules-targeted.conf 2011-05-26 14:16:59 +02:00
Miroslav Grepl
ace25237f9 - Lot of fixes 
* http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
 2011-05-24 16:38:28 +02:00
Dan Walsh
7920a06561 add sanlock and wdmd policy 2011-05-23 18:37:50 -04:00