rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity
4,660 Commits 9 Branches 110 Tags 34 MiB
8becfd3523
Commit Graph

4660 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template 
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
 2009-08-28 13:29:36 -04:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp 
- Add Sandbox unshare
 2009-08-26 20:19:02 +00:00
Chris PeBenito
fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Daniel J Walsh
07c04f81b6 - Add back in unconfined.pp and unconfineduser.pp 2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337 - Fixes for cdrecord, mdadm, and others 2009-08-26 12:12:39 +00:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
dbb7dd9484 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Daniel J Walsh
7078554d07 - Add capability setting to dhcpc and gpm 2009-08-24 13:09:08 +00:00
Daniel J Walsh
d6f79017f2 - Add capability setting to dhcpc and gpm 2009-08-23 17:39:51 +00:00
Daniel J Walsh
080ce6f2c8 - Add capability setting to dhcpc and gpm 2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393 - Allow cronjobs to read exim_spool_t 2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce - Fix system-config-services policy 2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac - Allow libvirt to change user componant of virt_domain 2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus 
- Add smoltclient policy
 2009-08-18 22:43:34 +00:00
Daniel J Walsh
7a5e03cc74 - Allow cupsd_config_t to be started by dbus 
- Add smoltclient policy
 2009-08-18 22:29:11 +00:00
Chris PeBenito
0484277038 reorganize dbus.fc. 2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1 Gentoo dbus in libexec 2009-08-18 13:13:40 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
LABBE Corentin
58cc9903dd Missing comma in policykit 2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr. 
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
 2009-08-18 09:49:31 -04:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t. 
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
 2009-08-17 13:19:26 -04:00
Chris PeBenito
0bf2bc9156 Fix Makefile info message for installing policy headers 
The Makefile is currently using the policy TYPE (standard|mls|mcs) rather
than the more informative NAME (eg strict, targeted, etc).  Fix the Makefile
to use NAME.
 2009-08-17 09:49:53 -04:00
Chris PeBenito
4254cec711 Add missing x_device rules for XI2 functions, from Eamon Walsh. 
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy.  You can now create one or more
> "master devices" (mouse cursor and keyboard focus).  The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device.  Create/destroy controls the ability to create new master
> devices.
 2009-08-14 13:18:16 -04:00
Daniel J Walsh
b2c5e72a15 - Make all unconfined_domains permissive so we can see what AVC's happen 2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864 - Add pt_chown policy 2009-08-12 20:10:51 +00:00
Daniel J Walsh
cbedd06c12 - Add kdump policy for Miroslav Grepl 
- Turn off execstack boolean
 2009-08-12 20:09:21 +00:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain. 
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
 2009-08-12 14:15:39 -04:00
Chris PeBenito
97e42114db remove redundant xen_append_log() call in hostname. 2009-08-11 14:19:38 -04:00
Chris PeBenito
0f5e26b620 Add btrfs and ext4 to labeling targets. 2009-08-11 09:01:58 -04:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl 
- Turn off execstack boolean
 2009-08-10 18:22:10 +00:00
Chris PeBenito
90286f4292 Fix infrastructure to expand macros in initrc_context when installing. 
The initrc_context file uses the mls_systemhigh macro and needs to be properly
expanded based on the build.conf settings.  Add makefile support to do this.
 2009-08-10 14:00:34 -04:00
Chris PeBenito
e51390dfcb fix refpolicy ticket #48. 2009-08-10 11:14:03 -04:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf - Allow nsplugin to connecto the session bus 
- Allow samba_net to write to coolkey data
 2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f - Allow devicekit_disk to list inotify 2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:37:39 +00:00
Daniel J Walsh
b270c763b4 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:18:06 +00:00
Daniel J Walsh
f3b436ca6a - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 19:37:52 +00:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types. 
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
 2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625 fix ordering in sysnetwork. 2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc fix ordering in raid. 2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646 fix ordering in pcmcia. 2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2 fix ordering in mount. 2009-08-05 10:16:41 -04:00