Commit Graph

925 Commits

Author SHA1 Message Date
Dan Walsh
b3e7610270 Allow smbd_t sys_admin capability so samba can change quota on users. 2010-10-07 09:31:35 -04:00
Dan Walsh
3235a8bbe6 dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs.
Disable transition from dbus_session_domain to telepathy for F14
Allow boinc_project to use shm
Allow certmonger to search through directories that contain certs
Allow fail2ban the DAC Override so it can read log files owned by non root users
2010-10-07 09:06:56 -04:00
Dan Walsh
596d86ad6c Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-10-06 09:05:02 -04:00
Dan Walsh
55e9f0e79c Fix fusefs handling
Do not allow sandbox to manage nsplugin_rw_t
Allow mozilla_plugin_t to connecto its parent
Allow init_t to connect to plymouthd running as kernel_t
2010-10-06 09:03:28 -04:00
Miroslav Grepl
0def274b96 Add policy for mediawiki 2010-10-05 14:47:38 +02:00
Dan Walsh
d1c6ba20d5 Start adding support for use_fusefs_home_dirs
Add /var/lib/syslog directory file context
Add /etc/localtime as locale file context
2010-10-04 14:45:52 -04:00
Dan Walsh
ddd1ccaa93 Allow unconfined_t to transition to alsa_t to make sure labels stay correct
Lots of fixes for mozilla_plugin nsplugin and mozilla_plugin are starting to merge
telepath_msn_t tries to read /proc/1/exe
Allow smokeping cgi scripts to create /var/lib/smokeping dirs.
Allow smbd_t to getquota on multiple file systems
2010-10-03 07:48:01 -04:00
Dan Walsh
b45aaab97c Allow sudo to send signals to any domains the user could have transitioned to.
Passwd in single user mode needs to talk to console_device_t
Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
locate tried to read a symbolic link, will dontaudit
New labels for telepathy-sunshine content in homedir
Google is storing other binaries under /opt/google/talkplugin
bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug
Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15
modemmanger and bluetooth send dbus messages to devicekit_power
Samba needs to getquota on filesystems labeld samba_share_t
2010-10-01 11:58:15 -04:00
Dan Walsh
20f707ce5e dontaudit attempts by xdm_t to write to bin_t for kdm 2010-09-29 15:03:51 -04:00
Dan Walsh
f6e966f3ae Allow nsplugin to sendto itself dgrams
Fix /root/.ssh labeling
2010-09-29 10:55:40 -04:00
Dan Walsh
79bff2bb38 Allow mozilla_plugin to manage all gnome config files
Allow nsplugin_t to read lnk files in nsplugin_rw_t
New labeling for packagekit scripts to bin_t
Allow mount_t to delete etc_t
Allow fsdaemon_t to read usr_t files
2010-09-28 16:24:56 -04:00
Dan Walsh
4e6b3f6dd9 Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory.
Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets
Allow confined users to read xdm_etc_t files
Allow xdm_t to transition to xauth_t for lxdm program
2010-09-27 10:21:54 -04:00
Dan Walsh
5212892e22 Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home
Allow clamd to send signals to itself
Allow mozilla_plugin_t to read user home content.  And unlink pulseaudio shm.
2010-09-26 06:42:14 -04:00
Dan Walsh
fb52482a1f Allow firewallgui to sys_rawio which seems to be required to setup masqerading
Allow all domains to search through default_t directories, in order to find differnet labels.  For example people serring up /foo/bar to be share via samba.
Add label for /var/log/slim.log
2010-09-25 06:23:04 -04:00
Dan Walsh
f7307c60ba Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-24 11:55:35 -04:00
Dan Walsh
7cfb935473 Allow rpc.quota to do quotamod
Allow mozilla_plugin to execute mozilla_home_t
2010-09-24 11:55:05 -04:00
Miroslav Grepl
df488eda7b Move c2s to run in jabber_router_t domain
Other fixes for jabberd policy
2010-09-24 14:14:38 +02:00
Dominick Grift
ff9b16dc29 Merge branch 'base' 2010-09-24 12:52:43 +02:00
Dominick Grift
7d1f5642b0 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-24 12:44:39 +02:00
Dominick Grift
7832131bae XML summary fixes.
XML summary fixes.
2010-09-24 12:44:37 +02:00
Dominick Grift
a25335e1fa Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-24 12:44:16 +02:00
Dominick Grift
4781493e45 Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
2010-09-24 12:44:16 +02:00
Dominick Grift
e2d9aa29c5 Source is x_domain and not xserver_t. Moving to x_domain local policy. 2010-09-24 12:44:16 +02:00
Dominick Grift
568349bd70 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.

The process and capability IPC goes on top of local policy.

The process and capability IPC goes on top of local policy.
2010-09-24 12:44:16 +02:00
Dominick Grift
daed45f480 Redundant: Included userdom_user_home_content already has this.
Redundant: Included userdom_user_home_content already has this.

Redundant: Included userdom_user_home_content already has this.

Redundant: Included userdom_search_user_home_dirs already has this.

Redundant: Included userdom_user_home_content already has this.
2010-09-24 12:44:16 +02:00
Dominick Grift
6aa632a63e Remove stray semi-colon. 2010-09-24 12:44:15 +02:00
Dominick Grift
aaf8a677ba Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:44:14 +02:00
Dominick Grift
8b858f2652 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-24 12:37:05 +02:00
Dominick Grift
ce6df09d63 Redundant: Included inetd_service_domain has this.
Redundant: Included inetd_tcp_service_domain has this.

Redundant: Included inetd_tcp_service_domain has this. Conditional init_daemon_domain has it also.

Redundant: Included inetd_tcp_service_domain has this.
2010-09-24 12:33:58 +02:00
Dominick Grift
fae9473242 Support network connect mysql DB. 2010-09-24 12:33:28 +02:00
Dominick Grift
5492a180fd There is already an optional policy block for daemontools. Join the two. 2010-09-24 12:33:28 +02:00
Dominick Grift
9444a138f5 Consistent ordering of declarations. 2010-09-24 12:33:28 +02:00
Dominick Grift
3c4ffa3294 Use domtrans_pattern where possible. 2010-09-24 12:33:27 +02:00
Dominick Grift
1e2abee10b Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:33:26 +02:00
Dominick Grift
39178aaf8a This is no declaration. Moving to local policy. 2010-09-24 12:27:59 +02:00
Dominick Grift
09873e59ca These were duplicate TE rules. 2010-09-24 12:27:59 +02:00
Dominick Grift
1507cc2a79 Internal interaction goes before external interface calls. 2010-09-24 12:27:59 +02:00
Dominick Grift
86225e1f16 These interface calls are more suitable here. Might want to implement boolean spamd_network_connect_db. 2010-09-24 12:27:59 +02:00
Dominick Grift
54590acde7 Replace type and attributes statements by comma delimiters where possible. 2010-09-24 12:27:59 +02:00
Dan Walsh
e027e93f2c More typos 2010-09-23 17:39:31 -04:00
Dan Walsh
55bffb7189 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-23 17:20:36 -04:00
Dan Walsh
7c94a3ab0d Allow consolehelper to read fonts and config files in user homedir 2010-09-23 15:14:34 -04:00
Dominick Grift
730ec51878 This is git system content. 2010-09-23 17:28:34 +02:00
Dominick Grift
a5ea1490d4 Merge branch 'base' 2010-09-23 15:07:33 +02:00
Dan Walsh
f4dc198843 Make hal a dbus_system_domain
Allow dovecot to append all logs
2010-09-23 08:59:40 -04:00
Dominick Grift
ac5201ecde Use permission sets where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
cefe9f9919 Replace type and attributes statements by comma delimiters where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
18f2a72d7f Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-23 14:59:23 +02:00
Dominick Grift
0f7c400223 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-23 14:59:23 +02:00
Dominick Grift
c2b2d22b35 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-23 14:59:23 +02:00