Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Chris PeBenito
91cbcc6602
Fix deprecated interface usage in rhel4 block in su.if.
2010-05-24 15:09:18 -04:00
Chris PeBenito
3d95ca2d82
Module version bump for 904f3d8.
2010-05-24 13:08:09 -04:00
Chris PeBenito
7934ac10d3
Module version bump for 1184392 and more.
...
* module version bump
* make apache and unconfined portions optiona
* rearrange lines
2010-05-24 13:08:09 -04:00
Chris PeBenito
ca28376c4d
Module version bump for 7942f7f.
2010-05-24 13:08:09 -04:00
Chris PeBenito
bdf5e19931
Module version bump for 383bd32.
2010-05-24 13:08:09 -04:00
Chris PeBenito
213d35a07c
Module version bump for 9e28f74.
2010-05-24 13:08:09 -04:00
Chris PeBenito
63583f4e29
Module version bump for f61ef24.
2010-05-24 13:08:09 -04:00
Chris PeBenito
c789f82bc5
Module version bump for d5170e5.
2010-05-24 13:08:09 -04:00
Chris PeBenito
d53a972879
Module version bump for cb1df6a.
2010-05-24 13:08:09 -04:00
Jeremy Solt
d8642cad29
readahead patch from Dan Walsh
...
Edits:
- Removed files_dontaudit_read_security_files and fs_dontaudit_read_tmpfs_blk_dev interface calls
2010-05-24 13:08:08 -04:00
Chris PeBenito
fe74f71385
Fix deprecated interface usage that crept into lvm.if.
2010-05-24 13:08:08 -04:00
Chris PeBenito
ff1cae1f5e
Move line in logrotate; module version bump.
2010-05-24 13:08:08 -04:00
Chris PeBenito
a107f875bd
Remove redundant optional and libs_* calls in clogd.
2010-05-24 13:08:08 -04:00
Chris PeBenito
dcb7227286
Module version bump for 51ad76f.
2010-05-24 13:08:08 -04:00
Jeremy Solt
6430c79a29
whitespace fix for clogd
2010-05-24 13:08:08 -04:00
Jeremy Solt
6055ab8d1d
clogd policy from Dan Walsh
...
edits:
- style and whitespace fixes
- removed read_lnk_files_pattern from shm interface
- removed permissive line
2010-05-24 13:08:08 -04:00
Jeremy Solt
7a8e6a8fba
whitespace fixes for cluster suite patch
2010-05-24 13:08:08 -04:00
Jeremy Solt
21d23c878e
Removed unnecessary comments
...
Removed 'SELinux policy for' from policy summaries
Removed rgmanager interface for semaphores (doesn't appear to be needed or used)
Removed redundant calls to libs_use_ld_so and libs_use_shared_libs
Fixed rhcs interface names to match naming rules
Merged tmpfs and semaphore/shm interfaces
2010-05-24 13:08:08 -04:00
Jeremy Solt
538cf9ab83
Redhat Cluster Suite Policy from Dan Walsh
...
Edits:
- Style and whitespace fixes
- Removed interfaces for default_t from ricci.te - this didn't seem right
- Removed link files from rgmanager_manage_tmpfs_files
- Removed rdisc.if patch. it was previously committed
- Not including kernel_kill interface call for rgmanager
- Not including ldap interfaces in rgmanager.te (currently not in refpolicy)
- Not including files_create_var_run_dirs call for rgmanager (not in refpolicy)
2010-05-24 13:08:08 -04:00
Jeremy Solt
b8c9879a8c
logrotate patch from Dan Walsh
2010-05-24 13:08:08 -04:00
Jeremy Solt
fdc0d0f77c
vpn patch from Dan Walsh
...
Edits:
- Removed userdom_read_home_certs
2010-05-24 13:08:08 -04:00
Jeremy Solt
37194ac055
dnsmasq patch from Dan Walsh
...
- cron_manage_pid_files call removed until further explanation
2010-05-24 13:08:07 -04:00
Jeremy Solt
2483d7ae56
Replace apache_delete_cache with apache_delete_cache_files in tmpreaper.te
2010-05-24 13:08:07 -04:00
Jeremy Solt
8daddcf37e
tmpreaper patch from Dan Walsh
2010-05-24 13:08:07 -04:00
Jeremy Solt
7605d2738c
Remove call to nagios_rw_inherited_tmp_files
2010-05-24 13:08:07 -04:00
Jeremy Solt
44dc1b9c21
netutils patch from Dan Walsh
...
Edits:
- Dropping term_use_all_terms and user_ping tunables for ping and traceroute
- Whitespace fixes
2010-05-24 13:08:07 -04:00
Jeremy Solt
4ac0cd30fa
Remove nagios_rw_inherited_tmp_files interface
2010-05-24 13:08:07 -04:00
Jeremy Solt
99bbe34881
Nagios patch from Dan Walsh
...
Edits:
- Removed permissive lines
- Removed tunable for broken symptoms
- Style and whitespace fixes
2010-05-24 13:08:07 -04:00
Jeremy Solt
599e8ff702
Create type and allow squid to manage its own tmpfs files
2010-05-24 13:08:07 -04:00
Jeremy Solt
d86c09846b
squid patch from Dan Walsh
...
Edits:
- Added netport to corenetwork.te.in
2010-05-24 13:08:07 -04:00
Jeremy Solt
fb543d0df1
remove rules for nx_server_home_ssh_t since they are already provided by the ssh template
2010-05-24 13:08:07 -04:00
Jeremy Solt
316cdb1d0d
nx patch from Dan Walsh
...
Edits:
- Style and whitespace fixes
- Removed read_lnk_files_pattern from nx_read_home_files
- Delete declaration of nx_server_home_ssh_t and files_type since the template already does this
2010-05-24 13:08:07 -04:00
Chris PeBenito
d9e4cbd2ce
Postfix patch from Dan Walsh.
2010-05-21 08:56:49 -04:00
Chris PeBenito
9fe1b540b8
Prelink patch from Dan Walsh.
2010-05-20 08:54:51 -04:00
Chris PeBenito
9ea85eaa8b
Sendmail patch from Dan Walsh.
2010-05-20 08:36:38 -04:00
Chris PeBenito
b276e36914
Procmail patch from Dan Walsh.
2010-05-20 08:17:06 -04:00
Chris PeBenito
e19b8d1c2e
MTA patch from Dan Walsh.
2010-05-19 09:00:39 -04:00
Chris PeBenito
088b65e52b
SSH patch from Dan Walsh.
2010-05-19 08:31:17 -04:00
Chris PeBenito
4e698b0fca
Cups patch from Dan Walsh.
2010-05-18 10:59:37 -04:00
Chris PeBenito
e2c9450235
Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file. Module version bump for d56b33a
.
2010-05-18 10:28:17 -04:00
Chris Richards
d56b33a1e4
Create new interface and type for managing /etc/udev/rules.d
...
udev_var_run_t is used for managing files in /etc/udev/rules.d as well as other files, including udev pid files. This patch creates a type specifically for rules.d files, and an interface for managing them. It also gives access to this type to initrc_t so that rules can be properly populated during startup. This also fixes a problem on Gentoo where udev rules are NOT properly populated on startup.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-05-18 10:20:55 -04:00
Chris PeBenito
1b2f08ea10
Abrt patch from Dan Walsh.
2010-05-18 10:18:12 -04:00
Chris PeBenito
e9e43f04b3
Plymouthd policy from Dan Walsh.
2010-05-18 09:54:18 -04:00
Chris PeBenito
b0c2cae14a
Hal patch from Dan Walsh.
...
Lots of random access for hal.
2010-05-18 09:06:36 -04:00
Chris PeBenito
2e4e39d26a
Loadkeys patch from Dan Walsh.
2010-05-14 11:40:26 -04:00
Chris PeBenito
84940a0995
Java patch from Dan Walsh.
...
Additional java context
unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled
We want unconfined java apps to transition to rpm when they execute rpm_exec_t. To maintain proper labeling.
2010-05-14 10:40:59 -04:00
Chris PeBenito
299db7080c
CVS patch from Dan Walsh.
...
cvs needs dac_override when it tries to read shadow
2010-05-14 10:24:11 -04:00
Chris PeBenito
bcc6e65421
SETroubleshoot patch from Dan Walsh.
...
Policy to handle the fixit button in setroubleshoot.
2010-05-13 13:22:53 -04:00
Chris PeBenito
ada61e1529
Asterisk patch from Dan Walsh.
...
asterisk_manage_lib_files(logrotate_t)
asterisk_exec(logrotate_t)
Needs net_admin
Drops capabilities
connects to unix_stream
execs itself
Requests kernel load modules
Execs shells
Connects to postgresql and snmp ports
Reads urand and generic usb devices
Has mysql and postgresql back ends
sends mail
2010-05-13 11:35:58 -04:00
Chris PeBenito
24e0b9b3a4
Munin patch from Dan Walsh.
2010-05-13 11:20:54 -04:00
Chris PeBenito
16070400a8
RPM patch from Dan Walsh.
2010-05-11 11:11:40 -04:00
Chris PeBenito
27afb97c29
Minor fixes on a2524cf
. Module version bump.
2010-05-11 08:33:04 -04:00
Chris PeBenito
aeb7a4e180
Whitespace fixes on cobbler.
2010-05-11 08:23:02 -04:00
Jeremy Solt
a2524cfa77
cobbler patch from Dan Walsh
2010-05-11 08:17:33 -04:00
Chris PeBenito
fb3fc9e4f0
Cyrus patch from Dan Walsh.
2010-05-03 15:14:50 -04:00
Chris PeBenito
4804cd43a0
Clamav patch from Dan Walsh.
2010-05-03 15:01:35 -04:00
Chris PeBenito
d8eb3c71c6
Dovecot patch from Dan Walsh.
2010-05-03 14:37:19 -04:00
Chris PeBenito
baea7b1dc6
Networkmanager patch from Dan Walsh.
2010-05-03 14:01:26 -04:00
Chris PeBenito
03a6e03926
Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t.
2010-05-03 11:17:16 -04:00
Chris PeBenito
a3108c60c0
Consolekit patch from Dan Walsh.
2010-05-03 10:21:48 -04:00
Chris PeBenito
b0076a1413
Arpwatch patch from Dan Walsh.
2010-05-03 09:49:33 -04:00
Chris PeBenito
98ac98623c
Dbus patch from Dan Walsh.
2010-05-03 09:34:42 -04:00
Chris PeBenito
61738f11ec
Devicekit patch from Dan Walsh.
2010-05-03 09:01:46 -04:00
Chris PeBenito
857d37e84a
GPG patch from Dan Walsh.
2010-04-30 15:24:19 -04:00
Chris PeBenito
87a9469fc9
Add networking rules for spamd to connect to mysql/postgresql over the network, from Chris St. Pierre.
2010-04-27 10:31:47 -04:00
Chris PeBenito
45696ab282
Add missing secmark rules in ntop, from Dominick Grift.
2010-04-27 09:31:30 -04:00
Chris PeBenito
a53c6c65a4
FTP patch from Dan Walsh.
2010-04-26 15:15:23 -04:00
Chris PeBenito
d7ebbd9d22
Module version bump for 34838aa
.
2010-04-26 13:40:21 -04:00
Jeremy Solt
34838aa62a
Samba patch from Dan Walsh
...
- signal interfaces
- fusefs support
- bug 566984: getattrs on all blk and chr files
Did not include:
- changes related to samba_unconfined_script_t and samba_unconfined_net_t
- samba_helper_template (didn't appear to be used)
- manage_lnk_files_pattern in samba_manage_var_files
- signal allow rule in samba_domtrans_winbind_helper
- samba_role_notrans
- userdom_manage_user_home_content
Some style and spacing fixes
2010-04-26 13:28:21 -04:00
Chris Richards
9b3e798ea3
bootmisc init script, 2nd try
...
Allow to create /var/lock/.keep. This prevents Portage from destroying /var/lock under certain conditions. This patch is Gentoo specific.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-04-26 12:59:12 -04:00
Chris PeBenito
05a2e3e2d7
Lircd patch from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
e07fbc004d
Add DenyHosts from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
44b3808ba5
Djbdns patch from Dan Walsh.
2010-04-26 12:59:02 -04:00
Chris PeBenito
4a8bd017aa
Module version bump and extra comments for 194d61f
.
2010-04-24 08:10:43 -04:00
Chris Richards
194d61fd3c
modutils patch for update-modules
...
update-modules on Gentoo throws errors when run because it sources /etc/init.d/functions.sh, which always scans /var/lib/init.d to set SOFTLEVEL environment var. This is never used by update-modules.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:08:15 -04:00
Chris PeBenito
78352db924
Module version bump for 8c38fba
.
2010-04-24 08:07:51 -04:00
Chris Richards
8c38fba0f0
allow syslog-ng to setrlimit
...
syslog-ng wants to increase the number of permissible open files from 256 to 4096 on unix/linux systems.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:02:23 -04:00
Chris PeBenito
5c3274d7bf
Module version bump for 4b121a5
.
2010-04-19 10:23:11 -04:00
Chris PeBenito
46879922d8
Additional whitespace fix in nis.
2010-04-19 10:20:19 -04:00
Jeremy Solt
f49fc19e5a
Style changes
2010-04-19 10:19:46 -04:00
Jeremy Solt
4b121a5f53
nis patch from Dan Walsh
...
Made a couple style changes.
Removed unnecessary require in nis_use_ypbind interface
2010-04-19 10:19:44 -04:00
Chris PeBenito
da5940411c
Additional whitespace fixes in certmonger.
2010-04-19 10:17:24 -04:00
Jeremy Solt
0e5494a3d9
Fix some whitespace and style issues.
2010-04-19 10:07:20 -04:00
Jeremy Solt
33793ec2ce
certmonger policy from Dan Walsh
...
Removed manage_var_run and manage_var_lib interfaces
Added missing requires to admin interface
Removed permissive line
Fixed some spacing / style issues
2010-04-19 10:07:17 -04:00
Chris PeBenito
86ff008754
Module version bump for 4f7b413
.
2010-04-19 10:05:22 -04:00
Jeremy Solt
e6e2a769ac
Remove excess white space from ntop.te
...
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt
4f7b413cdc
Ntop policy from Dan Walsh
...
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito
98759716fe
Module version bump for 46e16a2
.
2010-04-19 09:54:13 -04:00
Jeremy Solt
d86d4f6069
Move optional policy to correct location for style
2010-04-19 09:50:42 -04:00
Jeremy Solt
01bfe1d20e
kerberos patch from Dan Walsh
2010-04-19 09:50:39 -04:00
Chris PeBenito
46e16a2d2a
Use port range notation in corenetwork where it makes sense.
2010-04-13 11:55:04 -04:00
Chris PeBenito
3829eecb12
Clean up output of generated corenetwork.te.
2010-04-13 11:52:09 -04:00
Chris PeBenito
85e71c86da
Fix network_port() in corenetwork to correctly handle port ranges.
2010-04-13 11:06:02 -04:00
KaiGai Kohei
ec8d32c8e9
[BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)
...
I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.
In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.
And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.
2010-04-12 10:37:21 -04:00
Chris PeBenito
23ad802a9d
Module version bump for 5d3214f
and 795b733
.
2010-04-12 10:01:39 -04:00
Jeremy Solt
795b733a71
pcscd patch from Dan Walsh: manage pub files and fifo files
2010-04-12 09:10:37 -04:00
Jeremy Solt
5d3214f5a9
gpsd path from Dan Walsh
2010-04-12 09:07:50 -04:00
Chris PeBenito
e399e3abea
Add devtmpfs labeling.
2010-04-07 08:55:33 -04:00
Dominick Grift
91b12ad94c
Move kernel_request_load_module(gssd_t) to the proper place.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:22 -04:00
Dominick Grift
6d9925c872
Fix requires for apache tmp interfaces.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:12 -04:00
Chris PeBenito
b577852a98
Portreserve patch from Dan Walsh.
2010-04-05 14:50:23 -04:00
Chris PeBenito
38db49c545
PPP patch from Dan Walsh.
2010-04-05 14:38:30 -04:00
Chris PeBenito
372acd0037
Rpc patch from Dan Walsh.
2010-04-05 14:26:21 -04:00
Chris PeBenito
20fa703294
Whitespace fixes on Apache.
2010-04-05 14:05:05 -04:00
Chris PeBenito
da0608ba38
Module version bump for 170a46d
, f8b3b7f
, and a49a82c
.
2010-04-05 13:49:00 -04:00
Chris PeBenito
b7d3db1860
Tweak for 170a46d
.
2010-04-05 13:48:01 -04:00
Jeremy Solt
a49a82c295
snort patch from Dan Walsh
...
Didn't rearrange all the kernel calls, but did add the kernel_request_load_module.
Didn't include the usbmod (doesn't exist in refpolicy at this time).
Included the generic usb device permissions because snort uses libpcap, which can also be used to monitor USB traffic, so this may be a side effect.
From the red hat bug (559861), it sounds as though snort was failing without these permissions, so it doesn't look like a dontaudit would work.
2010-04-05 13:46:11 -04:00
Jeremy Solt
f8b3b7fa48
Nut policy from Dan Walsh
...
Dropped optional policy for shutdown_domtrans
Dropped commented can_exec line
2010-04-05 13:45:31 -04:00
Jeremy Solt
170a46d6c5
memcached patch from Dan Walsh
...
Moved term_dontaudits up for style
2010-04-05 13:43:58 -04:00
Chris PeBenito
60def66b13
Second part of Apache patch from Dan Walsh.
2010-04-05 10:57:52 -04:00
Chris PeBenito
83caba3eb9
First part of apache patch from Dan Walsh: file context changes, including renaming script ro/ra/rw files.
2010-04-01 08:17:50 -04:00
Chris PeBenito
25d81d2655
Tor patch from Dan Walsh.
2010-03-29 14:30:52 -04:00
Chris PeBenito
2b93b88584
Sssd patch from Dan Walsh.
2010-03-29 14:08:52 -04:00
Chris PeBenito
ee2d2dda24
Add usbmuxd from Dan Walsh.
2010-03-29 13:29:18 -04:00
Chris PeBenito
6d4dbd20ae
Vhostmd from Dan Walsh.
2010-03-29 11:25:06 -04:00
Chris PeBenito
bf54d5be44
Module version bumps for c586c1b
, dcbb332
, 4c05dff
, 84ce9c3
, 2b012ba
, and 1868383
.
2010-03-29 09:21:59 -04:00
Chris PeBenito
ad0071bbe4
Tweaks on pulseaudio 1868383
, ksmtuned d279dd6
, and smokeping f3c346c
.
2010-03-29 09:19:40 -04:00
Jeremy Solt
f3c346cc07
Smokeping policy from Dan Walsh
...
Made some style / spacing changes
Did not include read access to /etc/shadow
Removed manage_var_run and manage_var_lib interfaces
Removed permissive line
2010-03-29 08:46:30 -04:00
Jeremy Solt
18683835fd
pulseaudio patch from Dan Walsh
...
Fixed template where it should have been interface
Replaced read_home and manage_home interfaces with read_home_files, manage_home_files and reduced access
Removed admin_dir reference
Replaced rtkit_daemon_system_domain with rtkit_scheduled
Fixed style / spacing issues
2010-03-29 08:41:45 -04:00
Jeremy Solt
d279dd603f
ksmtuned policy from Dan Walsh
...
Couple style/space fixes.
Used ps_process_pattern in admin interface
2010-03-29 08:36:53 -04:00
Jeremy Solt
2b012bacb6
Prelude patch from Dan Walsh
2010-03-29 08:36:15 -04:00
Jeremy Solt
84ce9c3333
Bluetooth patch (sys_admin and debugfs) from Dan Walsh
...
Added comments to reference redhat bugs
2010-03-29 08:36:05 -04:00
Jeremy Solt
4c05dff3d1
avahi patch from Dan Walsh
...
Didn't include the file read in the dbus_chat interface.
2010-03-29 08:36:00 -04:00
Jeremy Solt
dcbb332992
chronyd patch from Dan Walsh
...
Fixed a couple style/spacing issues.
Added files_search_etc for chronyd_keys file
2010-03-29 08:35:52 -04:00
Jeremy Solt
c586c1bfa6
Give dcc setgid from Dan Walsh
2010-03-29 08:35:34 -04:00
Chris PeBenito
7656af7a6f
Module version bump for c37d843
.
2010-03-23 08:07:19 -04:00
Chris PeBenito
be8311279e
Minor bind XML tweaks.
2010-03-23 08:05:00 -04:00
Jeremy Solt
c37d843fa1
bind patch from Dan Walsh
...
some fixes in interfaces, added bind_setattr_zone_dirs interface
sysnet_read_config not needed with auth_use_nsswitch
Did not include init_read_script_tmp_files for named_t
2010-03-23 08:01:05 -04:00
Chris PeBenito
390b8a821b
Radvd patch from Dan Walsh.
2010-03-22 15:19:50 -04:00
Chris PeBenito
1b22152c2c
Rdisc patch from Dan Walsh.
2010-03-22 15:09:27 -04:00
Chris PeBenito
6c40309ef1
Module version bump for 1d348bd
.
2010-03-22 13:53:24 -04:00
Jeremy Solt
1d348bd253
Afs needs sys_admin, sends signals, and resolves hostnames from Dan Walsh
2010-03-22 13:52:19 -04:00
Chris PeBenito
df29613c72
Module version bump for 75c8a69
.
2010-03-22 13:51:35 -04:00
Jeremy Solt
75c8a691ee
gitosis read/manage lib interfaces from Dan Walsh
...
Only giving manage_files_pattern for gitosis_manage_lib_files
2010-03-22 13:48:39 -04:00
Chris PeBenito
cf7eb082d2
Sasl patch from Dan Walsh.
2010-03-22 11:22:25 -04:00
Chris PeBenito
449d2069ac
Snmp patch from Dan Walsh.
2010-03-22 11:08:31 -04:00
Chris PeBenito
08d7c7339b
Sysstat patch from Dan Walsh.
2010-03-22 10:47:41 -04:00
Chris PeBenito
98ac3f5ace
Telnet patch from Dan Walsh.
2010-03-22 10:40:37 -04:00
Chris PeBenito
461b53e028
Tuned patch from Dan Walsh.
2010-03-22 10:33:31 -04:00
Chris PeBenito
7630200e1b
Virt patch from Dan Walsh.
2010-03-22 10:24:34 -04:00
Chris PeBenito
064d1b469e
Rename rtkit_schedule() to rtkit_scheduled().
2010-03-22 09:54:58 -04:00
Chris PeBenito
e13a9ef5fe
Module version bump for ac19f1a
.
2010-03-22 08:59:04 -04:00
Chris PeBenito
c7a4cf3179
Module version bump for 9681df1
.
2010-03-22 08:58:41 -04:00
Chris PeBenito
32103f250f
Module version bump for d3b5907
.
2010-03-22 08:58:20 -04:00
Chris PeBenito
340af119b0
Minor tweaks on icecast.
2010-03-22 08:56:32 -04:00
Jeremy Solt
584dfaca45
icecast policy from Dan Walsh
...
Fixed some style and spacing issues
Replace manage_var_run interface with manage_pid_files with fewer permissions
Replaced rkit_daemon_system_domain with rtkit_schedule
2010-03-22 08:49:54 -04:00
Jeremy Solt
ac19f1ac26
rtkit patch from Dan Walsh:
...
rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
Needs sys_nice capability
Needs to getsched on all domains.
Fix bug in te file
Me:
changed interface name from rtkit_daemon_system_domain to rtkit_schedule
Already had sys_nice capability
2010-03-22 08:41:42 -04:00
Jeremy Solt
9681df1c8d
postgresql patch from Dan Walsh:
...
"File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info"
Moved signal interface for style.
2010-03-22 08:39:15 -04:00
Jeremy Solt
d3b5907ea4
openvpn needs ipc_lock capability, connects to http ports,
...
and manages net_conf_t files - from Dan Walsh
2010-03-22 08:36:47 -04:00
Chris PeBenito
47293bd8d6
Tftp patch from Dan Walsh.
2010-03-19 15:56:14 -04:00
Chris PeBenito
788ba75491
Uucp patch from Dan Walsh.
2010-03-19 15:49:12 -04:00
Chris PeBenito
bed0a44560
Zebra patch from Dan Walsh.
2010-03-19 15:45:25 -04:00
Chris PeBenito
bc31d12725
Libraries patch from Dan Walsh.
2010-03-19 14:21:23 -04:00
Chris PeBenito
0d86ea1d7b
Xen patch from Dan Walsh.
2010-03-19 11:54:50 -04:00
Chris PeBenito
b60df9f57d
Getty patch from Dan Walsh.
2010-03-19 11:05:56 -04:00
Chris PeBenito
1fa92b8a55
Sysnetwork patch from Dan Walsh.
2010-03-18 15:40:04 -04:00
Chris PeBenito
ddd786e404
Init patch from Dan Walsh.
2010-03-18 10:19:49 -04:00
Chris PeBenito
153ed8751a
Authlogin patch from Dan Walsh.
2010-03-18 08:59:25 -04:00
Chris PeBenito
4fbcd778de
Iptables patch from Dan Walsh.
2010-03-18 08:10:21 -04:00
Chris PeBenito
a124c0a81f
Udev patch from Dan Walsh.
2010-03-17 15:17:48 -04:00
Chris PeBenito
7a8807b627
Logging patch from Dan Walsh.
2010-03-17 14:40:06 -04:00
Chris PeBenito
90e65feca5
Ipsec patch from Dan Walsh.
2010-03-17 13:52:07 -04:00
Chris PeBenito
d13c6758a4
Modutils patch from Dan Walsh.
2010-03-17 11:59:14 -04:00
Chris PeBenito
0417386142
Kernel patch from Dan Walsh.
2010-03-17 11:16:25 -04:00
Chris PeBenito
1f6d975502
Domain patch from Dan Walsh.
2010-03-17 10:02:07 -04:00
Chris PeBenito
7b50b7053d
Module version bump for 6a03548
.
2010-03-17 09:42:46 -04:00
Jeremy Solt
6a035482dc
amavis uses uptime which reads utmp, and reads certs - from Dan Walsh
2010-03-17 09:41:18 -04:00
Chris PeBenito
827060cb04
Style fixes and module version bumps for 38fc1bd
.
2010-03-17 09:28:18 -04:00
Dominick Grift
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
Chris PeBenito
2a62db7883
Module version bump for 414a570
.
2010-03-16 15:28:36 -04:00
Jeremy Solt
414a5704df
fetchmail executes programs in bin (uname), from Dan Walsh
2010-03-16 15:27:40 -04:00
Chris PeBenito
e8871c2092
Add additional documentation to kernel_request_load_module().
2010-03-16 15:08:00 -04:00
Chris PeBenito
5911f3dbca
Module version bump for 935151a
.
2010-03-16 14:35:09 -04:00
Chris PeBenito
c6491af860
Module version bump for d12f18e
.
2010-03-16 14:34:50 -04:00
Chris PeBenito
9a59893e5a
Module version bump for d7ec247
.
2010-03-16 14:34:23 -04:00
Chris PeBenito
9570fc108e
Module version bump for 591af7b
.
2010-03-16 14:34:05 -04:00
Chris PeBenito
ce693cbbec
Module version bump for ae07c9e
.
2010-03-16 14:33:43 -04:00
Chris PeBenito
1656bf730f
Whitespace fixes in mailman.
2010-03-16 13:51:51 -04:00
Jeremy Solt
935151afcd
Change kernel_load_module to kernel_request_load_module for howl from Dan Walsh
2010-03-16 13:44:55 -04:00
Jeremy Solt
d12f18e452
Change kernel_load_module to kernel_request_load_module from Dan Walsh
2010-03-16 13:44:52 -04:00
Jeremy Solt
d7ec24785b
File context update for certmaster from Dan Walsh
2010-03-16 13:44:50 -04:00
Jeremy Solt
591af7be0c
file context updates from Dan Walsh
2010-03-16 13:44:48 -04:00
Jeremy Solt
ae07c9e2e8
Screen needs to setattr on user_ttydevice_t from Dan Walsh
2010-03-16 13:36:45 -04:00
Chris PeBenito
fad6e761bf
Whitespace fix for mcelog.
2010-03-16 13:15:38 -04:00
Chris PeBenito
fce868d074
Module version bump for f7d413a
.
2010-03-16 13:15:00 -04:00
Chris PeBenito
bf140fc32c
Rearrange interfaces in fail2ban.
2010-03-16 13:14:46 -04:00
Chris PeBenito
580279da88
Module version bump for 74b51e6
.
2010-03-16 13:12:22 -04:00
Chris PeBenito
6bc64c4be7
Whitespace fixes for smoltclient.
2010-03-16 13:11:53 -04:00
Chris PeBenito
ba1c45337b
Module version bump for 3137148
.
2010-03-16 13:10:14 -04:00
Jeremy Solt
1484157201
mcelog policy from Dan Walsh
...
Me: Removed permissive line, and fixed a couple style issues
2010-03-16 11:47:07 -04:00
Jeremy Solt
f7d413af27
fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh
...
Did not include dontaudit_leaks interface
Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set
2010-03-16 11:44:35 -04:00
Jeremy Solt
74b51e6db2
Firstboot sends dbus messages from Dan Walsh
...
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
2010-03-16 11:43:36 -04:00
Jeremy Solt
257a2788cd
Policy for smolt sendProfile client from Dan Walsh
2010-03-16 11:37:56 -04:00
Jeremy Solt
31371480b0
Run interface for ptchown from Dan Walsh
2010-03-16 11:34:58 -04:00
Chris PeBenito
37e2499ed1
Module version bump for 1d3d00b
.
2010-03-12 11:43:09 -05:00
Chris PeBenito
ce0570dc6d
Module version bump for e172614
.
2010-03-12 11:42:28 -05:00
Chris PeBenito
7af0e9bc95
Filesystem patch from Dan Walsh.
2010-03-12 11:40:59 -05:00
Chris PeBenito
9e506eb236
Rearrange lines in alsa an mysql.
2010-03-12 08:59:23 -05:00
Chris PeBenito
e172614b57
Whitespace cleanup on mysql.if.
2010-03-12 08:55:34 -05:00
Jeremy Solt
1d3d00b279
Manage alsa writable config files interface from Dan Walsh
...
Moved term_dontaudit_use_console for style.
2010-03-12 08:54:29 -05:00
Jeremy Solt
12a6a53f63
mysql policy from Dan Walsh
...
My changes to patch:
A couple changes to match style.
Removed files_dontaudit_search_all_mountpoints(mysqld_safe_t), it doesn't exist in refpolicy
2010-03-12 08:54:29 -05:00
Chris PeBenito
2f0e3a4e7e
Raid patch from Dan Walsh.
2010-03-09 15:33:29 -05:00
Chris PeBenito
30496b1575
Iscsi and tgtd patches from Dan Walsh.
2010-03-09 15:17:16 -05:00
Chris PeBenito
939eaf2f13
Fstools patch from Dan Walsh.
2010-03-09 14:32:17 -05:00
Chris PeBenito
d0a6df5c47
Miscfiles patch from Dan Walsh.
2010-03-09 10:44:55 -05:00
Chris PeBenito
547d62ea9e
Module version bump for ddae1cc
.
2010-03-09 09:34:30 -05:00
Jeremy Solt
ddae1cc9ec
Creates sock files in /tmp, reads network state. - From Dan Walsh
...
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
2010-03-09 09:32:23 -05:00
Chris PeBenito
bd063de6c4
Fix another corenetwork typo.
2010-03-08 11:04:40 -05:00
Chris PeBenito
6f9c3c4895
Module version bump for 42fa15b
.
2010-03-08 10:03:18 -05:00
Chris PeBenito
b193389baa
Module version bump for 3fcdc39
.
2010-03-08 10:02:58 -05:00
Chris PeBenito
5dac50953f
Module version bump for cf3da95
.
2010-03-08 10:02:34 -05:00
Chris PeBenito
e2e1b6721b
Minor style fixes.
2010-03-08 10:00:55 -05:00
Jeremy Solt
42fa15ba75
Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
3fcdc39764
shorewall log file from Dan Walsh
2010-03-08 09:34:37 -05:00
Jeremy Solt
cf3da95084
Allow cdrecord_t to execute bin_t from Dan Walsh
...
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito
4af2b3fb98
Add back missing s0 on network_port().
2010-03-08 07:59:56 -05:00
Chris PeBenito
09b92dcc3c
Guest patch from Dan Walsh.
2010-03-05 14:09:49 -05:00
Chris PeBenito
9c709c46a1
Corenetwork patch from Dan Walsh.
2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b
Corecommands patch from Dan Walsh.
2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc
Devices patch from Dan Walsh.
2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba
Storage patch from Dan Walsh.
2010-03-04 14:23:44 -05:00
Dominick Grift
183f79e38e
Fix cobbler_admin interface to require cobblerd_initrc_exec_t.
...
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-04 14:12:41 -05:00
Chris PeBenito
eeb7616f5e
Corenetwork patch from Dan Walsh.
2010-03-04 13:50:46 -05:00
Chris PeBenito
1112a5bc20
Module version bump for be47d75.
2010-03-04 09:18:04 -05:00
Chris PeBenito
ec0205ff73
Module version bump for e1e78df.
2010-03-04 09:18:04 -05:00
Chris PeBenito
b7070a9f3d
Module version bump for 52b215f.
2010-03-04 09:18:04 -05:00
Chris PeBenito
cb6385d0ba
Module version bump for cf5e81d.
2010-03-04 09:18:04 -05:00
Chris PeBenito
c4faa1db8e
Module version bump for 96b7e9f.
2010-03-04 09:18:04 -05:00
Chris PeBenito
812f30af02
Module version bump for a005018.
2010-03-04 09:18:04 -05:00
Chris PeBenito
4931c57e4b
Add additional comments for e1e78df.
2010-03-04 09:18:04 -05:00
Jeremy Solt
4d2680e508
hotplug transition to brctl from Dan Walsh
2010-03-04 09:18:04 -05:00
Jeremy Solt
9a1f0d21e1
Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
...
Patch from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
15ae77bd77
Domain transition for apmd to vbetool from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
6a9ef9e852
gen_require typo fix in dbadm.if from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
a739053cf5
Changed amavis_initrc_domtrans domain summary to match style.
2010-03-04 09:18:03 -05:00
Jeremy Solt
6665c3c768
Changed arpwatch_initrc_domtrans domain summary to match style.
...
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
2010-03-04 09:18:03 -05:00
Dominick Grift
d783374bc9
Various arpwatch fixes.
...
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
6eed0aa57c
Modified apcupsd_initrc_domtrans interface summary to match style.
...
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
2010-03-04 09:18:03 -05:00
Dominick Grift
eda6417669
Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.
...
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
3b814894c7
Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
...
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
2010-03-04 09:18:02 -05:00
Dominick Grift
88340b904a
Various amavis fixes.
...
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:02 -05:00
Chris PeBenito
402bbb9fe9
Improve documentation of udev_read_db().
2010-03-03 14:16:36 -05:00
Chris PeBenito
b675cec7f8
Improve documentation of seutil_sigchld_newrole().
2010-03-03 14:16:22 -05:00
Chris PeBenito
4a4436a778
Add examples to documentation of common corenetwork interfaces.
2010-03-03 13:42:15 -05:00
Chris PeBenito
a6bafb5a25
Module version bump for bf530f5
.
2010-03-03 13:11:58 -05:00
Dominick Grift
bf530f532c
Various permission set fixes.
...
Fix various interfaces to use permission sets for compatiblity with open permission.
Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.
The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
Chris PeBenito
b58db31da6
Improve the documentation of application_domain().
2010-03-03 10:37:58 -05:00
Chris PeBenito
d24a7df15c
Improve the documentation of auth_use_nsswitch().
2010-03-03 10:37:37 -05:00
Chris PeBenito
0bbb165448
Improve the documentation of nis_use_ypbind().
2010-03-03 10:37:15 -05:00