Commit Graph

2791 Commits

Author SHA1 Message Date
Jeremy Solt
cf3da95084 Allow cdrecord_t to execute bin_t from Dan Walsh
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito
4af2b3fb98 Add back missing s0 on network_port(). 2010-03-08 07:59:56 -05:00
Chris PeBenito
09b92dcc3c Guest patch from Dan Walsh. 2010-03-05 14:09:49 -05:00
Chris PeBenito
9c709c46a1 Corenetwork patch from Dan Walsh. 2010-03-05 13:46:46 -05:00
Chris PeBenito
4b23c6747b Corecommands patch from Dan Walsh. 2010-03-05 10:51:39 -05:00
Chris PeBenito
05351730cc Devices patch from Dan Walsh. 2010-03-04 15:30:22 -05:00
Chris PeBenito
febc7fdfba Storage patch from Dan Walsh. 2010-03-04 14:23:44 -05:00
Dominick Grift
183f79e38e Fix cobbler_admin interface to require cobblerd_initrc_exec_t.
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-04 14:12:41 -05:00
Chris PeBenito
eeb7616f5e Corenetwork patch from Dan Walsh. 2010-03-04 13:50:46 -05:00
Chris PeBenito
c9ab7707b3 add write to manage_lnk_file_perms. 2010-03-04 11:29:06 -05:00
Chris PeBenito
1112a5bc20 Module version bump for be47d75. 2010-03-04 09:18:04 -05:00
Chris PeBenito
ec0205ff73 Module version bump for e1e78df. 2010-03-04 09:18:04 -05:00
Chris PeBenito
b7070a9f3d Module version bump for 52b215f. 2010-03-04 09:18:04 -05:00
Chris PeBenito
cb6385d0ba Module version bump for cf5e81d. 2010-03-04 09:18:04 -05:00
Chris PeBenito
c4faa1db8e Module version bump for 96b7e9f. 2010-03-04 09:18:04 -05:00
Chris PeBenito
812f30af02 Module version bump for a005018. 2010-03-04 09:18:04 -05:00
Chris PeBenito
4931c57e4b Add additional comments for e1e78df. 2010-03-04 09:18:04 -05:00
Jeremy Solt
4d2680e508 hotplug transition to brctl from Dan Walsh 2010-03-04 09:18:04 -05:00
Jeremy Solt
9a1f0d21e1 Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
Patch from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt
15ae77bd77 Domain transition for apmd to vbetool from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt
6a9ef9e852 gen_require typo fix in dbadm.if from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt
a739053cf5 Changed amavis_initrc_domtrans domain summary to match style. 2010-03-04 09:18:03 -05:00
Jeremy Solt
6665c3c768 Changed arpwatch_initrc_domtrans domain summary to match style.
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
2010-03-04 09:18:03 -05:00
Dominick Grift
d783374bc9 Various arpwatch fixes.
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
6eed0aa57c Modified apcupsd_initrc_domtrans interface summary to match style.
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
2010-03-04 09:18:03 -05:00
Dominick Grift
eda6417669 Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt
3b814894c7 Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
2010-03-04 09:18:02 -05:00
Dominick Grift
88340b904a Various amavis fixes.
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:02 -05:00
Chris PeBenito
402bbb9fe9 Improve documentation of udev_read_db(). 2010-03-03 14:16:36 -05:00
Chris PeBenito
b675cec7f8 Improve documentation of seutil_sigchld_newrole(). 2010-03-03 14:16:22 -05:00
Chris PeBenito
4a4436a778 Add examples to documentation of common corenetwork interfaces. 2010-03-03 13:42:15 -05:00
Chris PeBenito
a6bafb5a25 Module version bump for bf530f5. 2010-03-03 13:11:58 -05:00
Dominick Grift
bf530f532c Various permission set fixes.
Fix various interfaces to use permission sets for compatiblity with open permission.

Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.

The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
Chris PeBenito
b58db31da6 Improve the documentation of application_domain(). 2010-03-03 10:37:58 -05:00
Chris PeBenito
d24a7df15c Improve the documentation of auth_use_nsswitch(). 2010-03-03 10:37:37 -05:00
Chris PeBenito
0bbb165448 Improve the documentation of nis_use_ypbind(). 2010-03-03 10:37:15 -05:00
Dominick Grift
4cb24aed7b Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
Chris PeBenito
c46376e665 Improve documentation for userdomain interfaces:
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00
Chris PeBenito
88daf126f2 Improve the documentation of domain interfaces:
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
Chris PeBenito
888d9e4652 Improve the documentation of ubac_constrained(). 2010-03-02 11:28:44 -05:00
Chris PeBenito
4e12649d4e Improve the documentation of devices interfaces:
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
Chris PeBenito
12f73d8b69 Improve filesystem interfaces:
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
Chris PeBenito
42f1b11482 Module version bump for 03dd57f. 2010-03-01 13:34:10 -05:00
Dominick Grift
03dd57fe7b Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
Chris PeBenito
7cf2858e4a Improve the documentation of files interfaces:
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
Chris PeBenito
5fb5bf2686 Additional docs for logging_log_filetrans(). 2010-03-01 10:38:24 -05:00
Chris PeBenito
42eb0f10a9 Improve the documentation of corenetwork interfaces
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
Chris PeBenito
14e543cb1c Improve the documentation of unconfined_domain(). 2010-02-26 13:47:17 -05:00
Chris PeBenito
45185c0783 Improve the documentation of logging_log_file() and logging_log_filetrans(). 2010-02-26 09:34:41 -05:00
Chris PeBenito
3a744d1275 Improve documentation of corecmd_exec_bin() and corecmd_exec_shell(). 2010-02-26 08:58:32 -05:00