Lukas Vrabec
72b2cda3a5
* Mon Jan 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-2
...
- Allow aide to mmap usr_t files BZ(1534182)
- Allow ypserv_t domain to connect to tcp ports BZ(1534245)
- Allow vmtools_t domain creating vmware_log_t files
- Allow openvswitch_t domain to acces infiniband devices
- Allow dirsrv_t domain to create tmp link files
- Allow pcp_pmie_t domain to exec itself. BZ(153326)
- Update openvswitch SELinux module
- Allow virtd_t to create also sock_files with label virt_var_run_t
- Allow chronyc_t domain to manage chronyd_keys_t files.
- Allow logwatch to exec journal binaries BZ(1403463)
- Allow sysadm_t and staff_t roles to manage user systemd services BZ(1531864)
- Update logging_read_all_logs to allow mmap all logfiles BZ(1403463)
- Add Label systemd_unit_file_t for /var/run/systemd/units/
2018-01-15 17:33:37 +01:00
Lukas Vrabec
22c9764fc4
Update new sources to reflect changes related to python3 dependency
2018-01-08 18:44:57 +01:00
Lukas Vrabec
51dc83b2d4
Commit removes big SELinux policy patches against tresys refpolicy.
...
We're quite diverted from upstream policy. This change will use tarballs
from github projects:
https://github.com/fedora-selinux/selinux-policy
https://github.com/fedora-selinux/selinux-policy-contrib
2018-01-08 18:28:27 +01:00
Dan Walsh
164fa392ee
Fix config.tgz to include lxc_contexts and systemd_contexts
2013-11-14 11:05:22 -05:00
Miroslav Grepl
0f9b0de389
Upload new upstream sources
2013-11-13 15:27:57 +01:00
Miroslav Grepl
e4104d9fc0
Upload updated config.tgz
2013-11-12 12:22:03 +01:00
Miroslav Grepl
e5e41801b0
Upload new upstream sources
2013-01-08 11:50:45 +01:00
Miroslav Grepl
a270091f19
Make rawhide == f18
2012-12-17 17:21:00 +01:00
Miroslav Grepl
46a9c6067c
* Thu Aug 2 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-0
...
- Update to upstream
2012-08-02 07:43:02 +02:00
Miroslav Grepl
d68342900a
fix sources
2012-06-07 13:40:47 +02:00
Miroslav Grepl
e392eca2af
Upload new sources
2012-06-06 16:09:49 +02:00
Miroslav Grepl
3f8c0984d4
Upload the right source file
2011-06-27 18:20:35 +02:00
Miroslav Grepl
ade486af72
Update to upstream
2011-06-27 18:02:16 +02:00
Miroslav Grepl
6726024e43
Update to upstream
2011-03-08 18:28:56 +00:00
Miroslav Grepl
7288282fd4
- Update to upstream
2011-02-16 18:45:08 +00:00
Dan Walsh
812781becc
- Update to ref policy
...
- cgred needs chown capability
- Add /dev/crash crash_dev_t
2011-02-08 17:50:40 -05:00
Miroslav Grepl
86b1f12f92
- Update to upstream
2011-01-17 18:42:12 +00:00
Miroslav Grepl
d6c5f3679b
Update to upstream
2010-12-20 17:43:48 +00:00
Miroslav Grepl
0ba6b243f7
- Update to upstream
...
- Fix version of policy in spec file
2010-12-15 11:03:25 +00:00
Miroslav Grepl
05f913e88b
- Update to upstream
...
- Cleanup for sandbox
- Add attribute to be able to select sandbox types
2010-11-25 12:21:34 +00:00
Dan Walsh
f4eab7417d
Remove bad tar ball from src
2010-11-16 10:59:45 -05:00
Miroslav Grepl
582d2c5d2c
- Update to upstream
...
- Dontaudit leaked sockets from userdomains to user domains
- Fixes for mcelog to handle scripts
- Apply patch from Ruben Kerkhof
- Allow syslog to search spool dirs
2010-11-16 09:46:19 +01:00
Dan Walsh
3e0b7834a6
- Update to upstream
...
- Add vlock policy
2010-11-05 14:22:36 -04:00
Dan Walsh
06262c1566
- Update to upstream
...
- Add vlock policy
2010-11-05 12:40:07 -04:00
Dan Walsh
7a208696f9
- Dontaudit sandbox sending sigkill to all user domains
...
- Add policy for rssh_chroot_helper
- Add missing flask definitions
- Allow udev to relabelto removable_t
- Fix label on /var/log/wicd.log
- Transition to initrc_t from init when executing bin_t
- Add audit_access permissions to file
- Make removable_t a device_node
- Fix label on /lib/systemd/*
2010-10-28 15:55:48 -04:00
Dan Walsh
5a152bc135
- Update to upstream
2010-10-12 16:47:46 -04:00
Dan Walsh
6f934680a8
- Allow smbd to use sys_admin
...
- Remove duplicate file context for tcfmgr
- Update to upstream
2010-10-07 14:55:49 -04:00
Dan Walsh
a24e6a6700
- Update to upstream
2010-09-16 07:59:03 -04:00
Dan Walsh
a0e8efd42c
- Update to upstream
2010-09-13 16:17:15 -04:00
Dan Walsh
64d84cf8ec
Allow iptables to read shorewall tmp files
...
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
2010-09-08 14:17:07 -04:00
Dan Walsh
482c9f3ad9
- Merge upstream fix of mmap_zero
...
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
2010-09-02 13:43:28 -04:00
Dan Walsh
a7a2367a59
- Merge with upstream
2010-08-30 17:34:52 -04:00
Dan Walsh
6578cf7413
- More access needed for devicekit
...
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14
- Merge with upstream
2010-08-26 20:35:53 -04:00
Daniel J Walsh
7f5d8f30d0
- Update boinc policy
...
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
2010-07-27 17:28:04 +00:00
Daniel J Walsh
d66bec6356
- Update to latest policy
2010-07-20 17:48:36 +00:00
Daniel J Walsh
0f2ae00c61
- Update to upstream
2010-07-15 13:11:25 +00:00
Daniel J Walsh
6c42218d9d
-Update to upstream
2010-06-28 17:19:34 +00:00
Daniel J Walsh
fa98e0ec52
-Update to upstream
2010-06-21 14:31:26 +00:00
Daniel J Walsh
5f371acada
-Update to upstream
2010-06-18 20:14:28 +00:00
Daniel J Walsh
b39ccca147
- Update to upstream
2010-06-08 21:23:21 +00:00
Daniel J Walsh
632048ceb1
- Update to upstream
...
- Allow prelink script to signal itself
- Cobbler fixes
2010-06-07 21:15:35 +00:00
Daniel J Walsh
bc4089cfaa
- Update to upstream
2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34
- Update to upstream
2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e
- Merge with upstream
2010-02-16 22:10:14 +00:00
Daniel J Walsh
a62c6405cc
- Lots of fixes found in F12
2010-02-02 16:41:03 +00:00
Daniel J Walsh
faec5c2a14
- Update to upstream
2010-01-18 22:40:25 +00:00
Daniel J Walsh
fc05ac0660
- Move users file to selection by spec file.
...
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
2010-01-11 22:06:55 +00:00
Daniel J Walsh
468fe0b647
- Update to upstream
2010-01-08 22:03:53 +00:00
Daniel J Walsh
b2ccd1a9c8
Update packages
2009-12-18 21:09:01 +00:00
Daniel J Walsh
9eef358da0
- Update to upstream release
2009-12-10 19:20:14 +00:00
Daniel J Walsh
f2a1dcd3d4
- Add asterisk policy back in
...
- Update to upstream release 2.20091117
2009-11-25 20:19:12 +00:00
Daniel J Walsh
ee88b050c5
- Add asterisk policy back in
2009-11-20 16:55:54 +00:00
Daniel J Walsh
55acbfd715
- Update to upstream release 2.20091117
2009-11-18 22:22:56 +00:00
Daniel J Walsh
5e44eb8657
- Update to upstream
2009-11-14 05:18:01 +00:00
Daniel J Walsh
69290fd9df
- Update to upstream
...
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
ab8f807545
- More fixes
2009-09-09 21:08:02 +00:00
Daniel J Walsh
65c3f9a0a8
- Update to upsteam
2009-08-31 21:27:50 +00:00
Daniel J Walsh
faf9cbbc4b
- Update to upstream
2009-08-28 20:55:16 +00:00
Daniel J Walsh
40243d944f
- Allow cupsd_config_t to be started by dbus
...
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5
- Add policycoreutils-python to pre install
2009-08-18 12:34:26 +00:00
Daniel J Walsh
43fb726b4b
- More fixes from upstream
2009-07-30 21:38:54 +00:00
Daniel J Walsh
c6e2224c70
- Fix polkit label
...
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72
- Update to upstream
2009-07-28 19:08:17 +00:00
Daniel J Walsh
df7055d5b3
- Update to upstream
2009-07-23 21:47:41 +00:00
Daniel J Walsh
2360ff9f3f
- Update to upstream
2009-07-15 19:12:04 +00:00
Daniel J Walsh
d9676a6ada
- Update to upstream
2009-07-06 21:16:26 +00:00
Daniel J Walsh
7b16d569d8
- Update to upstream
...
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
a9f0953822
- Update to upstream
...
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40
- Update to upstream
...
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529
- Update to upstream
...
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
d54def1c6f
- New version for upstream
2009-06-15 17:59:49 +00:00
Daniel J Walsh
d3ae977ab7
- New version for upstream
2009-06-12 18:59:09 +00:00
Daniel J Walsh
f3d2889157
- Update to upstream
2009-06-09 02:15:29 +00:00
Daniel J Walsh
ef7416c2b8
- Upgrade to upstream
2009-05-22 14:37:43 +00:00
Daniel J Walsh
2e917624ad
- Upgrade to latest upstream
...
- Allow devicekit_disk sys_rawio
2009-04-08 11:58:59 +00:00
Daniel J Walsh
0e78af1c39
- Dontaudit binds to ports < 1024 for named
...
- Upgrade to latest upstream
2009-04-06 19:27:19 +00:00
Daniel J Walsh
9ca87fc9d8
- Fixes to allow svirt read iso files in homedir
2009-03-24 19:45:02 +00:00
Daniel J Walsh
5dce3c12f7
- Add xenner and wine fixes from mgrepl
2009-03-20 18:42:38 +00:00
Daniel J Walsh
b12011f2ab
- Upgrade to latest upstream
2009-03-12 15:48:51 +00:00
Daniel J Walsh
a67a1c12aa
- Upgrade to latest patches
2009-03-05 21:05:47 +00:00
Daniel J Walsh
8c3a31a48a
- Update to Latest upstream
2009-03-03 20:10:30 +00:00
Daniel J Walsh
2eec438a0b
- Re-add corenet_in_generic_if(unlabeled_t)
2009-02-16 22:54:22 +00:00
Daniel J Walsh
bd0db4f147
- Add setrans contains from upstream
2009-02-09 22:07:20 +00:00
Daniel J Walsh
c957c38343
- Upgrade to latest upstream
2009-02-04 04:02:17 +00:00
Daniel J Walsh
1d72fb031f
- Update to upstream
2009-01-19 17:35:43 +00:00
Daniel J Walsh
292c49cacc
- Update to upstream
2009-01-05 22:55:20 +00:00
Daniel J Walsh
b3f084a8c7
- Update to upstream
2009-01-05 22:35:32 +00:00
Daniel J Walsh
fce9b71022
- Fix labeling on /var/spool/rsyslog
2008-11-25 21:08:25 +00:00
Daniel J Walsh
02d888c766
- Fix labeling on /var/spool/rsyslog
2008-11-25 19:18:01 +00:00
Daniel J Walsh
49f48f4a99
- Policy cleanup
2008-10-17 22:03:34 +00:00
Daniel J Walsh
4125702a20
- Update to upstream
2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9
- Update to upstream
2008-10-11 23:57:43 +00:00
Daniel J Walsh
e0b9b8d38f
- Update to upstream policy
2008-10-09 10:48:56 +00:00
Daniel J Walsh
f1a8278899
- Allow NetworkManager to transition to avahi and iptables
...
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:49:44 +00:00
Daniel J Walsh
d611f1191a
- Upgrade to upstream
2008-09-26 12:38:56 +00:00
Daniel J Walsh
59571abd0d
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-16 13:57:15 +00:00
Daniel J Walsh
8a482d67b3
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-12 20:36:21 +00:00
Daniel J Walsh
aca77a6f2d
- Remove gamin policy
2008-09-08 21:01:42 +00:00
Daniel J Walsh
0a219fe07b
- Update to upstream
...
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
7638e78556
- Allow ifconfig_t to read dhcpc_state_t
2008-08-26 14:46:43 +00:00
Daniel J Walsh
1a0f642074
- Update to upstream
2008-08-11 21:19:25 +00:00
Daniel J Walsh
b5d09d1532
- Update to upstream
2008-08-07 20:05:57 +00:00
Daniel J Walsh
0f1bd620e5
- Allow system-config-selinux to work with policykit
2008-08-07 12:22:07 +00:00
Daniel J Walsh
feefeee019
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
2008-07-17 19:53:32 +00:00
Daniel J Walsh
af0f735167
- Update to upstream
2008-06-12 14:50:00 +00:00
Daniel J Walsh
9ed55bda90
- Merge Upstream
2008-05-30 20:27:06 +00:00
Daniel J Walsh
7fd4585229
- Merge Upstream
2008-05-23 20:05:34 +00:00
Daniel J Walsh
4b7f030014
Update for rawhide
2008-05-19 13:02:56 +00:00
Daniel J Walsh
c43b447f6f
Update for rawhide
2008-05-19 13:01:59 +00:00
Daniel J Walsh
f75033d612
- Update to upstream fixes
2008-02-26 13:45:23 +00:00
Daniel J Walsh
5ca2ff99b6
- Add xace support
2008-02-22 20:32:52 +00:00
Daniel J Walsh
541ba8edec
- Fixes from yum-cron
...
- Update to latest upstream
2008-02-20 18:52:50 +00:00
Daniel J Walsh
eb3e9fbc68
- Merge with upstream
2008-02-18 21:31:18 +00:00
Daniel J Walsh
57ac1cab83
- Update to upstream
2008-02-06 21:47:42 +00:00
Daniel J Walsh
b19d470cd4
- Update to upstream
...
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
Daniel J Walsh
2587107071
- Fix definiton of admin_home_t
2007-12-19 18:00:58 +00:00
Daniel J Walsh
f14d51e840
- Update to upstream
2007-12-13 21:40:00 +00:00
Daniel J Walsh
7dfe3eb3ef
- Add polkit policy
...
- Symplify userdom context, remove automatic per_role changes
2007-12-11 06:08:33 +00:00
Daniel J Walsh
02654b8fb4
- Update to upstream
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:19:13 +00:00
Daniel J Walsh
9186dc57d9
- Remove user based home directory separation
2007-11-30 22:33:18 +00:00
Daniel J Walsh
6e70d63f52
- Remove user based home directory separation
2007-11-30 22:08:19 +00:00
Daniel J Walsh
965b62cceb
- Merge with upstream
...
- Allow xsever to read hwdata_t
- Allow login programs to setkeycreate
2007-11-27 04:11:10 +00:00
Daniel J Walsh
7330e86b90
- Update to upstream
2007-11-10 14:14:41 +00:00
Daniel J Walsh
fa0d1c8884
- Update to upstream
2007-10-23 23:13:09 +00:00
Daniel J Walsh
bf76748359
- Allow cron to search nfs and samba homedirs
2007-09-18 15:09:11 +00:00
Daniel J Walsh
e8b5993e52
- Update an readd modules
2007-08-27 21:43:05 +00:00
Daniel J Walsh
77a22067be
- Add setransd for mls policy
2007-08-22 14:46:21 +00:00
Daniel J Walsh
f9778219aa
- Update from upstream
2007-08-03 19:53:44 +00:00
Daniel J Walsh
2fac1d6655
- Update with latest changes from upstream
2007-07-26 17:54:24 +00:00
Daniel J Walsh
297dd1a900
- Allow execution of gconf
2007-07-19 14:45:16 +00:00
Daniel J Walsh
af677794a8
- Default to user_u:system_r:unconfined_t
2007-07-03 19:20:47 +00:00
Daniel J Walsh
269acb5ee8
- Remove ifdef strict policy from upstream
2007-06-26 12:09:30 +00:00
Daniel J Walsh
56187c2f8a
- Remove ifdef strict policy from upstream
2007-05-31 18:40:35 +00:00
Daniel J Walsh
346d2dccfd
2007-05-21 18:54:40 +00:00
Daniel J Walsh
8cd496f1d6
- Update to latest from upstream
2007-05-14 18:10:58 +00:00
Daniel J Walsh
daa6abe9e1
- Update to latest from upstream
2007-05-04 17:30:10 +00:00
Daniel J Walsh
8a3cefc9a6
- Update to latest from upstream
2007-05-04 17:14:04 +00:00
Daniel J Walsh
a615d5b893
- Update to latest from upstream
2007-05-02 02:53:14 +00:00
Daniel J Walsh
8fea836859
- Update to latest from upstream
2007-05-01 20:53:29 +00:00
Daniel J Walsh
8396b2dbd2
- Upstream bumped the version
2007-04-23 17:00:48 +00:00
Daniel J Walsh
a3b1a2c522
- Update to upstream
2007-04-11 20:55:28 +00:00
Daniel J Walsh
e441a1b48b
- Update to upstream
2007-04-11 20:23:53 +00:00
Daniel J Walsh
8e5289e20b
- Update to upstream
2007-04-02 19:53:16 +00:00
Daniel J Walsh
ce7f30a258
- Update to upstream
2007-04-02 15:17:45 +00:00
Daniel J Walsh
145e8d73ba
- Allow samba to run groupadd
2007-03-23 17:31:13 +00:00
Daniel J Walsh
d3aabaedb4
2007-03-20 15:01:28 +00:00
Daniel J Walsh
2a9b648b37
- More of my patches from upstream
2007-03-11 05:19:36 +00:00
Daniel J Walsh
1fed4c745c
- Update to latest from upstream
...
- Add fail2ban policy
2007-03-01 21:57:47 +00:00
Daniel J Walsh
5ad70cf38c
- Update to remove security_t:filesystem getattr problems
2007-02-28 21:23:19 +00:00