rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4,504 Commits 9 Branches 105 Tags 34 MiB
a4f1f54302
Commit Graph

4504 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
135b1b4c54 Terminal patch from Dan Walsh. 2010-06-09 08:22:31 -04:00
Daniel J Walsh
b39ccca147 - Update to upstream 2010-06-08 21:23:21 +00:00
Chris PeBenito
98652c65a3 Add missing changelog entry for cgroup. 2010-06-08 13:08:36 -04:00
Chris PeBenito
c54e7d63dc Module version bump for cgroup patchset. 2010-06-08 09:18:43 -04:00
Chris PeBenito
53f9abbe68 Clean up cgroup. Rename cgconfigparser to cgconfig. 2010-06-08 09:15:41 -04:00
Chris PeBenito
0041a78ef7 Remove cgroup_t usage in cgroup_admin() since it is not owned by the module. 2010-06-08 09:12:03 -04:00
Chris PeBenito
860c05d9de Rearrange cgroup interfaces in filesystem. 2010-06-08 09:10:45 -04:00
Chris PeBenito
04dcd73fe3 Whitespace fixes in cgroup and init. 2010-06-08 08:47:26 -04:00
Dominick Grift
e2b9add5f8 How users interact with cgroup. 
All login users can list cgroup.
Common users can read and write cgroup files (access governed by dac)

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-06-08 08:38:33 -04:00
Dominick Grift
73f0985092 How libgroup init scripts interact with libcgroup. 
The libcgroup init scripts use tools in /usr/bin like cgexec and cgclear.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-06-08 08:38:29 -04:00
Dominick Grift
ddf821332f add libcg policy. 
Libcgroup automates cgroup management.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-06-08 08:38:22 -04:00
Dominick Grift
c0c635b3f3 cgroup in filesystem. 
Move cgroup_t declarations from kernel.te to filesystem.te
Redo cgroup interfaces in filesystem.if
Add file context specification for /cgroup mountpoint to filesystem.fc

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-06-08 08:38:18 -04:00
Daniel J Walsh
632048ceb1 - Update to upstream 
- Allow prelink script to signal itself
- Cobbler fixes
 2010-06-07 21:15:35 +00:00
Chris PeBenito
60f04fcb7a Kernel patch from Dan Walsh. 
Add ability to dontaudit requiests to load kernel modules.  If you
disable ipv6 every confined app that does ip, tries to get the kernel to
load the module.

Better handling of unlabeled files by the kernel interfaces
 2010-06-07 11:08:35 -04:00
Chris PeBenito
fb7caddb4f Devices patch from Dan Walsh. 
vhost_device_t added for libvirt/qemu

/dev/usbmon device added

lots of new interfaces.
 2010-06-07 09:20:18 -04:00
Chris PeBenito
46c0e57acf Corecommands patch from Dan Walsh. 
Lots of new places to stick bin_t files
 2010-06-07 09:04:08 -04:00
Chris PeBenito
8f0de5df68 Storage patch from Dan Walsh. 
Add /dev/hwcdrom
 2010-06-04 09:47:45 -04:00
Daniel J Walsh
bca242c772 - Add xdm_var_run_t to xserver_stream_connect_xdm 
- Add cmorrord and mpd policy from Miroslav Grepl
 2010-06-02 19:36:11 +00:00
Daniel J Walsh
e51284403f - Fix sshd creation of krb cc files for users to be user_tmp_t 2010-06-01 20:56:58 +00:00
Daniel J Walsh
4abfc011a4 - Fixes for accountsdialog 
- Fixes for boinc
 2010-05-28 12:39:05 +00:00
Daniel J Walsh
23337281e4 - Fix label on /var/lib/dokwiki 
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls
 2010-05-27 20:01:39 +00:00
Daniel J Walsh
b923c95cd1 - Fix label on /var/lib/dokwiki 
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls
 2010-05-27 18:00:39 +00:00
Daniel J Walsh
65c6e4c421 - Fix label on /var/lib/dokwiki 
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls
 2010-05-27 16:14:50 +00:00
Daniel J Walsh
be973dc3e8 - Update to upstream 2010-05-27 15:31:07 +00:00
Daniel J Walsh
bc4089cfaa - Update to upstream 2010-05-26 21:15:42 +00:00
Chris PeBenito
5c2b95e1b9 Add missing cluster suite modules that were missing from the Changelog. 2010-05-26 11:53:21 -04:00
Chris PeBenito
2a29628e40 Fix duplicate lines in kudzu. 2010-05-26 08:26:50 -04:00
Chris PeBenito
03e653bd28 Changelog and version update for release. 2010-05-25 16:01:49 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
f9bdd1e389 Add missing changelog entries. 2010-05-24 15:24:40 -04:00
Chris PeBenito
91cbcc6602 Fix deprecated interface usage in rhel4 block in su.if. 2010-05-24 15:09:18 -04:00
Chris PeBenito
3d95ca2d82 Module version bump for 904f3d8. 2010-05-24 13:08:09 -04:00
Chris PeBenito
7934ac10d3 Module version bump for 1184392 and more. 
* module version bump
* make apache and unconfined portions optiona
* rearrange lines
 2010-05-24 13:08:09 -04:00
Chris PeBenito
ca28376c4d Module version bump for 7942f7f. 2010-05-24 13:08:09 -04:00
Chris PeBenito
bdf5e19931 Module version bump for 383bd32. 2010-05-24 13:08:09 -04:00
Chris PeBenito
213d35a07c Module version bump for 9e28f74. 2010-05-24 13:08:09 -04:00
Chris PeBenito
63583f4e29 Module version bump for f61ef24. 2010-05-24 13:08:09 -04:00
Chris PeBenito
c789f82bc5 Module version bump for d5170e5. 2010-05-24 13:08:09 -04:00
Chris PeBenito
d53a972879 Module version bump for cb1df6a. 2010-05-24 13:08:09 -04:00
Jeremy Solt
d8642cad29 readahead patch from Dan Walsh 
Edits:
 - Removed files_dontaudit_read_security_files and fs_dontaudit_read_tmpfs_blk_dev interface calls
 2010-05-24 13:08:08 -04:00
Chris PeBenito
fe74f71385 Fix deprecated interface usage that crept into lvm.if. 2010-05-24 13:08:08 -04:00
Chris PeBenito
ff1cae1f5e Move line in logrotate; module version bump. 2010-05-24 13:08:08 -04:00
Chris PeBenito
a107f875bd Remove redundant optional and libs_* calls in clogd. 2010-05-24 13:08:08 -04:00
Chris PeBenito
dcb7227286 Module version bump for 51ad76f. 2010-05-24 13:08:08 -04:00
Jeremy Solt
6430c79a29 whitespace fix for clogd 2010-05-24 13:08:08 -04:00
Jeremy Solt
6055ab8d1d clogd policy from Dan Walsh 
edits:
 - style and whitespace fixes
 - removed read_lnk_files_pattern from shm interface
 - removed permissive line
 2010-05-24 13:08:08 -04:00
Jeremy Solt
7a8e6a8fba whitespace fixes for cluster suite patch 2010-05-24 13:08:08 -04:00
Jeremy Solt
21d23c878e Removed unnecessary comments 
Removed 'SELinux policy for' from policy summaries
Removed rgmanager interface for semaphores (doesn't appear to be needed or used)
Removed redundant calls to libs_use_ld_so and libs_use_shared_libs
Fixed rhcs interface names to match naming rules
Merged tmpfs and semaphore/shm interfaces
 2010-05-24 13:08:08 -04:00
Jeremy Solt
538cf9ab83 Redhat Cluster Suite Policy from Dan Walsh 
Edits:
 - Style and whitespace fixes
 - Removed interfaces for default_t from ricci.te - this didn't seem right
 - Removed link files from rgmanager_manage_tmpfs_files
 - Removed rdisc.if patch. it was previously committed
 - Not including kernel_kill interface call for rgmanager
 - Not including ldap interfaces in rgmanager.te (currently not in refpolicy)
 - Not including files_create_var_run_dirs call for rgmanager (not in refpolicy)
 2010-05-24 13:08:08 -04:00
Jeremy Solt
b8c9879a8c logrotate patch from Dan Walsh 2010-05-24 13:08:08 -04:00