af0f735167
- Update to upstream
2008-06-12 14:50:00 +00:00
c5c253fae5
- Update to upstream
2008-06-11 19:01:26 +00:00
f513c7b90b
- Add livecd policy
2008-06-10 19:34:59 +00:00
15f71c5d61
- Add livecd policy
2008-06-04 17:26:52 +00:00
91ec07f1df
- Dontaudit search of admin_home for init_system_domain
...
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac
2008-06-04 12:57:43 +00:00
80e0b808d5
- Begin XAce integration
2008-06-03 20:27:28 +00:00
081b6ac47e
- Merge Upstream
2008-06-02 18:56:05 +00:00
2e33f7ba70
- Merge Upstream
2008-06-02 17:10:33 +00:00
4b7f030014
Update for rawhide
2008-05-19 13:02:56 +00:00
993c27dacb
- Allow amanada to create data files
2008-05-07 19:10:59 +00:00
6c25b428ce
- Remove dmesg boolean
...
- Allow user domains to read/write game data
2008-05-06 17:01:42 +00:00
86881dd93f
- Change unconfined_t to transition to unconfined_mono_t when running mono
...
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so
gnome-do will work
2008-04-29 16:05:11 +00:00
2d8ff5157a
- Remove old booleans from targeted-booleans.conf file
2008-04-28 21:24:59 +00:00
b4e933120a
- Don't run crontab from unconfined_t
2008-04-24 21:08:32 +00:00
ef5e600999
- Don't run crontab from unconfined_t
2008-04-24 19:41:22 +00:00
4b1d56da14
- Change etc files to config files to allow users to read them
2008-04-23 14:15:54 +00:00
a6a82aec79
- dontaudit mrtg reading /proc
...
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace
2008-04-15 20:27:09 +00:00
5896bad9cf
2008-04-14 20:01:48 +00:00
bb36d75512
2008-04-11 18:58:08 +00:00
06686c20a2
- Allow dhcpd to read kernel network state
2008-04-10 19:45:47 +00:00
41625a26ea
- Label /var/run/gdm correctly
...
- Fix unconfined_u user creation
2008-04-10 14:37:57 +00:00
254e3c7af3
- Allow transition from initrc_t to getty_t
2008-04-08 20:14:36 +00:00
5a576e06f0
- Allow passwd to communicate with user sockets to change gnome-keyring
2008-04-08 19:17:28 +00:00
7f851af8d9
- Fix initial install
2008-04-08 03:17:46 +00:00
c3c4a525c2
-
2008-04-06 12:06:47 +00:00
27943de6a0
- Allow radvd to use fifo_file
...
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
the boolean is set
2008-04-05 10:39:06 +00:00
c66f2bc425
- Allow nsplugin to read /etc/mozpluggerrc, user_fonts
...
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t
2008-04-01 09:21:21 +00:00
294ea7a213
- Allow initrc_t to dbus chat with consolekit.
2008-03-29 18:36:09 +00:00
e54cb216a8
- Additional access for nsplugin
...
- Allow xdm setcap/getcap until pulseaudio is fixed
2008-03-28 22:07:45 +00:00
f70afcdd9e
- Allow mount to mkdir on tmpfs
...
- Allow ifconfig to search debugfs
2008-03-26 06:17:27 +00:00
bf3d39e959
- Fix file context for MATLAB
...
- Fixes for xace
2008-03-21 23:24:11 +00:00
5ea3f10caf
- Allow stunnel to transition to inetd children domains
...
- Make unconfined_dbusd_t an unconfined domain
2008-03-20 16:11:16 +00:00
94b7be909e
2008-03-18 21:10:02 +00:00
ba9e5e8244
- Fixes for qemu/virtd
2008-03-17 21:42:05 +00:00
97081dcb9d
- Fix bug in mozilla policy to allow xguest transition
...
- This will fix the
2008-03-14 21:17:21 +00:00
a6e1280791
- Fix bug in mozilla policy to allow xguest transition
...
- This will fix the
2008-03-14 21:13:24 +00:00
d593d26c1d
- Allow nsplugin to run acroread
2008-03-14 15:59:07 +00:00
987b10f86d
- Add cups_pdf policy
...
- Add openoffice policy to run in xguest
2008-03-14 00:25:00 +00:00
7f811bf534
- prewika needs to contact mysql
...
- Allow syslog to read system_map files
2008-03-13 12:58:25 +00:00
ceda8feb68
- Change init_t to an unconfined_domain
2008-03-12 12:39:48 +00:00
0879f489ab
- Allow init to transition to initrc_t on shell exec.
...
- Fix init to be able to sendto init_t.
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
- More mls fixes
2008-03-12 01:10:44 +00:00
110bce3a29
fixes for init, rhgb. also, fix the build
2008-03-11 22:46:00 +00:00
2041ac3d49
- Additional changes for MLS policy
2008-03-10 20:58:06 +00:00
1bf67d57ed
- Fix initrc_context generation for MLS
2008-03-06 22:25:06 +00:00
dc57e68eff
- Fixes for libvirt
2008-03-05 23:11:52 +00:00
5947905ef9
- Allow bitlebee to read locale_t
2008-03-04 21:38:18 +00:00
d8c160273b
- More xselinux rules
2008-02-29 22:33:22 +00:00
9a0f35b9ad
- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t
2008-02-29 22:18:30 +00:00
338714fc7f
-
2008-02-28 21:51:10 +00:00
b7229ad8bb
- Prepare policy for beta release
...
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 05:01:51 +00:00
40ce26840e
- Prepare policy for beta release
...
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 04:35:56 +00:00
533c755e4d
- Allow nsplugin_config execstack/execmem
...
- Allow nsplugin_t to read alsa config
- Change apache to use user content
2008-02-28 03:32:23 +00:00
c092cc1478
- Add cyphesis policy
2008-02-26 23:02:51 +00:00
063999dd85
2008-02-26 19:24:53 +00:00
27b2b09ffe
-
2008-02-26 16:15:00 +00:00
f75033d612
- Update to upstream fixes
2008-02-26 13:45:23 +00:00
5ca2ff99b6
- Add xace support
2008-02-22 20:32:52 +00:00
8bd036a289
- Add fusectl file system
2008-02-21 19:43:52 +00:00
541ba8edec
- Fixes from yum-cron
...
- Update to latest upstream
2008-02-20 18:52:50 +00:00
e5acebe58c
2008-02-20 18:30:31 +00:00
306393505f
- Fix userdom_list_user_files
2008-02-19 22:20:15 +00:00
eb3e9fbc68
- Merge with upstream
2008-02-18 21:31:18 +00:00
7e1e7bed89
- Allow udev to send audit messages
2008-02-14 21:05:32 +00:00
9870c64ba7
- Add additional login users interfaces
...
- userdom_admin_login_user_template(staff)
2008-02-13 22:13:58 +00:00
49295b262f
- More fixes for polkit
2008-02-12 18:41:35 +00:00
ebe074be56
- More fixes for polkit
2008-02-11 22:53:26 +00:00
57ac1cab83
- Update to upstream
2008-02-06 21:47:42 +00:00
4637b67d50
- Fixes for staff_t
2008-02-05 21:25:09 +00:00
b53db53c9f
- Add policy for kerneloops
...
- Add policy for gnomeclock
2008-02-05 18:31:25 +00:00
881d64a16e
- Fixes for libvirt
2008-02-04 21:41:59 +00:00
60c693e546
- Fixes for nsplugin
2008-02-03 13:39:47 +00:00
11ac4bcde1
- Additional ports for vnc and allow qemu and libvirt to search all
...
directories
2008-02-02 15:42:44 +00:00
b19d470cd4
- Update to upstream
...
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
e1060e24d5
- Allow fail2ban to create a socket in /var/run
2008-02-01 13:49:05 +00:00
59d6fbb642
- Allow allow_httpd_mod_auth_pam to work
2008-01-31 20:59:05 +00:00
7c124f5e42
- Allow allow_httpd_mod_auth_pam to work
2008-01-31 19:32:51 +00:00
f18a882ba5
- Add audisp policy and prelude
2008-01-30 21:34:13 +00:00
0f70114e58
- Allow all user roles to executae samba net command
2008-01-30 13:56:22 +00:00
7c2be34d14
- Allow usertypes to read/write noxattr file systems
2008-01-28 16:48:49 +00:00
7c7d59935b
- Fix nsplugin to allow flashplugin to work in enforcing mode
2008-01-24 18:12:25 +00:00
0939872058
- Allow pam_selinux_permit to kill all processes
2008-01-23 18:24:12 +00:00
cc5bb89ef0
- Allow ptrace or user processes by users of same type
...
- Add boolean for transition to nsplugin
2008-01-22 19:46:50 +00:00
ef19b75773
- Allow nsplugin sys_nice, getsched, setsched
2008-01-22 17:35:34 +00:00
b3c8a04083
- Allow login programs to talk dbus to oddjob
2008-01-21 21:42:26 +00:00
98f84cb0ed
- Add procmail_log support
...
- Lots of fixes for munin
2008-01-21 15:57:25 +00:00
e26fef9ac3
- Allow setroubleshoot to read policy config and send audit messages
2008-01-15 20:43:04 +00:00
8a40d69539
- Allow users to execute all files in homedir, if boolean set
...
- Allow mount to read samba config
2008-01-14 19:47:11 +00:00
27c7d85aab
- Fixes for xguest to run java plugin
2008-01-13 14:01:50 +00:00
4be3ba520d
- dontaudit pam_t and dbusd writing to user_home_t
2008-01-11 19:45:47 +00:00
5baf53aabd
- Update gpg to allow reading of inotify
2008-01-08 19:58:56 +00:00
a502c55197
- Change user and staff roles to work correctly with varied perms
2008-01-03 22:13:09 +00:00
c64ec27caa
- Fix munin log,
...
- Eliminate duplicate mozilla file context
- fix wpa_supplicant spec
2007-12-31 21:47:39 +00:00
88ae3f5e0c
- Fix role transition from unconfined_r to system_r when running rpm
...
- Allow unconfined_domains to communicate with user dbus instances
2007-12-30 15:12:11 +00:00
5d13344539
- Fix role transition fro unconfined_r to system_r when running rpm
2007-12-24 12:01:17 +00:00
0ec33db4ff
- Let all uncofined domains communicate with dbus unconfined
2007-12-21 07:58:04 +00:00
673eaaeafb
- Run rpm in system_r
2007-12-20 21:26:31 +00:00
5615fe1b3d
- Zero out customizable types
2007-12-19 21:45:51 +00:00
9a2cf87457
- Fix definiton of admin_home_t
2007-12-19 10:42:06 +00:00
2f257cb996
- Fix munin file context
2007-12-19 09:27:15 +00:00
91c2fa9d31
- Allow cron to run unconfined apps
2007-12-18 13:59:31 +00:00
99d3676891
- Modify default login to unconfined_u
2007-12-17 22:49:08 +00:00
4d59c29e33
- Dontaudit dbus user client search of /root
2007-12-14 12:40:39 +00:00
5928688f61
- Dontaudit dbus user client search of /root
2007-12-13 22:42:22 +00:00
76e3401243
- Update to upstream
2007-12-13 18:44:18 +00:00
4c6f2dd6a3
- Fixes for polkit
...
- Allow xserver to ptrace
2007-12-12 14:53:07 +00:00
7dfe3eb3ef
- Add polkit policy
...
- Symplify userdom context, remove automatic per_role changes
2007-12-11 06:08:33 +00:00
a1341a85df
- Update to upstream
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-06 21:37:36 +00:00
02654b8fb4
- Update to upstream
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:19:13 +00:00
d195fc7e87
- Update to upstreamddddddddddddd
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:11:46 +00:00
320f3e6459
- Allow rpm_script to transition to unconfined_execmem_t
2007-12-04 00:15:27 +00:00
3b47cb03b7
Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> 3.2.1-1
...
- Remove user based home directory separation
2007-12-03 00:15:23 +00:00
9186dc57d9
- Remove user based home directory separation
2007-11-30 22:33:18 +00:00
3a54e4809f
- Remove user specific crond_t
2007-11-28 16:56:57 +00:00
0fffbad8de
- Merge with upstream
...
- Allow xsever to read hwdata_t
- Allow login programs to setkeycreate
2007-11-26 15:40:45 +00:00
ddf4ec413f
- Update to upstream
2007-11-19 20:09:32 +00:00
7330e86b90
- Update to upstream
2007-11-10 14:14:41 +00:00
36404444a8
- Update to upstream
2007-11-07 19:42:24 +00:00
fa0d1c8884
- Update to upstream
2007-10-23 23:13:09 +00:00
d0649e9167
- Allow XServer to read /proc/self/cmdline
2007-10-22 14:27:29 +00:00
30dfdc7f05
- Fixes for hald_mac
...
- Treat unconfined_home_dir_t as a home dir
- dontaudit rhgb writes to fonts and root
2007-10-19 21:21:40 +00:00
3375c34d9a
- Fix dnsmasq
...
- Allow rshd full login privs
2007-10-19 15:01:30 +00:00
6455c9d6b5
- Allow rshd to connect to ports > 1023
2007-10-18 22:33:41 +00:00
953fd14b2e
- Fix vpn to bind to port 4500
...
- Allow ssh to create shm
- Allow rshd to bind to ports > 1023
- Add Kismet policy
2007-10-18 22:00:35 +00:00
ccf8a72ae3
- Fix vpn to bind to port 4500
...
- Allow ssh to create shm
- Allow rshd to bind to ports > 1023
2007-10-18 21:33:00 +00:00
b4ed6dbce0
- Allow rpm to chat with networkmanager
2007-10-17 03:51:04 +00:00
9185bf2fee
- Pass the UNK_PERMS param to makefile
...
- Fix gdm location
2007-10-13 14:15:08 +00:00
c27b2bd6ae
- Make alsa work
2007-10-11 18:57:00 +00:00
28021c8d41
- Fixes for consolekit and startx sessions
2007-10-09 20:53:38 +00:00
7a91e89abe
- Dontaudit consoletype talking to unconfined_t
2007-10-08 15:32:19 +00:00
8fd9df6414
- Remove homedir_template
2007-10-05 19:47:10 +00:00
922f646a26
- Remove homedir_template
2007-10-05 11:43:46 +00:00
24ccb8b103
- Check asound.state
2007-10-04 14:34:02 +00:00
492612d339
- Fix exim policy
2007-10-01 21:20:16 +00:00
1ffa684823
- Allow tmpreadper to read man_t
...
- Allow racoon to bind to all nodes
- Fixes for finger print reader
2007-10-01 17:03:12 +00:00
7c1c1729f9
- Allow xdm to talk to input device (fingerprint reader)
...
- Allow octave to run as java
2007-09-26 22:01:27 +00:00
d770c53fe9
- Allow login programs to set ioctl on /proc
2007-09-25 15:03:25 +00:00
fb11ad6653
- Allow nsswitch apps to read samba_var_t
2007-09-25 13:30:08 +00:00
f5018f18f8
- Fix maxima
2007-09-24 20:26:12 +00:00
d83ea801ac
- Eliminate rpm_t:fifo_file avcs
...
- Fix dbus path for helper app
2007-09-24 14:18:57 +00:00
6c319e4011
- Fix service start stop terminal avc's
2007-09-22 12:15:13 +00:00
ec4fb1ce99
- Allow also to search var_lib
...
- New context for dbus launcher
2007-09-21 23:46:18 +00:00
347ff1a0c3
- Allow cupsd_config_t to read/write usb_device_t
...
- Support for finger print reader,
- Many fixes for clvmd
- dbus starting networkmanager
2007-09-21 20:21:36 +00:00
07e28d136d
- Fix java and mono to run in xguest account
2007-09-20 22:30:51 +00:00
a9d4b80f50
- Fix to add xguest account when inititial install
...
- Allow mono, java, wine to run in userdomains
2007-09-20 17:21:13 +00:00
c67a1217e2
- Fix to add xguest account when inititial install
2007-09-20 14:58:12 +00:00
d90a3db27d
- Allow xserver to search devpts_t
...
- Dontaudit ldconfig output to homedir
2007-09-20 14:39:14 +00:00
21c534bcb9
- Allow xserver to search devpts_t
...
- Dontaudit ldconfig output to homedir
2007-09-19 17:40:59 +00:00
7ff410d3bc
- Remove hplip_etc_t change back to etc_t.
2007-09-19 01:11:31 +00:00
1a3fe36b5c
- Allow cron to search nfs and samba homedirs
2007-09-17 23:26:58 +00:00
babb3641bd
- Allow NetworkManager to dbus chat with yum-updated
2007-09-11 20:05:08 +00:00
bf7f975f77
- Allow xfs to bind to port 7100
2007-09-11 16:07:47 +00:00
25d586808d
- Allow newalias/sendmail dac_override
...
- Allow bind to bind to all udp ports
2007-09-10 22:02:06 +00:00
4eaf5c6dc6
- Turn off direct transition
2007-09-07 20:26:11 +00:00
c7e443c95c
- Allow wine to run in system role
2007-09-07 19:03:11 +00:00
37d6a1ce3f
- Fix java labeling
2007-09-06 23:34:02 +00:00
07b8680835
- Define user_home_type as home_type
2007-09-06 15:00:00 +00:00
601f0f04ee
- Allow sendmail to create etc_aliases_t
2007-09-06 02:24:18 +00:00
bea5486254
- Allow sendmail to create etc_aliases_t
2007-09-05 21:30:18 +00:00
bc85a6bb23
- Allow login programs to read symlinks on homedirs
2007-08-28 15:35:11 +00:00
e8b5993e52
- Update an readd modules
2007-08-27 21:43:05 +00:00
7f9951d4d3
- Cleanup spec file
2007-08-24 21:38:11 +00:00
d9f447990b
- Cleanup spec file
2007-08-24 21:30:17 +00:00
b865b8b32e
- Cleanup spec file
2007-08-24 21:21:56 +00:00
53f81916e1
- Cleanup spec file
2007-08-24 21:09:44 +00:00
3012ab200b
- Cleanup spec file
2007-08-24 20:44:19 +00:00
d83af23b7d
- Cleanup spec file
2007-08-24 19:52:40 +00:00
3b13a834c7
- Allow xserver to be started by unconfined process and talk to tty
2007-08-24 14:20:35 +00:00
95bbe5cff0
- Upgrade to upstream to grab postgressql changes
2007-08-23 14:07:25 +00:00
77a22067be
- Add setransd for mls policy
2007-08-22 14:46:21 +00:00
c77aca56ae
- Add setransd for mls policy
2007-08-21 20:08:22 +00:00
4f23c46830
- Add ldconfig_cache_t
2007-08-20 23:02:30 +00:00
b4ae7d845a
- Allow sshd to write to proc_t for afs login
2007-08-20 22:15:46 +00:00
f012074e0f
- Allow xserver access to urand
2007-08-18 11:54:11 +00:00
7f6883ca6e
- allow dovecot to search mountpoints
2007-08-15 00:55:49 +00:00
0354c22269
- Fix Makefile for building policy modules
2007-08-11 11:18:09 +00:00
60a9ef60f0
- Fix dhcpc startup of service
2007-08-10 20:04:48 +00:00
bf33202534
- Fix dbus chat to not happen for xguest and guest users
2007-08-10 16:10:27 +00:00
d44a393484
- Fix nagios cgi
...
- allow squid to communicate with winbind
2007-08-09 19:18:57 +00:00
1a12c251ca
- Fixes for ldconfig
2007-08-06 21:33:36 +00:00
d8c8b2b904
- Update from upstream
2007-08-03 20:38:28 +00:00
f9778219aa
- Update from upstream
2007-08-03 19:53:44 +00:00
25a75469ff
- Update from upstream
2007-08-03 19:26:04 +00:00
4ce75b7cd5
- Fix new usb devices and dmfm
2007-08-01 17:13:35 +00:00
8239a93362
- Fix new usb devices and dmfm
2007-08-01 16:03:23 +00:00
6d2e7d5ebb
- Eliminate mount_ntfs_t policy, merge into mount_t
2007-07-31 20:51:43 +00:00
47a35fa722
- Eliminate mount_ntfs_t policy, merge into mount_t
2007-07-31 17:53:29 +00:00
07351eb493
- Allow xserver to write to ramfs mounted by rhgb
2007-07-30 14:37:54 +00:00
9c038630bf
- Add context for dbus machine id
2007-07-27 18:21:35 +00:00
2fac1d6655
- Update with latest changes from upstream
2007-07-26 17:54:24 +00:00
24acabce75
- Fix prelink to handle execmod
2007-07-24 20:47:24 +00:00
0f8f545d1a
- Fix prelink to handle execmod
2007-07-24 14:39:01 +00:00
e0ae206813
- Add ntpd_key_t to handle secret data
2007-07-23 20:34:22 +00:00
2ced404c55
- Add anon_inodefs
...
- Allow unpriv user exec pam_exec_t
- Fix trigger
2007-07-23 16:00:09 +00:00
779d23c7e4
- Allow cups to use generic usb
...
- fix inetd to be able to run random apps (git)
2007-07-20 15:13:37 +00:00
908512cccc
- Add proper contexts for rsyslogd
2007-07-19 20:55:20 +00:00
297dd1a900
- Allow execution of gconf
2007-07-19 14:45:16 +00:00
1d03199c5e
- Fix moilscanner update problem
2007-07-14 12:56:45 +00:00
7e3506426b
- Begin adding policy to separate setsebool from semanage
...
- Fix xserver.if definition to not break sepolgen.if
2007-07-12 21:37:30 +00:00
16d9531977
- Fix xserver.if definition to not break sepolgen.if
2007-07-12 14:44:32 +00:00
2796de2a45
- Add new devices
2007-07-11 20:45:02 +00:00
154d8231c3
- Add brctl policy
2007-07-11 19:44:56 +00:00
501a17b8b2
- Fix root login to include system_r
2007-07-06 19:23:20 +00:00
35e7f77fea
- Allow prelink to read kernel sysctls
2007-07-06 19:09:19 +00:00
af677794a8
- Default to user_u:system_r:unconfined_t
2007-07-03 19:20:47 +00:00
b267b6f201
- Default to user_u:system_r:unconfined_t
2007-07-02 20:32:38 +00:00
b529ed6a06
- Default to user_u:system_r:unconfined_t
2007-07-02 15:00:50 +00:00
2fdb5fd7c6
- fix squid
...
- Fix rpm running as uid
2007-07-02 01:58:41 +00:00
b786a2b04a
- Fix syslog declaration
2007-06-27 19:48:33 +00:00
7f44213c00
- Allow avahi to access inotify
...
- Remove a lot of bogus security_t:filesystem avcs
2007-06-27 18:12:03 +00:00
269acb5ee8
- Remove ifdef strict policy from upstream
2007-06-26 12:09:30 +00:00
a4ec9b75e1
- Remove ifdef strict policy from upstream
2007-06-22 19:21:00 +00:00
56187c2f8a
- Remove ifdef strict policy from upstream
2007-05-31 18:40:35 +00:00
bdb830255c
- Fix for amands
...
- Allow semanage to read pp files
- Allow rhgb to read xdm_xserver_tmp
2007-05-23 18:35:37 +00:00
346d2dccfd
2007-05-21 18:54:40 +00:00
9ffb88eba3
- allow alsactl to read kernel state
2007-05-17 17:16:26 +00:00
fc35770056
- More fixes for alsactl
...
- Transition from hal and modutils
- Fixes for suspend resume.
- insmod domtrans to alsactl
- insmod writes to hal log
2007-05-16 22:13:23 +00:00
88c8465c87
- More fixes for alsactl
2007-05-16 21:48:52 +00:00
cf806ebda9
- Fixes for suspend resume.
...
- insmod domtrans to alsactl
- insmod writes to hal log
2007-05-16 21:09:41 +00:00
7c3dcb3584
- Allow unconfined_t to transition to NetworkManager_t
...
- Fix netlabel policy
2007-05-16 19:31:34 +00:00
810e69636e
- Update to latest from upstream
2007-05-14 19:54:57 +00:00
8cd496f1d6
- Update to latest from upstream
2007-05-14 18:10:58 +00:00
057603fbda
- Update to latest from upstream
2007-05-07 18:07:26 +00:00
daa6abe9e1
- Update to latest from upstream
2007-05-04 17:30:10 +00:00
a615d5b893
- Update to latest from upstream
2007-05-02 02:53:14 +00:00
8fea836859
- Update to latest from upstream
2007-05-01 20:53:29 +00:00
6821c3df97
-
2007-04-27 17:23:49 +00:00
77d25ebf92
- Fixes for unix_update
...
- Fix logwatch to be able to search all dirs
2007-04-25 18:31:32 +00:00
8396b2dbd2
- Upstream bumped the version
2007-04-23 17:00:48 +00:00
61947fac0a
- Allow consolekit to syslog
...
- Allow ntfs to work with hal
2007-04-20 20:13:07 +00:00
2db3c1e86a
- Allow iptbales to read etc_runtime_t
2007-04-19 18:24:08 +00:00
4661767044
- MLS Fixes
2007-04-19 13:58:54 +00:00
53b22295eb
- MLS Fixes
2007-04-19 13:40:31 +00:00
883a0252b0
- Fix path of /etc/lvm/cache directory
...
- Fixes for alsactl and pppd_t
- Fixes for consolekit
2007-04-18 21:00:52 +00:00
ab59becfc6
- Fixes for alsactl and pppd_t
2007-04-18 20:50:02 +00:00
32b18f8ae9
- Fixes for consolekit
2007-04-18 20:45:20 +00:00
7671cee047
- Allow insmod_t to mount kvmfs_t filesystems
2007-04-17 20:42:32 +00:00
9fc00bcbda
- Rwho policy
...
- Fixes for consolekit
2007-04-17 19:28:14 +00:00
e6f3cfbe2d
- fixes for fusefs
2007-04-16 17:11:45 +00:00
8c912ab526
- Fix samba_net to allow it to view samba_var_t
2007-04-12 21:09:34 +00:00
a3b1a2c522
- Update to upstream
2007-04-11 20:55:28 +00:00
5d5caebf83
- Fix Sonypic backlight
...
- Allow snmp to look at squid_conf_t
2007-04-10 15:20:50 +00:00
7f1bd869ee
- Fixes for pyzor, cyrus, consoletype on everything installs
2007-04-09 20:47:56 +00:00
0b3279dee5
- Fix hald_acl_t to be able to getattr/setattr on usb devices
...
- Dontaudit write to unconfined_pipes for load_policy
2007-04-09 18:36:06 +00:00
21029bf045
- Allow bluetooth to read inotifyfs
2007-04-07 11:35:20 +00:00
e6b9e29195
- Fixes for samba domain controller.
...
- Allow ConsoleKit to look at ttys
2007-04-04 20:46:07 +00:00
f9f9ddcde1
- Fix interface call
2007-04-04 19:44:58 +00:00
89d3de7112
- Allow syslog-ng to read /var
...
- Allow locate to getattr on all filesystems
- nscd needs setcap
2007-04-03 19:25:58 +00:00
2528fa0969
- Update to upstream
2007-04-02 21:06:47 +00:00
8e5289e20b
- Update to upstream
2007-04-02 19:53:16 +00:00
ce7f30a258
- Update to upstream
2007-04-02 15:17:45 +00:00
f040ac5fd3
- Allow samba to run groupadd
2007-03-23 15:42:50 +00:00
f634733f95
- Update to upstream
2007-03-23 14:32:31 +00:00
281f5f5a50
- Fix labeling on udev.tbl dirs
2007-03-22 10:40:53 +00:00
552645bad0
- Fixes for logwatch
2007-03-21 03:39:06 +00:00
593fb16ef5
- Add fusermount and mount_ntfs policy
2007-03-20 20:45:45 +00:00
9d59ec430e
- Update to upstream
...
- Allow saslauthd to use kerberos keytabs
2007-03-20 16:22:25 +00:00
d3aabaedb4
2007-03-20 15:01:28 +00:00
741e816e8e
- Fixes for samba_var_t
2007-03-19 19:33:06 +00:00
db4f0ec7b9
- Remove disable_trans booleans
...
- hald_acl_t needs to talk to nscd
2007-03-19 14:51:28 +00:00
2823e28d58
- Remove enable_audit booleans
...
- hald_acl_t needs to talk to nscd
2007-03-19 14:42:08 +00:00
2f82eed685
- Fix prelink to be able to manage usr dirs.
2007-03-16 03:14:13 +00:00
9468a641a6
- Allow insmod to launch init scripts
2007-03-14 12:48:09 +00:00
271752a5ca
- Remove setsebool policy
2007-03-13 17:46:34 +00:00
bdb7f99f00
- Fix handling of unlabled_t packets
2007-03-12 14:51:29 +00:00
2a9b648b37
- More of my patches from upstream
2007-03-11 05:19:36 +00:00
1fed4c745c
- Update to latest from upstream
...
- Add fail2ban policy
2007-03-01 21:57:47 +00:00
9a8202d585
- Update to latest from upstream
...
- Add fail2ban policy
2007-03-01 16:30:20 +00:00
5ad70cf38c
- Update to remove security_t:filesystem getattr problems
2007-02-28 21:23:19 +00:00
13893ed688
- Policy for consolekit
2007-02-27 18:34:08 +00:00
af8af9caee
2007-02-26 15:06:22 +00:00
cc1be2260f
- Revert Nemiver change
...
- Set sudo as a corecmd so prelink will work, remove sudoedit mapping,
since this will not work, it does not transition.
- Allow samba to execute useradd
2007-02-23 15:35:01 +00:00
b0861172ab
- Add sepolgen support
...
- Add bugzilla policy
2007-02-20 21:37:52 +00:00
b7da3b9e3e
- Add sepolgen support
...
- Add bugzilla policy
2007-02-20 17:35:59 +00:00
2fa5bb00e9
- Add sepolgen support
...
- Add bugzilla policy
2007-02-16 19:55:48 +00:00
e10e57a4a6
THu Feb 15 2007 Dan Walsh <dwalsh@redhat.com> 2.5.3-3
...
- Add sepolgen support
- Add bugzilla policy
2007-02-15 20:46:02 +00:00
07dcdf7654
- Fix file context for nemiver
2007-02-15 20:29:48 +00:00
1a24735d8f
- Fix file context for nemiver
2007-02-15 00:19:30 +00:00
df0bef9ac0
-
2007-02-12 16:27:42 +00:00
9aff35b779
-
2007-02-12 16:18:31 +00:00
39b6cecaf2
- Allow mozilla, evolution and thunderbird to read dev_random. Resolves:
...
#227002
- Allow spamd to connect to smtp port Resolves : #227184
- Fixes to make ypxfr work Resolves : #227237
2007-02-06 16:54:13 +00:00
33501ce93f
- Fix ssh_agent to be marked as an executable
...
- Allow Hal to rw sound device
2007-02-04 12:42:16 +00:00
de0b364127
- Fix spamassisin so crond can update spam files
...
- Fixes to allow kpasswd to work
- Fixes for bluetooth
2007-02-01 21:40:50 +00:00
3902fd87fd
- Remove some targeted diffs in file context file
2007-01-31 22:18:10 +00:00
edd045d7c0
- Fix squid cachemgr labeling
2007-01-26 16:12:32 +00:00
e45f5d36d0
- Add ability to generate webadm_t policy
...
- Lots of new interfaces for httpd
- Allow sshd to login as unconfined_t
2007-01-25 19:07:00 +00:00
cc7c06a0d1
- Continue fixing, additional user domains
2007-01-23 01:08:45 +00:00
f86e42306e
- Begin adding user confinement to targeted policy
2007-01-22 16:52:18 +00:00
45478192f4
- Fixes for prelink, ktalkd, netlabel
2007-01-17 19:58:32 +00:00
ee095f5817
- Fixes for prelink, ktalkd, netlabel
2007-01-11 22:43:22 +00:00
b6ed674a00
- Fixes for prelink, ktalkd, netlabel
2007-01-10 22:05:57 +00:00
ae5ace1a7e
- Fixes for prelink, ktalkd, netlabel
2007-01-10 22:01:29 +00:00
9e0fa4fef3
- Allow prelink when run from rpm to create tmp files Resolves : #221865
...
- Remove file_context for exportfs Resolves : #221181
- Allow spamassassin to create ~/.spamassissin Resolves : #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves : #200110
- Fixes to run prelink in MLS machine Resolves : #221233
- Allow spamassassin to read var_lib_t dir Resolves : #219234
2007-01-09 15:26:56 +00:00
a384d73899
- Allow prelink when run from rpm to create tmp files Resolves : #221865
...
- Remove file_context for exportfs Resolves : #221181
- Allow spamassassin to create ~/.spamassissin Resolves : #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves : #200110
2007-01-09 15:24:41 +00:00
8a03d5e828
- Allow spamassassin to read var_lib_t dir Resolves : #219234
2007-01-02 16:40:08 +00:00
9bcfd16a2d
- fix mplayer to work under strict policy
...
- Allow iptables to use nscd Resolves : #220794
2006-12-29 20:01:11 +00:00
8bacd8ed15
- Add gconf policy and make it work with strict
2006-12-28 17:39:12 +00:00
5db544f392
- Many fixes for strict policy and by extension mls.
2006-12-24 15:26:26 +00:00
135ea97ff1
- Many fixes for strict policy and by extension mls.
2006-12-24 07:31:09 +00:00
9051d60c06
- Fix to allow ftp to bind to ports > 1024 Resolves : #219349
2006-12-22 17:39:01 +00:00
5ded3c385e
2006-12-22 16:58:33 +00:00
4fd323b783
2006-12-22 16:56:53 +00:00
f9e32a004d
- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t
...
Resolves : #219421
- Allow sysadm_lpr_t to manage other print spool jobs Resolves : #220080
2006-12-20 20:40:30 +00:00
be9aefca3d
- allow automount to setgid Resolves : #219999
2006-12-18 21:50:13 +00:00
5e01b4610b
- Allow cron to polyinstatiate
...
- Fix creation of boot flags Resolves : #207433
2006-12-15 21:42:14 +00:00
272aa0b2e8
2006-12-14 20:06:00 +00:00
3a51847bd9
Resolves : #218978
2006-12-13 17:06:33 +00:00
422dcf1da8
Resolves : #218978
2006-12-13 17:03:55 +00:00
e3b143b243
- Allow initrc to create files in /var directories Resolves : #219227
2006-12-12 21:46:24 +00:00
6157a7e6e4
- More fixes for MLS
2006-12-11 12:35:45 +00:00
dd5d7e7583
- More Fixes polyinstatiation Resolves : #216184
2006-12-06 23:27:45 +00:00
a169fb7433
- Fix handling of keyrings
2006-12-06 19:38:32 +00:00
852ba6bb2f
- Fix polyinstatiation
...
- Fix pcscd handling of terminal Resolves : #218149 Resolves : #218350
2006-12-05 23:05:39 +00:00
414ddd0de3
- More fixes for quota Resolves : #212957
2006-12-01 21:52:08 +00:00
9f388c1a78
- ncsd needs to use avahi sockets Resolves : #217640 Resolves : #218014
2006-12-01 17:58:00 +00:00
b6ffd7c2ae
- Allow login programs to polyinstatiate homedirs Resolves : #216184
...
- Allow quotacheck to create database files Resolves : #212957
2006-11-30 22:06:22 +00:00
aba668f5f8
- Allow login programs to polyinstatiate homedirs Resolves : #216184
2006-11-30 20:55:33 +00:00
036c1c2fb6
- Dontaudit appending hal_var_lib files Resolves : #217452 Resolves : #217571
...
Resolves : #217611 Resolves : #217640 Resolves : #217725
2006-11-30 20:23:49 +00:00
cc1462b7d0
- Dontaudit appending hal_var_lib files Resolves : #217452 Resolves : #217571
...
Resolves : #217611 Resolves : #217640 Resolves : #217725
2006-11-29 20:11:02 +00:00
e4d46c95f3
- Fix context for helix players file_context #216942
2006-11-27 22:17:34 +00:00
02560dace3
- Fix load_policy to be able to mls_write_down so it can talk to the
...
terminal
2006-11-20 23:24:21 +00:00
4218645103
- Fixes for hwclock, clamav, ftp
2006-11-20 23:01:06 +00:00
9e4aeac9dd
- Move to upstream version which accepted my patches
2006-11-17 19:21:40 +00:00
b28d0a788f
- Fixes for nvidia driver
2006-11-16 19:25:03 +00:00
a3f2f571c0
- Fixes for nvidia driver
2006-11-15 22:34:04 +00:00
150bdfbc67
- Fixes for nvidia driver
2006-11-15 22:28:06 +00:00
b0ecaa962d
- Allow semanage to signal mcstrans
2006-11-15 21:43:36 +00:00
73ea8c2e4d
- Update to upstream
2006-11-15 15:22:30 +00:00
d925bd337d
- Allow modstorage to edit /etc/fstab file
2006-11-14 18:33:09 +00:00
ec17438ae0
- Fix for qemu, /dev/
...
Mon Nov 13 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-11
- Fix path to realplayer.bin
2006-11-14 04:57:37 +00:00
32b91c9d1f
- Fix path to realplayer.bin
2006-11-13 20:48:57 +00:00
06b64f8c21
- Allow xen to connect to xen port
2006-11-10 20:37:08 +00:00
1a986f04dc
- Allow cups to search samba_etc_t directory
...
- Allow xend_t to list auto_mountpoints
2006-11-10 13:31:34 +00:00
2098c9bff2
- Allow xen to search automount
2006-11-09 20:12:53 +00:00
6ba4868651
- Fix spec of jre files
2006-11-09 18:57:53 +00:00
0806593363
- Fix unconfined access to shadow file
2006-11-08 20:21:53 +00:00
4d11495dab
- Allow xend to create files in xen_image_t directories
2006-11-08 20:10:30 +00:00
0fcc493f96
- Fixes for /var/lib/hal
2006-11-08 13:28:28 +00:00
f08bf9299c
- Remove ability for sysadm_t to look at audit.log
2006-11-07 21:16:47 +00:00
f3ecbbfcb9
- Fix rpc_port_types
...
- Add aide policy for mls
2006-11-07 20:38:46 +00:00
d7e0f9fa0d
- Merge with upstream
2006-11-06 21:15:57 +00:00
0dae3b6d89
- Lots of fixes for ricci
2006-11-03 21:27:47 +00:00
d095a0e65b
- Add perms for swat
2006-11-01 00:09:08 +00:00
6b97615edf
- Allow daemons to dump core files to /
2006-10-30 21:18:40 +00:00
8fb79d40f4
- Fixes for ricci
2006-10-30 16:45:09 +00:00
6672fcfbdd
- Allow mount.nfs to work
2006-10-27 19:16:43 +00:00
85659e704f
- Allow ricci-modstorage to look at lvm_etc_t
2006-10-27 14:42:56 +00:00
08efeffbe5
- Fixes for ricci using saslauthd
2006-10-25 15:31:39 +00:00
dc804f3593
- Allow mountpoint on home_dir_t and home_t
2006-10-24 19:55:28 +00:00
8ff9d6e5a3
- Update xen to read nfs files
2006-10-24 16:12:29 +00:00
3d011ff2e8
Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4
...
- Allow noxattrfs to associate with other noxattrfs
2006-10-23 20:54:50 +00:00
Daniel J Walsh
Bill Nottingham