Commit Graph

154 Commits

Author SHA1 Message Date
Chris PeBenito
a99f69fd0e Loadkeys patch from Dan Walsh.
Dontaudit leaked sockets
2010-06-18 15:12:33 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
2e4e39d26a Loadkeys patch from Dan Walsh. 2010-05-14 11:40:26 -04:00
Chris PeBenito
84940a0995 Java patch from Dan Walsh.
Additional java context

unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled

We want unconfined java apps to transition to rpm when they execute rpm_exec_t.  To maintain proper labeling.
2010-05-14 10:40:59 -04:00
Chris PeBenito
857d37e84a GPG patch from Dan Walsh. 2010-04-30 15:24:19 -04:00
Chris PeBenito
bf54d5be44 Module version bumps for c586c1b, dcbb332, 4c05dff, 84ce9c3, 2b012ba, and 1868383. 2010-03-29 09:21:59 -04:00
Chris PeBenito
ad0071bbe4 Tweaks on pulseaudio 1868383, ksmtuned d279dd6, and smokeping f3c346c. 2010-03-29 09:19:40 -04:00
Jeremy Solt
18683835fd pulseaudio patch from Dan Walsh
Fixed template where it should have been interface
Replaced read_home and manage_home interfaces with read_home_files, manage_home_files and reduced access
Removed admin_dir reference
Replaced rtkit_daemon_system_domain with rtkit_scheduled
Fixed style / spacing issues
2010-03-29 08:41:45 -04:00
Chris PeBenito
df29613c72 Module version bump for 75c8a69. 2010-03-22 13:51:35 -04:00
Jeremy Solt
75c8a691ee gitosis read/manage lib interfaces from Dan Walsh
Only giving manage_files_pattern for gitosis_manage_lib_files
2010-03-22 13:48:39 -04:00
Chris PeBenito
ce693cbbec Module version bump for ae07c9e. 2010-03-16 14:33:43 -04:00
Jeremy Solt
ae07c9e2e8 Screen needs to setattr on user_ttydevice_t from Dan Walsh 2010-03-16 13:36:45 -04:00
Chris PeBenito
ba1c45337b Module version bump for 3137148. 2010-03-16 13:10:14 -04:00
Jeremy Solt
31371480b0 Run interface for ptchown from Dan Walsh 2010-03-16 11:34:58 -04:00
Chris PeBenito
5dac50953f Module version bump for cf3da95. 2010-03-08 10:02:34 -05:00
Jeremy Solt
cf3da95084 Allow cdrecord_t to execute bin_t from Dan Walsh
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito
4fd0889171 Java patch from Dan Walsh. 2010-02-19 11:21:38 -05:00
Chris PeBenito
1e0f483a18 Mono patch from Dan Walsh. 2010-02-19 10:42:43 -05:00
Chris PeBenito
a777957b49 Rename qemu_unconfined_t to unconfined_qemu_t. 2010-02-19 10:27:09 -05:00
Chris PeBenito
8a1c9c505f Rearrage qemu.if. 2010-02-19 10:16:28 -05:00
Chris PeBenito
72295e93e1 Qemu patch from Dan Walsh. 2010-02-19 10:15:19 -05:00
Chris PeBenito
4796d07ee0 Wine patch from Dan Walsh. 2010-02-19 09:17:51 -05:00
Chris PeBenito
6f30d7e770 Pulseaudio patch from Dan Walsh. 2010-02-16 15:13:08 -05:00
Chris PeBenito
c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito
46b03739ac Seunshare patch from Dan Walsh. 2009-12-01 10:31:28 -05:00
Chris PeBenito
d7776f58c2 Screen patch from Dan Walsh. 2009-12-01 10:31:17 -05:00
Chris PeBenito
6394ea6143 Podsleuth patch from Dan Walsh. 2009-12-01 10:30:50 -05:00
Chris PeBenito
b77daab0ed Mozilla patch from Dan Walsh. 2009-12-01 10:30:30 -05:00
Chris PeBenito
36ded4bd36 GPG patch from Dan Walsh. 2009-12-01 10:30:07 -05:00
Chris PeBenito
962d6fb9b0 Calamaris patch from Dan Walsh. 2009-12-01 10:29:51 -05:00
Chris PeBenito
ed3a1f559a bump module versions for release. 2009-11-17 10:05:56 -05:00
Chris PeBenito
a1a45de06e reorganize a92ee50 2009-10-22 10:35:45 -04:00
Dominick Grift
a92ee50126 Implement screen-locking feature.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-10-22 10:33:05 -04:00
Chris PeBenito
4be8dd10b9 add seunshare from dan. 2009-09-28 15:40:06 -04:00
Chris PeBenito
1d3b9e384c clean up xscreensaver. 2009-09-15 09:41:42 -04:00
corentin.labbe
31f9c109c1 SELinux xscreensaver policy support
Hello

This a patch for adding xscreensaver policy.

I think it need a specific policy because of the auth_domtrans_chk_passwd.

cordially

Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
2009-09-15 08:46:28 -04:00
Chris PeBenito
dbed95369c add gitosis from miroslav grepl. 2009-09-03 09:52:08 -04:00
Chris PeBenito
634a13c21f cpufreqselector patch from dan. 2009-09-03 09:15:17 -04:00
Chris PeBenito
f6137171f3 add an additional vmware host program. 2009-09-03 08:56:58 -04:00
Chris PeBenito
6fdef06522 screen patch from dan. 2009-09-03 08:49:26 -04:00
Chris PeBenito
72b834ccb0 remove stale screen_dir_t references
The screen_dir_t was made an alias of the screen_var_run_t type.
Remove the remaining references to this type.
2009-09-03 08:39:42 -04:00
Chris PeBenito
ca7fa520e7 gpg patch from dan.
gpg sends sigstop and signull

Reads usb devices

Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
2009-09-03 08:23:18 -04:00
Chris PeBenito
93be4ba581 Webalizer does not list inotify, this was caused by leaked file descriptors in either dbus or cron. Both of which have been cleaned up. 2009-09-02 09:10:30 -04:00
Chris PeBenito
a4b6385b9d cdrecord patch from dan. 2009-09-01 09:22:40 -04:00
Chris PeBenito
1a79193449 awstats patch from dan. 2009-09-01 08:59:24 -04:00
Chris PeBenito
aac56b12b7 add ptchown policy from dan. 2009-08-31 10:21:01 -04:00
Chris PeBenito
a3dd1499ef pulseaudio patch from dan. 2009-08-31 10:07:57 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00