Dominick Grift
5ebd1a52a5
Use domtrans_pattern because it include permission the sigchld target domain and other required access to domain transition.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
2d102f8402
Whitespace, newline and tab fixes.
...
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 12:18:31 +02:00
Dominick Grift
60d27bf8ab
Tunable, optional, if(n)def block go below.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 10:43:14 +02:00
Dominick Grift
2e2a24e07d
Use stream_connect_pattern.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-16 10:43:14 +02:00
Dan Walsh
4d71bc3534
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
2010-09-15 16:06:43 -04:00
Dominick Grift
83029ff3c5
Use relabel permission sets where possible.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
4ec4a49e8a
Add missing admin_patterns to rpcbind_admin.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
ac13ad949b
Use stream connect pattern.
...
Use stream_connect_pattern.
Use stream_connect_pattern.
Use stream_connect_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
ad424545db
Use ps_process_pattern to read state.
...
Use ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
87cd6eef3a
Reduntant: Is already included with userdom_search_user_home_dirs.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
4eaffd271f
Access to get attributes of target pppd_t domain is included with ps_process_pattern.
...
Access to get attributes of target privoxy_t domain is included with ps_process_pattern.
Access to get attributes of target radiusd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:29 +02:00
Dominick Grift
39e118bc15
Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern.
...
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
1215dfb87c
Allow pads_admin to search parent directories to be able to interact with pads content.
...
Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.
Allow postgresql admin to search parent directories to be able to manage postgresql content.
Allow prelude_admin to search parent directories to be able to manage prelude content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
d183137edb
XML summary fix.
...
XML summary fix.
XML summary fix.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
dcbbeeada3
Access to get attributes of target accountsd_t domain is included with ps_process_pattern.
...
Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.
Access to get attributes of target asterisk_t domain is included with ps_process_pattern.
Permission to get attributes of target automount_t domain is included with ps_process_pattern.
Access to get attributes of target ntpd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
b6d0a79f2c
Use admin_pattern. Allow nslcd_admin to search parent directories to be able to interact with nslcd content.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
eb12bc3076
Source is required to search generic pid directories to be able to interact with mysql sockets in var_run.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
f386b9002d
Use the stream_connect_pattern.
...
Use stream_connect_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
c5e7db7a71
Allow mpd_admin to manage mpd tmpfs content.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
0ba923e7d9
Source is required to search generic tmpfs directories to be able to interact with mpd tmpfs content.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
0ab415250b
Redundant: mpd_search_lib already includes files_search_var_lib.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
7d34935ff2
Memcached_admin is required to search generic pid directories to be able to manage memcached pid content.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
aa5baa96ed
Allow icecast_admin to ptrace and signal the icecast_t domain.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
4b81a55013
This is redundant since base user can search generic proc directories and included ps_process_pattern call permits all else.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
7d36c9fa13
Permission to search proc_t directories is required to be able to read abrt state.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Permission to search generic proc directories is required to read hald_t state.
2010-09-15 17:42:28 +02:00
Dominick Grift
b36824efdf
Permit fetchmail_admin to ptrace and signal the fetchmail_t domain.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
cf152b4953
Replace some type statements by comma delimiters.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
47cf98ddd5
Permission to get attributes of target devicekit_t, devicekit_disk_t and devicekit_power_t domains are included with ps_process_patterns.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:28 +02:00
Dominick Grift
5ecaacae61
Type system_cronjob_var_run_t is not required here.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:27 +02:00
Dominick Grift
beb9c35b25
Types crontab_exec_t, cron_spool_t and user_cron_spool_t are required here.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:27 +02:00
Dominick Grift
d8d33a15bf
Permission to search generic pid directories is included with files_pid_filetrans.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:27 +02:00
Dominick Grift
0540e22fcc
Use ps_process_pattern to read state. Permission to seach proc_t directories is required to read automount state.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:27 +02:00
Dominick Grift
cb76ff4560
Type xenstored_var_run_t is required here.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:27 +02:00
Dominick Grift
8c0a06a69a
Type print_spool_t is not required here.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 17:42:27 +02:00
Dan Walsh
9461b60657
Add the ability to send audit messages to confined admin policies
...
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS
2010-09-15 11:31:20 -04:00
Miroslav Grepl
3b0a9c74bb
Allow iscsid to manage tgtd semaphores
2010-09-15 16:50:07 +02:00
Chris PeBenito
fee48647ac
Module version bump for c17ad38
5271920
2a2b6a7
01c4413
c4fbfae
a831710
...
67effb0
483be01
c6c63f6
b0d8d59
5b082e4
b8097d6
689d954
5afc3d3
f3c5e77
a59e50c
cf87233
17759c7
dc1db54
e9bf16d
4f95198
bf40792
622c63b
c20842c
dc7cc4d
792d448
2010-09-15 10:42:34 -04:00
Jeremy Solt
792d44840c
radvd patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
dc7cc4d5c1
snort patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
c20842caf8
stunnel patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
622c63b4e3
zabbix patch from Dan Walsh
2010-09-15 09:14:55 -04:00
Jeremy Solt
bf40792ae5
zebra patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
4f95198644
awstats patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
e9bf16d2d9
certmaster patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
dc1db5407a
pcscd patch from Dan Walsh
...
Edit: removed the dev_list_sysfs call, dev_read_sysfs takes care of it
2010-09-15 09:14:54 -04:00
Jeremy Solt
17759c7326
postgresql patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
cf872339b2
postgrey patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
a59e50c12c
prelude patch from Dan Walsh
2010-09-15 09:14:54 -04:00
Jeremy Solt
f3c5e77754
certwatch patch from Dan Walsh
...
Not including userdom_dontaudit_list_admin_dir - still no admin_home_t in refpolicy
2010-09-15 09:14:54 -04:00
Jeremy Solt
5afc3d3589
firstboot patch from Dan Walsh
...
Not including gnome_admin_home_gconf_filetrans - no admin_home_t in refpolicy
2010-09-15 09:14:54 -04:00