Commit Graph

227 Commits

Author SHA1 Message Date
Dan Walsh
0daa8b731a - Fix fusefs handling
- Do not allow sandbox to manage nsplugin_rw_t
- Allow mozilla_plugin_t to connecto its parent
- Allow init_t to connect to plymouthd running as kernel_t
- Add mediawiki policy
- dontaudit sandbox sending signals to itself.  This can happen when they are running at different mcs.
- Disable transition from dbus_session_domain to telepathy for F14
- Allow boinc_project to use shm
- Allow certmonger to search through directories that contain certs
- Allow fail2ban the DAC Override so it can read log files owned by non root users
2010-10-07 09:19:43 -04:00
Dan Walsh
ea3b7b5dff - Add vnstat policy
- allow libvirt to send audit messages
- Allow chrome-sandbox to search nfs_t
2010-09-16 18:00:00 -04:00
Dan Walsh
a0e8efd42c - Update to upstream 2010-09-13 16:17:15 -04:00
Dan Walsh
30a7d17203 - Add policy for ajaxterm 2010-09-09 09:58:12 -04:00
Dan Walsh
6578cf7413 - More access needed for devicekit
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14 - Merge with upstream 2010-08-26 20:35:53 -04:00
Dan Walsh
922cd61e83 * Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 07:55:04 -04:00
Daniel J Walsh
8d55a410dc - New permissions for syslog
- New labels for /lib/upstart
2010-07-26 20:32:18 +00:00
Daniel J Walsh
0f2ae00c61 - Update to upstream 2010-07-15 13:11:25 +00:00
Daniel J Walsh
74e6a69ce9 -Update to upstream 2010-06-28 21:27:05 +00:00
Daniel J Walsh
7c727a891e - Add Zarafa policy 2010-06-16 20:19:22 +00:00
Daniel J Walsh
244b4526c6 - Cleanup of aiccu policy
- initial mock policy
2010-06-16 18:25:47 +00:00
Daniel J Walsh
f2403c5b4f - Cleanup of aiccu policy
- initial mock policy
2010-06-11 15:39:46 +00:00
Daniel J Walsh
bca242c772 - Add xdm_var_run_t to xserver_stream_connect_xdm
- Add cmorrord and mpd policy from Miroslav Grepl
2010-06-02 19:36:11 +00:00
Daniel J Walsh
bc4089cfaa - Update to upstream 2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34 - Update to upstream 2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e - Merge with upstream 2010-02-16 22:10:14 +00:00
Daniel J Walsh
487de6f251 - Add icecast policy
- Cleanup spec file
2010-02-08 22:06:23 +00:00
Daniel J Walsh
30c21992cb - Add mcelog policy 2010-02-03 20:52:58 +00:00
Daniel J Walsh
a62c6405cc - Lots of fixes found in F12 2010-02-02 16:41:03 +00:00
Daniel J Walsh
89ad5ea38f - Turn on puppet policy
- Update to dgrift git policy
2010-01-14 21:49:18 +00:00
Daniel J Walsh
7723ea3a29 - Update to upstream 2010-01-09 14:08:52 +00:00
Daniel J Walsh
e2f53dfaec - Cleanups from dgrift 2009-12-23 13:02:27 +00:00
Daniel J Walsh
550cc5f4f4 - Add back xserver_manage_home_fonts 2009-12-22 17:25:13 +00:00
Daniel J Walsh
7d40583319 - Dontaudit sandbox trying to read nscd and sssd 2009-12-21 22:53:07 +00:00
Daniel J Walsh
194b53e038 - Fixes for abrt calls 2009-12-17 19:34:18 +00:00
Daniel J Walsh
9c90ba7e8e - Add tgtd policy 2009-12-16 13:30:38 +00:00
Daniel J Walsh
755e2d6934 - Add tgtd policy 2009-12-11 20:18:55 +00:00
Daniel J Walsh
9eef358da0 - Update to upstream release 2009-12-10 19:20:14 +00:00
Daniel J Walsh
ee88b050c5 - Add asterisk policy back in 2009-11-20 16:55:54 +00:00
Daniel J Walsh
32594a1112 - Allow vpnc request the kernel to load modules 2009-10-02 15:15:36 +00:00
Daniel J Walsh
d976a83a17 - Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
Daniel J Walsh
5b96313949 - Update rhcs policy 2009-09-29 19:47:31 +00:00
Daniel J Walsh
8b10e3abd7 - Update rhcs policy 2009-09-29 12:38:58 +00:00
Daniel J Walsh
69290fd9df - Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
6b7b0c1cdc - Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
    the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
ab8f807545 - More fixes 2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b - More fixes 2009-09-08 23:55:31 +00:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
cbedd06c12 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-12 20:09:21 +00:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Daniel J Walsh
c6e2224c70 - Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
df7055d5b3 - Update to upstream 2009-07-23 21:47:41 +00:00
Daniel J Walsh
221642f17f - Add rtkit policy 2009-06-25 21:43:36 +00:00
Daniel J Walsh
9850f4d30d - Allow kpropd to create tmp files 2009-06-24 13:15:55 +00:00
Daniel J Walsh
8866315d40 - Update to upstream
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
eead2a6f25 - Allow fprintd to access sys_ptrace
- Add sandbox policy
2009-05-20 17:28:24 +00:00
Daniel J Walsh
7b6c105887 - Add varnishd policy 2009-05-18 18:49:15 +00:00
Daniel J Walsh
5dd89f3819 - Fix /sbin/ip6tables-save context 2009-05-02 11:52:13 +00:00
Daniel J Walsh
37ebfc9102 - Add shorewall policy 2009-04-30 22:22:00 +00:00
Daniel J Walsh
40d8f60dd7 - Allow nsplugin to unix_read unix_write sem for unconfined_java 2009-04-28 20:09:21 +00:00
Daniel J Walsh
d4af172a64 - Separate out the ucnonfined user from the unconfined.pp package 2009-04-11 12:30:22 +00:00
Daniel J Walsh
25a47636ae - Upgrade to latest upstream
- Allow devicekit_disk sys_rawio
2009-04-08 00:59:46 +00:00
Daniel J Walsh
f49c57d5e6 - Allow setroubelshoot exec* privs to prevent crash from bad libraries
- add cpufreqselector
2009-04-03 14:45:58 +00:00
Daniel J Walsh
5dce3c12f7 - Add xenner and wine fixes from mgrepl 2009-03-20 18:42:38 +00:00
Daniel J Walsh
46b5649f90 - Add pulseaudio context 2009-03-09 21:17:23 +00:00
Daniel J Walsh
0c34c69a38 - Add pulseaudio context 2009-03-09 16:18:51 +00:00
Daniel J Walsh
4f5b223107 - Upgrade to latest patches 2009-03-06 21:11:04 +00:00
Daniel J Walsh
a67a1c12aa - Upgrade to latest patches 2009-03-05 21:05:47 +00:00
Daniel J Walsh
496752533e - Further confinement of qemu images via svirt 2009-02-27 21:22:47 +00:00
Daniel J Walsh
1d1c058a4e - Add git web policy 2009-02-10 16:08:36 +00:00
Daniel J Walsh
2fbeb784fa - Fixes for wicd daemon 2009-01-28 22:23:18 +00:00
Daniel J Walsh
1b94a1375f - Add wm policy 2009-01-21 20:39:17 +00:00
Daniel J Walsh
acc137684b - Add devicekit policy 2009-01-19 22:34:56 +00:00
Daniel J Walsh
87fb15321a - Allow cups_pdf_t write to nfs_t 2009-01-12 16:59:00 +00:00
Daniel J Walsh
dcd0c96f34 - Allow unconfined_r unconfined_java_t 2008-12-11 15:21:57 +00:00
Daniel J Walsh
02d888c766 - Fix labeling on /var/spool/rsyslog 2008-11-25 19:18:01 +00:00
Daniel J Walsh
6a09cfb688 - Allow hal/pm-utils to look at /var/run/video.rom
- Add ulogd policy
2008-11-05 18:26:36 +00:00
Daniel J Walsh
411a424e1c - Additional fixes for cyphesis
- Fix certmaster file context
- Add policy for system-config-samba
2008-11-04 15:40:31 +00:00
Daniel J Walsh
a023a0be19 - Allow dhcpc to restart ypbind
- Fixup labeling in /var/run
2008-11-03 22:42:53 +00:00
Daniel J Walsh
333ebd64df - Allow dhcpc to restart ypbind
- Fixup labeling in /var/run
2008-11-03 21:09:40 +00:00
Daniel J Walsh
4125702a20 - Update to upstream 2008-10-14 23:50:08 +00:00
Daniel J Walsh
675bbabe24 - Update to upstream policy 2008-10-09 03:10:32 +00:00
Daniel J Walsh
11ef2470b7 - Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58 - Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-18 19:34:12 +00:00
Daniel J Walsh
8d197ddd11 - Merge upstream changes
- Add Xavier Toth patches
2008-09-18 14:19:06 +00:00
Daniel J Walsh
b844bb281b - Merge upstream changes
- Add Xavier Toth patches
2008-09-17 23:56:23 +00:00
Daniel J Walsh
59571abd0d - Merge upstream changes
- Add Xavier Toth patches
2008-09-16 13:57:15 +00:00
Daniel J Walsh
8a482d67b3 - Merge upstream changes
- Add Xavier Toth patches
2008-09-12 20:36:21 +00:00
Daniel J Walsh
aca77a6f2d - Remove gamin policy 2008-09-08 21:01:42 +00:00
Daniel J Walsh
0a219fe07b - Update to upstream
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
cd8bee594b - Update to upstream
- Fix crontab use by unconfined user
2008-08-29 19:29:23 +00:00
Daniel J Walsh
1a0f642074 - Update to upstream 2008-08-11 21:19:25 +00:00
Daniel J Walsh
6ed8533082 - Update to latest refpolicy 2008-07-15 15:22:39 +00:00
Daniel J Walsh
15f71c5d61 - Add livecd policy 2008-06-04 17:26:52 +00:00
Daniel J Walsh
a4995d5c65 - Merge Upstream 2008-05-30 20:12:46 +00:00
Daniel J Walsh
7fd4585229 - Merge Upstream 2008-05-23 20:05:34 +00:00
Daniel J Walsh
7e6a2a413c updated policy 2008-05-20 21:37:28 +00:00
Daniel J Walsh
4b7f030014 Update for rawhide 2008-05-19 13:02:56 +00:00
Daniel J Walsh
6c25b428ce - Remove dmesg boolean
- Allow user domains to read/write game data
2008-05-06 17:01:42 +00:00
Daniel J Walsh
987b10f86d - Add cups_pdf policy
- Add openoffice policy to run in xguest
2008-03-14 00:25:00 +00:00
Daniel J Walsh
1bf67d57ed - Fix initrc_context generation for MLS 2008-03-06 22:25:06 +00:00
Daniel J Walsh
c092cc1478 - Add cyphesis policy 2008-02-26 23:02:51 +00:00
Daniel J Walsh
b53db53c9f - Add policy for kerneloops
- Add policy for gnomeclock
2008-02-05 18:31:25 +00:00
Daniel J Walsh
b19d470cd4 - Update to upstream
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
Daniel J Walsh
e1060e24d5 - Allow fail2ban to create a socket in /var/run 2008-02-01 13:49:05 +00:00
Daniel J Walsh
f18a882ba5 - Add audisp policy and prelude 2008-01-30 21:34:13 +00:00
Daniel J Walsh
98f84cb0ed - Add procmail_log support
- Lots of fixes for munin
2008-01-21 15:57:25 +00:00