rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
2,291 Commits 8 Branches 96 Tags 37 MiB
b04669aaea
Commit Graph

689 Commits

Author SHA1 Message Date
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
dbb7dd9484 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Chris PeBenito
0484277038 reorganize dbus.fc. 2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1 Gentoo dbus in libexec 2009-08-18 13:13:40 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
LABBE Corentin
58cc9903dd Missing comma in policykit 2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b Debian policykit fixes from Martin Orr. 
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
 2009-08-18 09:49:31 -04:00
Chris PeBenito
b2648249d9 Fix unconfined_r use of unconfined_java_t. 
The unconfined role is running java in the unconfined_java_t.  The current
policy only has a domtrans interface, so the unconfined_java_t domain is not
added to unconfined_r.  Add a run interface and change the unconfined module
to use this new interface.
 2009-08-17 13:19:26 -04:00
Chris PeBenito
4254cec711 Add missing x_device rules for XI2 functions, from Eamon Walsh. 
> Whats the difference between add/remove and create/destroy?
>
> The devices are in a kind of hierarchy.  You can now create one or more
> "master devices" (mouse cursor and keyboard focus).  The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device.  Create/destroy controls the ability to create new master
> devices.
 2009-08-14 13:18:16 -04:00
Chris PeBenito
2a77737d4e Add missing rules to make unconfined_cronjob_t a valid cron job domain. 
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain.  This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
 2009-08-12 14:15:39 -04:00
Chris PeBenito
97e42114db remove redundant xen_append_log() call in hostname. 2009-08-11 14:19:38 -04:00
Chris PeBenito
e51390dfcb fix refpolicy ticket #48. 2009-08-10 11:14:03 -04:00
Chris PeBenito
02e594d5dc Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
Chris PeBenito
e335910197 Add missing compatibility aliases for xdm_xserver*_t types. 
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
 2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
d69616c625 fix ordering in sysnetwork. 2009-08-05 10:23:50 -04:00
Chris PeBenito
48bf6397fc fix ordering in raid. 2009-08-05 10:19:28 -04:00
Chris PeBenito
4b218bd646 fix ordering in pcmcia. 2009-08-05 10:18:31 -04:00
Chris PeBenito
f0e959b4d2 fix ordering in mount. 2009-08-05 10:16:41 -04:00
Chris PeBenito
54327d48ee fix ordering in modutils. 2009-08-05 10:15:45 -04:00
Chris PeBenito
568efbe895 fix ordering of interface calls in lvm. 2009-08-05 10:07:35 -04:00
Chris PeBenito
8cd1306e5b fix ordering of interface calls in locallogin. 2009-08-05 10:06:04 -04:00
Chris PeBenito
e6985f91ab fix ordering of interface calls in iptables. 2009-08-05 10:04:13 -04:00
Chris PeBenito
464ffa57fd fix ordering of interface calls in init. 2009-08-05 10:01:06 -04:00
Chris PeBenito
14d282253f fix ordering of interface calls in hostname. 2009-08-05 09:57:14 -04:00
Chris PeBenito
5b5300c823 fix ordering of interface calls in getty. 2009-08-05 09:55:58 -04:00
Chris PeBenito
79ca728b5f fix ordering of interface calls in fstools. 2009-08-05 09:54:52 -04:00
Chris PeBenito
08638af216 fix ordering of interface calls in clock. 2009-08-05 09:52:34 -04:00
Chris PeBenito
2acba7bbdb fix ordering of interface calls in authlogin. 2009-08-05 09:51:47 -04:00
Chris PeBenito
9c47227c7a fix ordering of interface calls in sudo. 2009-08-05 09:48:46 -04:00
Chris PeBenito
78a9c2815d add bin_t labeling for gentoo dhcpcd-run-hooks location 2009-07-30 09:34:00 -04:00
Chris PeBenito
4c92f08f75 openrc unfortunately mounts a tmpfs at /lib/rc 2009-07-30 08:57:15 -04:00
Chris PeBenito
cfdbf366cb gentoo init script system uses tmpfs for state data 2009-07-30 08:33:43 -04:00
Chris PeBenito
efa0acccea gentoo init script system sends audit messages. 2009-07-29 21:50:32 -04:00
Chris PeBenito
3162277ade alsa file location update for debian, from Manoj. 2009-07-29 15:28:14 -04:00
Chris PeBenito
2a4740c0a0 whitespace fixes in apt. 2009-07-29 15:24:52 -04:00
Chris PeBenito
b5aaa7b72d clean up 6a192f70d4 2009-07-29 15:12:48 -04:00
Manoj Srivastava
6a192f70d4 Update apt/aptitude policy to add support for lock/log files 
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
 2009-07-29 15:00:39 -04:00
Chris PeBenito
50458c8bb7 pull most of fedora changes to rpc. 2009-07-29 14:55:30 -04:00
Chris PeBenito
0c89174f7f pull most of fedora changes to samba. 2009-07-29 14:40:34 -04:00
Chris PeBenito
105e85ac8e /dev/fuse should be s0 not mls_high 
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device.  Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs.  It will also make it unusable I
believe on an MLS machine.  Mostly I have seen fusefs used for remote
access to data.  sshfs for example.
 2009-07-29 11:08:50 -04:00
Chris PeBenito
363e8fb98a pull in part of fedora mta changes 2009-07-29 10:59:09 -04:00
Chris PeBenito
20c3ccee1a add fprintd module from dan. 2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea add devicekit module from dan. 2009-07-29 10:02:06 -04:00
Chris PeBenito
4e7c0a93a6 consolekit patch from dan. 2009-07-29 09:13:54 -04:00
Chris PeBenito
33322290f2 automount patch from dan. 2009-07-29 08:59:26 -04:00
Chris PeBenito
8f3bddfbfd cups patch from dan. 2009-07-28 15:46:26 -04:00
Chris PeBenito
4be3e11094 pull in apache_admin() from fedora 2009-07-28 13:24:08 -04:00
Chris PeBenito
91550027de vmware patch from dan. 2009-07-28 11:37:34 -04:00
Chris PeBenito
423a4a3a2c fix dbus type transition conflict. 
switch dbus ranged calls from daemon domain to system domain.  This works
around a type transition conflict.  It is also why the non-ranged
init_system_domain() is used instead of init_daemon_domain().
 2009-07-28 11:05:19 -04:00
Chris PeBenito
41ea887598 sudo patch from dan. 2009-07-28 10:29:11 -04:00
Chris PeBenito
83f0b50814 readahead patch from dan. 2009-07-28 10:08:02 -04:00
Chris PeBenito
4083191c4b add missing userdom interfaces 2009-07-28 09:35:46 -04:00
Chris PeBenito
c7ae9ae1c8 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-07-28 08:00:03 -04:00
Chris PeBenito
ebf3ec9063 snort patch from dan. 2009-07-27 16:04:10 -04:00
Chris PeBenito
5f6c30f8bd wm policy from dan 2009-07-27 15:11:22 -04:00
Chris PeBenito
708a74a212 oddjob patch from dan. 2009-07-27 10:52:20 -04:00
Chris PeBenito
fa50187c5e kerneloops patch from dan 2009-07-27 10:44:19 -04:00
Chris PeBenito
9de7c1706d hal patch from dan. 2009-07-27 10:18:50 -04:00
Chris PeBenito
fe1205a810 avahi patch from dan 2009-07-27 09:57:20 -04:00
Chris PeBenito
e04438840b dbus patch from dan 2009-07-27 09:46:35 -04:00
Chris PeBenito
5be35f2acd tmpreaper patch from dan. 2009-07-27 09:11:38 -04:00
Chris PeBenito
06625d302c mozilla patch from dan. 2009-07-27 09:11:12 -04:00
Chris PeBenito
f4962ab15b add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
Chris PeBenito
09516cb4be remove read_default_t tunable 2009-07-23 08:58:35 -04:00
Chris PeBenito
5bb5ec1d40 podsleuth patch from dan. 2009-07-21 10:11:16 -04:00
Chris PeBenito
13306f56b6 afs client patch from dan. 2009-07-21 10:11:03 -04:00
Chris PeBenito
b93a7dacca bluetooth patch from dan. 2009-07-21 10:10:47 -04:00
Chris PeBenito
ad0aea536b clamav patch from dan. 2009-07-21 10:10:31 -04:00
Chris PeBenito
92f08c7130 mailman patch from dan. 2009-07-21 10:10:17 -04:00
Chris PeBenito
1847443ea3 ricci patch from dan. 2009-07-21 10:10:00 -04:00
Chris PeBenito
d8822462c4 fix policykit interface 2009-07-21 10:09:14 -04:00
Chris PeBenito
e4f73afb8e gpg patch from dan 2009-07-21 10:07:38 -04:00
Chris PeBenito
5271dd30bc module version bump for 9b1907b217 2009-07-21 10:07:10 -04:00
Chris PeBenito
9b1907b217 add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
Chris PeBenito
7395f80119 ppp patch from dan 2009-07-20 15:41:19 -04:00
Chris PeBenito
4aa075262a kerberos patch from dan 2009-07-20 15:41:08 -04:00
Chris PeBenito
8f17f7c2ee dnsmasq patch from dan. 2009-07-20 15:40:57 -04:00
Chris PeBenito
93d300831d dhcp patch from dan 2009-07-20 15:40:41 -04:00
Chris PeBenito
af5374d3a5 policykit.if whitespace fix 2009-07-20 11:37:22 -04:00
Chris PeBenito
adea587572 4 patches from dan. 2009-07-20 11:34:46 -04:00
Chris PeBenito
edb7b90d89 add kismet and pulseaudio ports. fix sorting of ports. 2009-07-20 11:17:31 -04:00
Chris PeBenito
9e90ce33db add policykit from dan. 2009-07-20 11:15:09 -04:00
Chris PeBenito
b67201eae7 fix bad varnishd interface names 2009-07-20 09:44:25 -04:00
Chris PeBenito
7694abdff7 module version bump for f2583aa83b 2009-07-15 09:30:08 -04:00
Manoj Srivastava
f2583aa83b Remove duplicate distro_redhat context 
A recent update added an generic context for the lock files, so the
entry in distro_redhat can be removed.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2009-07-15 09:27:36 -04:00
Chris PeBenito
ce6fee6575 5 patches from dan 2009-07-14 10:30:22 -04:00
Chris PeBenito
10b03f376b three debian patches from manoj 2009-07-14 09:05:59 -04:00
Chris PeBenito
84d88df579 trunk: fix typo in guest role decl. 2009-07-08 15:23:29 +00:00
Chris PeBenito
9ac9739087 trunk: update policycaps comments for sock_file open perm. 2009-07-01 13:34:54 +00:00
Chris PeBenito
bb88161284 trunk: 3 patches from dan. 2009-06-30 19:27:21 +00:00
Chris PeBenito
45b975db5b trunk: add missing varnish port. 2009-06-30 17:48:15 +00:00
Chris PeBenito
50824a99ca trunk: pads from dan. 2009-06-30 15:03:20 +00:00
Chris PeBenito
46e2fa6d39 trunk: prelude patch from dan. 2009-06-30 14:44:50 +00:00
Chris PeBenito
267d9c60c5 trunk: varnishd from dan. 2009-06-30 13:49:53 +00:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
20272c2b27 trunk: 7 patches from dan. 2009-06-26 13:22:39 +00:00
Chris PeBenito
c989807d4a trunk: nis patch from dan. 2009-06-25 15:16:29 +00:00