Commit Graph

781 Commits

Author SHA1 Message Date
Daniel J Walsh
de61cc7d10 - Allow kerneloops to create tmp files 2008-10-23 12:59:31 +00:00
Daniel J Walsh
ae68d97fe5 - More alias for fastcgi 2008-10-22 13:34:13 +00:00
Daniel J Walsh
236d3cc19a - Remove mod_fcgid-selinux package 2008-10-21 18:31:38 +00:00
Daniel J Walsh
b9e15d9766 - Fix dovecot access 2008-10-20 19:53:30 +00:00
Daniel J Walsh
49f48f4a99 - Policy cleanup 2008-10-17 22:03:34 +00:00
Daniel J Walsh
b4cab5a3eb - Remove Multiple spec
- Add include
- Fix makefile to not call per_role_expansion
2008-10-16 19:56:59 +00:00
Daniel J Walsh
6115689216 - Remove Multiple spec
- Add include
- Fix makefile to not call per_role_expansion
2008-10-16 17:28:39 +00:00
Daniel J Walsh
4b4392dd08 - Fix labeling of libGL 2008-10-15 21:32:30 +00:00
Daniel J Walsh
4125702a20 - Update to upstream 2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9 - Update to upstream 2008-10-11 23:57:43 +00:00
Daniel J Walsh
675bbabe24 - Update to upstream policy 2008-10-09 03:10:32 +00:00
Daniel J Walsh
1062bd3849 - Fixes for confined xwindows and xdm_t 2008-10-06 19:10:48 +00:00
Daniel J Walsh
86369ef439 - Allow confined users and xdm to exec wm
- Allow nsplugin to talk to fifo files on nfs
2008-10-03 20:11:22 +00:00
Daniel J Walsh
f1a8278899 - Allow NetworkManager to transition to avahi and iptables
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:49:44 +00:00
Daniel J Walsh
b42a1eddf9 - Allow domains to search other domains keys, coverup kernel bug 2008-10-03 15:07:40 +00:00
Daniel J Walsh
094ef3d610 - Fix labeling for oracle 2008-10-01 19:15:34 +00:00
Daniel J Walsh
2ede4ec7ba - Allow nsplugin to comminicate with xdm_tmp_t sock_file 2008-10-01 12:27:11 +00:00
Daniel J Walsh
99873745bf - Change all user tmpfs_t files to be labeled user_tmpfs_t
- Allow radiusd to create sock_files
2008-09-30 14:39:16 +00:00
Daniel J Walsh
b709ffd738 - Upgrade to upstream 2008-09-25 18:54:16 +00:00
Daniel J Walsh
ed32c64290 - Allow confined users to login with dbus 2008-09-23 20:14:47 +00:00
Daniel J Walsh
a80e7ac6a3 - Fix transition to nsplugin 2008-09-23 15:14:53 +00:00
Daniel J Walsh
d86efe56b9 - Fix transition to nsplugin 2008-09-22 20:07:59 +00:00
Daniel J Walsh
f0375d509e - Add file context for /dev/mspblk.* 2008-09-22 17:55:56 +00:00
Daniel J Walsh
f77dd2c9db - Fix transition to nsplugin '
Thu Sep 18 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-22 12:33:03 +00:00
Daniel J Walsh
11ef2470b7 - Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58 - Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-18 19:34:12 +00:00
Daniel J Walsh
16c3ff1596 - Merge upstream changes
- Add Xavier Toth patches
2008-09-12 14:21:05 +00:00
Daniel J Walsh
aca77a6f2d - Remove gamin policy 2008-09-08 21:01:42 +00:00
Daniel J Walsh
d0d3073e2f - Add tinyxs-max file system support 2008-09-04 20:59:27 +00:00
Daniel J Walsh
0a219fe07b - Update to upstream
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
3ad3552b8a - Allow audit dispatcher to kill his children 2008-08-29 20:54:34 +00:00
Daniel J Walsh
cd8bee594b - Update to upstream
- Fix crontab use by unconfined user
2008-08-29 19:29:23 +00:00
Daniel J Walsh
7638e78556 - Allow ifconfig_t to read dhcpc_state_t 2008-08-26 14:46:43 +00:00
Daniel J Walsh
eb7e6dca5e - Allow ifconfig_t to read dhcpc_state_t 2008-08-13 19:24:36 +00:00
Daniel J Walsh
57ae10cc0d - Update to upstream 2008-08-12 15:06:36 +00:00
Daniel J Walsh
1a0f642074 - Update to upstream 2008-08-11 21:19:25 +00:00
Daniel J Walsh
b5d09d1532 - Update to upstream 2008-08-07 20:05:57 +00:00
Daniel J Walsh
0f1bd620e5 - Allow system-config-selinux to work with policykit 2008-08-07 12:22:07 +00:00
Daniel J Walsh
174291bc3e - Fix novel labeling 2008-08-05 20:49:34 +00:00
Daniel J Walsh
170fa29709 - Fix novel labeling 2008-08-01 16:38:49 +00:00
Daniel J Walsh
07bd5c4abb - Consolodate pyzor,spamassassin, razor into one security domain
- Fix xdm requiring additional perms.
2008-07-30 13:48:03 +00:00
Daniel J Walsh
8f2532e249 - Fixes for logrotate, alsa 2008-07-25 11:53:34 +00:00
Daniel J Walsh
f12d5b90db - Eliminate vbetool duplicate entry 2008-07-25 04:24:01 +00:00
Daniel J Walsh
0b05335dd6 - Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
- Change dhclient to be able to red networkmanager_var_run
2008-07-24 18:19:05 +00:00
Daniel J Walsh
feefeee019 - Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t 2008-07-17 19:53:32 +00:00
Daniel J Walsh
078ad09a44 - Update to latest refpolicy
- Fix libsemanage initial install bug
2008-07-15 20:06:55 +00:00
Daniel J Walsh
6ed8533082 - Update to latest refpolicy 2008-07-15 15:22:39 +00:00
Daniel J Walsh
df6220163f - Add inotify support to nscd 2008-07-10 15:28:32 +00:00
Daniel J Walsh
6db69f086d Add nscd inotify fix 2008-07-09 13:05:54 +00:00
Daniel J Walsh
43f9fcec3e - Allow unconfined_t to setfcap 2008-07-08 20:14:39 +00:00
Daniel J Walsh
273a44c689 - Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems
2008-07-07 17:56:28 +00:00
Daniel J Walsh
258b00e5b7 - Allow ypbind apps to net_bind_service 2008-07-03 20:14:23 +00:00
Daniel J Walsh
75edec44e7 - Allow all system domains and application domains to append to any log
file
2008-07-02 20:45:43 +00:00
Daniel J Walsh
cd60b64c83 - Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files
2008-06-30 21:12:23 +00:00
Daniel J Walsh
c18681476b - Allow vpnc to run ifconfig 2008-06-26 12:12:35 +00:00
Daniel J Walsh
f86ed5a437 - Allow confined users to use postgres
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server
2008-06-24 11:14:04 +00:00
Daniel J Walsh
547aa2a382 - Apply unconfined_execmem_exec_t to haskell programs 2008-06-23 12:20:04 +00:00
Daniel J Walsh
6959e0bb76 - Fix prelude file context 2008-06-23 00:55:21 +00:00
Daniel J Walsh
fe0d467c2b - allow hplip to talk dbus
- Fix context on ~/.local dir
2008-06-22 12:22:25 +00:00
Daniel J Walsh
f4ff8bb944 - Prevent applications from reading x_device 2008-06-12 19:57:12 +00:00
Daniel J Walsh
5608a9da69 - Add /var/lib/selinux context 2008-06-12 18:44:52 +00:00
Daniel J Walsh
af0f735167 - Update to upstream 2008-06-12 14:50:00 +00:00
Daniel J Walsh
c5c253fae5 - Update to upstream 2008-06-11 19:01:26 +00:00
Daniel J Walsh
f513c7b90b - Add livecd policy 2008-06-10 19:34:59 +00:00
Daniel J Walsh
15f71c5d61 - Add livecd policy 2008-06-04 17:26:52 +00:00
Daniel J Walsh
91ec07f1df - Dontaudit search of admin_home for init_system_domain
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac
2008-06-04 12:57:43 +00:00
Daniel J Walsh
80e0b808d5 - Begin XAce integration 2008-06-03 20:27:28 +00:00
Daniel J Walsh
081b6ac47e - Merge Upstream 2008-06-02 18:56:05 +00:00
Daniel J Walsh
2e33f7ba70 - Merge Upstream 2008-06-02 17:10:33 +00:00
Daniel J Walsh
4b7f030014 Update for rawhide 2008-05-19 13:02:56 +00:00
Daniel J Walsh
993c27dacb - Allow amanada to create data files 2008-05-07 19:10:59 +00:00
Daniel J Walsh
6c25b428ce - Remove dmesg boolean
- Allow user domains to read/write game data
2008-05-06 17:01:42 +00:00
Daniel J Walsh
86881dd93f - Change unconfined_t to transition to unconfined_mono_t when running mono
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so
    gnome-do will work
2008-04-29 16:05:11 +00:00
Daniel J Walsh
2d8ff5157a - Remove old booleans from targeted-booleans.conf file 2008-04-28 21:24:59 +00:00
Daniel J Walsh
b4e933120a - Don't run crontab from unconfined_t 2008-04-24 21:08:32 +00:00
Daniel J Walsh
ef5e600999 - Don't run crontab from unconfined_t 2008-04-24 19:41:22 +00:00
Daniel J Walsh
4b1d56da14 - Change etc files to config files to allow users to read them 2008-04-23 14:15:54 +00:00
Daniel J Walsh
a6a82aec79 - dontaudit mrtg reading /proc
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace
2008-04-15 20:27:09 +00:00
Daniel J Walsh
5896bad9cf 2008-04-14 20:01:48 +00:00
Daniel J Walsh
bb36d75512 2008-04-11 18:58:08 +00:00
Daniel J Walsh
06686c20a2 - Allow dhcpd to read kernel network state 2008-04-10 19:45:47 +00:00
Daniel J Walsh
41625a26ea - Label /var/run/gdm correctly
- Fix unconfined_u user creation
2008-04-10 14:37:57 +00:00
Daniel J Walsh
254e3c7af3 - Allow transition from initrc_t to getty_t 2008-04-08 20:14:36 +00:00
Daniel J Walsh
5a576e06f0 - Allow passwd to communicate with user sockets to change gnome-keyring 2008-04-08 19:17:28 +00:00
Daniel J Walsh
7f851af8d9 - Fix initial install 2008-04-08 03:17:46 +00:00
Daniel J Walsh
c3c4a525c2 - 2008-04-06 12:06:47 +00:00
Daniel J Walsh
27943de6a0 - Allow radvd to use fifo_file
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
    the boolean is set
2008-04-05 10:39:06 +00:00
Daniel J Walsh
c66f2bc425 - Allow nsplugin to read /etc/mozpluggerrc, user_fonts
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t
2008-04-01 09:21:21 +00:00
Daniel J Walsh
294ea7a213 - Allow initrc_t to dbus chat with consolekit. 2008-03-29 18:36:09 +00:00
Daniel J Walsh
e54cb216a8 - Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed
2008-03-28 22:07:45 +00:00
Daniel J Walsh
f70afcdd9e - Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs
2008-03-26 06:17:27 +00:00
Daniel J Walsh
bf3d39e959 - Fix file context for MATLAB
- Fixes for xace
2008-03-21 23:24:11 +00:00
Daniel J Walsh
5ea3f10caf - Allow stunnel to transition to inetd children domains
- Make unconfined_dbusd_t an unconfined domain
2008-03-20 16:11:16 +00:00
Daniel J Walsh
94b7be909e 2008-03-18 21:10:02 +00:00
Daniel J Walsh
ba9e5e8244 - Fixes for qemu/virtd 2008-03-17 21:42:05 +00:00
Daniel J Walsh
97081dcb9d - Fix bug in mozilla policy to allow xguest transition
- This will fix the
2008-03-14 21:17:21 +00:00
Daniel J Walsh
a6e1280791 - Fix bug in mozilla policy to allow xguest transition
- This will fix the
2008-03-14 21:13:24 +00:00
Daniel J Walsh
d593d26c1d - Allow nsplugin to run acroread 2008-03-14 15:59:07 +00:00
Daniel J Walsh
987b10f86d - Add cups_pdf policy
- Add openoffice policy to run in xguest
2008-03-14 00:25:00 +00:00
Daniel J Walsh
7f811bf534 - prewika needs to contact mysql
- Allow syslog to read system_map files
2008-03-13 12:58:25 +00:00