Commit Graph

69 Commits

Author SHA1 Message Date
Lukas Vrabec
bfb6adef8b Added support for linuxptp policy. 2014-11-07 19:12:59 +01:00
Lukas Vrabec
d681f58aea Add cinder to modules-targeted-contrib 2014-10-21 14:53:28 +02:00
Lukas Vrabec
50b67a748c Add mon_statd to modules-targeted-contrib.conf 2014-10-13 15:41:34 +02:00
Dan Walsh
3e4dce057d Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2014-10-12 07:15:47 -04:00
Dan Walsh
d3cbfbfff6 We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
Lukas Vrabec
1e232a7f1c Activate cpuplug policy 2014-10-06 15:21:58 +02:00
Lukas Vrabec
98ab4a3d80 Activated module brltty policy 2014-10-06 13:05:03 +02:00
Lukas Vrabec
3ad626f241 Add support for naemon, Add naemon to permissive domains 2014-07-22 13:45:54 +02:00
Miroslav Grepl
13bbbdb636 Clean up modules-targeted-{contrib,base}.conf from dups. 2014-06-19 14:58:29 +02:00
Lukas Vrabec
1dda0950c8 Add kmscon policy to modules-targeted-contrib.conf and to
permissivedomains
2014-06-12 18:00:33 +02:00
Lukas Vrabec
e929b7e20b Added iotop to permissive domains, and modules-targeted-contrib 2014-05-12 15:42:54 +02:00
Miroslav Grepl
bf38d6fee2 - mongod should not be a part of cloudforms.pp
- Fix labeling in snapper.fc
- Allow docker to read unconfined_t process state
- geoclue dbus chats with NetworkManager
- Add cockpit policy
- Add interface to allow tools to check the processes state of bind/named
- Allow myslqd to use the tram port for Galera/MariaDB
2014-04-23 11:47:29 +02:00
Dan Walsh
e3248078a3 Add cockpit policy 2014-04-22 08:41:06 -04:00
Dan Walsh
1c6a5631e8 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2014-04-11 15:08:16 -04:00
Miroslav Grepl
f8f75f94a2 - Turn on gear_port_t
- Add gear policy and remove permissive domains.
- Add labels for ostree
- Add SELinux awareness for NM
- Label /usr/sbin/pwhistory_helper as updpwd_exec_t
2014-03-27 20:39:58 +01:00
Dan Walsh
bdc8508a69 Add policy for geard in docker world 2014-03-27 14:42:34 -04:00
Dan Walsh
96f7ac46ed Remove vbetool we no longer ship this 2014-02-27 16:00:58 -05:00
Lukas Vrabec
f2fd78e00e Add keepalived to modules-targeted-contrib 2014-02-17 13:42:02 +01:00
Lukas Vrabec
99989c2bfc Added osad to modules-targeted-contrib.conf 2014-02-03 10:22:22 +01:00
Miroslav Grepl
451a1078c0 Turn on rhnsd policy 2014-01-31 15:18:53 +01:00
Miroslav Grepl
98755aae81 Turn on bacula policy 2014-01-31 10:21:40 +01:00
Miroslav Grepl
4918dedb61 Add rkhunter policy 2014-01-27 11:24:48 +01:00
Miroslav Grepl
99d95cac6e Add geoclue policy 2014-01-21 12:22:50 +01:00
Miroslav Grepl
368fb803a8 See spec file 2014-01-17 16:40:25 +01:00
Lukas Vrabec
162a2c3802 Added speech-dispatcher to modules-targeted-contrib.conf 2013-12-20 15:28:27 +01:00
Miroslav Grepl
e0c1a1b49f Turn on mirrormanager policy 2013-12-19 21:10:46 +01:00
Miroslav Grepl
2397102af8 - Allow freeipmi_ipmidetectd_t to use freeipmi port
- Update freeipmi_domain_template()
- Allow journalctl running as ABRT to read /run/log/journal
- Allow NM to read dispatcher.d directory
- Update freeipmi policy
- Type transitions with a filename not allowed inside conditionals
- Allow tor to bind to hplip port
- Make new type to texlive files in homedir
- Allow zabbix_agent to transition to dmidecode
- Add rules for docker
- Allow sosreport to send signull to unconfined_t
- Add virt_noatsecure and virt_rlimitinh interfaces
- Fix labeling in thumb.fc to add support for /usr/lib64/tumbler-1/tumblerddd support for freeipm
- Add sysadm_u_default_contexts
- Add logging_read_syslog_pid()
- Fix userdom_manage_home_texlive() interface
- Make new type to texlive files in homedir
- Add filename transitions for /run and /lock links
- Allow virtd to inherit rlimit information
2013-12-12 17:23:54 +01:00
Lukas Vrabec
0dc67d04d6 Added vmtools to modules-targeted-contrib.conf 2013-12-10 11:26:08 +01:00
Lukas Vrabec
5689bdb03b Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2013-12-06 11:18:21 +01:00
Lukas Vrabec
d487bf5144 Added conman to modules-targeted-contrib.conf 2013-12-06 11:17:48 +01:00
Miroslav Grepl
6de8b20964 Add freeipmi policy 2013-12-06 10:00:23 +01:00
Lukas Vrabec
65289ba44b Added ninfod and openwsman to modules-targeted-contrib.conf 2013-12-05 15:43:22 +01:00
Lukas Vrabec
a2db29cc4f Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2013-11-21 17:36:29 +01:00
Lukas Vrabec
3e4e5fbcd1 Added rasdaemon module to modules-targeted-contrib.conf 2013-11-21 17:35:26 +01:00
Dan Walsh
ae07faa147 Turn off F20 permissive domains, add docker 2013-11-21 09:20:24 -05:00
Lukas Vrabec
ba211c8644 Added new policies to modules-targeted-contrib.conf 2013-11-21 11:13:23 +01:00
Miroslav Grepl
269ef098f1 * Wed Nov 13 2013 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-1
- Update to upstream
2013-11-13 16:05:06 +01:00
Miroslav Grepl
0f9b0de389 Upload new upstream sources 2013-11-13 15:27:57 +01:00
Miroslav Grepl
47a93c4a0b Add journalctl to modules-targeted-contrib 2013-11-05 23:04:20 +01:00
Miroslav Grepl
207905d08a "motion+rtas should be in modules-targeted-contrib.conf" 2013-10-17 14:56:48 +02:00
Lukas Vrabec
e1c33bb141 Add motion module to modules-targeted-contrib config file. 2013-10-08 15:28:27 +02:00
Dan Walsh
1b0e0923f8 Cleanup related to init_domain()+inetd_domain fixes
- Use just init_domain instead of init_daemon_domain in inetd_core_service_domain
- svirt domains neeed to create kobject_uevint_sockets
- Lots of new access required for sosreport
- Allow tgtd_t to connect to isns ports
- Allow init_t to transition to all inetd domains:
- openct needs to be able to create netlink_object_uevent_sockets
- Dontaudit leaks into ldconfig_t
- Dontaudit su domains getattr on /dev devices, move su domains to attribute based calls
- Move kernel_stream_connect into all Xwindow using users
- Dontaudit inherited lock files in ifconfig o dhcpc_t
2013-09-05 09:40:37 -04:00
Miroslav Grepl
d618dfb7db Add oracleasm policy 2013-08-07 10:06:23 +02:00
Miroslav Grepl
9bbfec8ce7 Activate watchdog policy 2013-08-06 15:08:02 +02:00
Miroslav Grepl
faa2916cd9 Activate openhpid policy 2013-07-10 10:48:34 +02:00
Dan Walsh
d3c6b2620c Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2013-07-08 12:26:37 -04:00
Miroslav Grepl
d1027c54b9 - Add prosody policy written by Michael Scherer
- Allow nagios plugins to read /sys info
- ntpd needs to manage own log files
- Add support for HOME_DIR/.IBMERS
- Allow iptables commands to read firewalld config
- Allow consolekit_t to read utmp
- Fix filename transitions on .razor directory
- Add additional fixes to make DSPAM with LDA working
- Allow snort to read /etc/passwd
- Allow fail2ban to communicate with firewalld over dbus
- Dontaudit openshift_cgreoup_file_t read/write leaked dev
- Allow nfsd to use mountd port
- Call th proper interface
- Allow openvswitch to read sys and execute plymouth
- Allow tmpwatch to read /var/spool/cups/tmp
- Add support for /usr/libexec/telepathy-rakia
- Add systemd support for zoneminder
- Allow mysql to create files/directories under /var/log/mysql
- Allow zoneminder apache scripts to rw zoneminder tmpfs
- Allow httpd to manage zoneminder lib files
- Add zoneminder_run_sudo boolean to allow to start zoneminder
- Allow zoneminder to send mails
- gssproxy_t sock_file can be under /var/lib
- Allow web domains to connect to whois port.
- Allow sandbox_web_type to connect to the same ports as mozilla_plugin_t.
- We really need to add an interface to corenet to define what a web_client_domain i
- then define chrome_sandbox_t, mozilla_plugin_t and sandbox_web_type to that domain
- Add labeling for cmpiLMI_LogicalFile-cimprovagt
- Also make pegasus_openlmi_logicalfile_t as unconfined to have unconfined_domain at
- Update policy rules for pegasus_openlmi_logicalfile_t
- Add initial types for logicalfile/unconfined OpenLMI providers
- mailmanctl needs to read own log
- Allow logwatch manage own lock files
- Allow nrpe to read meminfo
- Allow httpd to read certs located in pki-ca
- Add pki_read_tomcat_cert() interface
- Add support for nagios openshift plugins
- Add port definition for redis port
- fix selinuxuser_use_ssh_chroot boolean
2013-07-08 09:18:11 +02:00
Miroslav Grepl
961ad881ae Activate nsd policy 2013-07-01 13:35:39 +02:00
Dan Walsh
4fa797e9d8 Add prosody policy 2013-07-01 07:19:11 -04:00
Miroslav Grepl
634d39b171 - Allow lvm_t to create default targets for filesystem handling
- Fix labeling for razor-lightdm binaries
- Allow insmod_t to read any file labeled var_lib_t
- Add policy for pesign
- Activate policy for cmpiLMI_Account-cimprovagt
- Allow isnsd syscall=listen
- /usr/libexec/pegasus/cimprovagt needs setsched caused by sched_setschedule
- Allow ctdbd to use udp/4379
- gatherd wants sys_nice and setsched
- Add support for texlive2012
- Allow NM to read file_t (usb stick with no labels used to transfer keys fo
- Allow cobbler to execute apache with domain transition
2013-06-24 23:12:23 +02:00