rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
5,617 Commits 8 Branches 93 Tags 37 MiB
c1e28f68d8
Commit Graph

5617 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
dd5d7e7583 - More Fixes polyinstatiation Resolves: #216184 2006-12-06 23:27:45 +00:00
Daniel J Walsh
a169fb7433 - Fix handling of keyrings 2006-12-06 19:38:32 +00:00
Daniel J Walsh
852ba6bb2f - Fix polyinstatiation 
- Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350
 2006-12-05 23:05:39 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Daniel J Walsh
414ddd0de3 - More fixes for quota Resolves: #212957 2006-12-01 21:52:08 +00:00
Daniel J Walsh
9f388c1a78 - ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014 2006-12-01 17:58:00 +00:00
Daniel J Walsh
b6ffd7c2ae - Allow login programs to polyinstatiate homedirs Resolves: #216184 
- Allow quotacheck to create database files Resolves: #212957
 2006-11-30 22:06:22 +00:00
Daniel J Walsh
aba668f5f8 - Allow login programs to polyinstatiate homedirs Resolves: #216184 2006-11-30 20:55:33 +00:00
Daniel J Walsh
036c1c2fb6 - Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 
Resolves: #217611 Resolves: #217640 Resolves: #217725
 2006-11-30 20:23:49 +00:00
Daniel J Walsh
cc1462b7d0 - Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 
Resolves: #217611 Resolves: #217640 Resolves: #217725
 2006-11-29 20:11:02 +00:00
Chris PeBenito
563e58e863 patch from dan for some missing gen_require()s 2006-11-29 13:44:40 +00:00
Chris PeBenito
bff907113d fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out. 2006-11-28 15:57:22 +00:00
Chris PeBenito
c31f6724c0 fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out. 2006-11-28 15:47:47 +00:00
Daniel J Walsh
e4d46c95f3 - Fix context for helix players file_context #216942 2006-11-27 22:17:34 +00:00
Daniel J Walsh
02560dace3 - Fix load_policy to be able to mls_write_down so it can talk to the 
terminal
 2006-11-20 23:24:21 +00:00
Daniel J Walsh
4218645103 - Fixes for hwclock, clamav, ftp 2006-11-20 23:01:06 +00:00
Daniel J Walsh
9e4aeac9dd - Move to upstream version which accepted my patches 2006-11-17 19:21:40 +00:00
Chris PeBenito
fa45da0efd add aide, ccs, and ricci 2006-11-16 20:56:24 +00:00
Daniel J Walsh
b28d0a788f - Fixes for nvidia driver 2006-11-16 19:25:03 +00:00
Chris PeBenito
d31d3c159e This modifies the mls constraint for polmatch in the association class. 
Specifically:

- polmatch need no longer make an exception for unlabeled_t
  since a flow will now always match SPD rules with no contexts (per
  the IPSec leak fix patch upstreamed a few weeks back), as
  opposed to needing polmatch access to unlabeled_t.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
 2006-11-16 13:38:14 +00:00
Daniel J Walsh
a3f2f571c0 - Fixes for nvidia driver 2006-11-15 22:34:04 +00:00
Daniel J Walsh
150bdfbc67 - Fixes for nvidia driver 2006-11-15 22:28:06 +00:00
Daniel J Walsh
b0ecaa962d - Allow semanage to signal mcstrans 2006-11-15 21:43:36 +00:00
Daniel J Walsh
73ea8c2e4d - Update to upstream 2006-11-15 15:22:30 +00:00
Daniel J Walsh
d925bd337d - Allow modstorage to edit /etc/fstab file 2006-11-14 18:33:09 +00:00
Chris PeBenito
c6a60bb28d On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote: 
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
 2006-11-14 13:38:52 +00:00
Daniel J Walsh
ec17438ae0 - Fix for qemu, /dev/ 
Mon Nov 13 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-11
- Fix path to realplayer.bin
 2006-11-14 04:57:37 +00:00
Daniel J Walsh
32b91c9d1f - Fix path to realplayer.bin 2006-11-13 20:48:57 +00:00
Chris PeBenito
59f8539306 - Add a reload target to Modules.devel and change the load 
target to only insert modules that were changed.
 2006-11-13 03:36:13 +00:00
Chris PeBenito
ed38ca9f3d fixes from gentoo strict testing: 
- Allow semanage to read from /root on strict non-MLS for
  local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
  on clients.
 2006-11-13 03:24:07 +00:00
Daniel J Walsh
06b64f8c21 - Allow xen to connect to xen port 2006-11-10 20:37:08 +00:00
Daniel J Walsh
1a986f04dc - Allow cups to search samba_etc_t directory 
- Allow xend_t to list auto_mountpoints
 2006-11-10 13:31:34 +00:00
Daniel J Walsh
2098c9bff2 - Allow xen to search automount 2006-11-09 20:12:53 +00:00
Daniel J Walsh
6ba4868651 - Fix spec of jre files 2006-11-09 18:57:53 +00:00
Daniel J Walsh
0806593363 - Fix unconfined access to shadow file 2006-11-08 20:21:53 +00:00
Daniel J Walsh
4d11495dab - Allow xend to create files in xen_image_t directories 2006-11-08 20:10:30 +00:00
Daniel J Walsh
0fcc493f96 - Fixes for /var/lib/hal 2006-11-08 13:28:28 +00:00
Daniel J Walsh
f08bf9299c - Remove ability for sysadm_t to look at audit.log 2006-11-07 21:16:47 +00:00
Daniel J Walsh
f3ecbbfcb9 - Fix rpc_port_types 
- Add aide policy for mls
 2006-11-07 20:38:46 +00:00
Chris PeBenito
0f9a2be65d add missing gentoo file contexts for initrc and lvm 2006-11-07 19:38:10 +00:00
Daniel J Walsh
d7e0f9fa0d - Merge with upstream 2006-11-06 21:15:57 +00:00
Daniel J Walsh
0dae3b6d89 - Lots of fixes for ricci 2006-11-03 21:27:47 +00:00
Chris PeBenito
f497b8df50 Christopher J. PeBenito wrote: 
> We could add another 'or' on the above constraint:
> 
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
> 
> I believe that would be the constraint you were looking for.  I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
> 

Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint.  The name is still a bit
forced, but it works.

-matt <mra at hp dot com>
 2006-11-01 15:42:22 +00:00
Daniel J Walsh
d095a0e65b - Add perms for swat 2006-11-01 00:09:08 +00:00
Chris PeBenito
d9845ae92a patch from dan Tue, 24 Oct 2006 11:00:28 -0400 2006-10-31 21:01:48 +00:00
Daniel J Walsh
6b97615edf - Allow daemons to dump core files to / 2006-10-30 21:18:40 +00:00
Daniel J Walsh
8fb79d40f4 - Fixes for ricci 2006-10-30 16:45:09 +00:00
Daniel J Walsh
6672fcfbdd - Allow mount.nfs to work 2006-10-27 19:16:43 +00:00
Daniel J Walsh
85659e704f - Allow ricci-modstorage to look at lvm_etc_t 2006-10-27 14:42:56 +00:00
Chris PeBenito
582438054d fix up corecommands perm sets, add seutil_manage_config_dirs() 2006-10-27 13:55:35 +00:00