Commit Graph

5271 Commits

Author SHA1 Message Date
Dan Walsh
5253d49ee9 Update from git 2011-06-07 14:43:31 -04:00
Miroslav Grepl
94cdbacbd8 - Add mailscanner policy from dgrift
- Allow chrome to optionally be transitioned to
- Zabbix needs these rules when starting the zabbix_server_mysql
- Implement a type for freedesktop openicc standard (~/.local/share/icc)
- Allow system_dbusd_t to read inherited icc_data_home_t files.
- Allow colord_t to read icc_data_home_t content. #706975
- Label stuff under /usr/lib/debug as if it was labeled under /
2011-06-07 18:12:04 +02:00
Dan Walsh
0535650520 Allow policy.VERSION and modules to ship with package 2011-06-07 11:09:32 -04:00
Dan Walsh
8f6432aac9 Label stuff under /usr/lib/debug as if it was labeled under / 2011-06-06 13:11:10 -04:00
Miroslav Grepl
0e70f655b4 Fix spec file 2011-06-02 15:17:47 +02:00
Miroslav Grepl
a56fb9fa8f - Fixes for sanlock policy
- Fixes for colord policy
- Other fixes
       * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
2011-06-02 15:16:46 +02:00
Miroslav Grepl
b817e17405 - Add more fixes for ABRT retrace-server
- Add telepathy-logger policy
- Add rhev policy
2011-05-26 14:37:08 +02:00
Miroslav Grepl
a8e065be61 - Add rhev policy module to modules-targeted.conf 2011-05-26 14:16:59 +02:00
Miroslav Grepl
ace25237f9 - Lot of fixes
* http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
2011-05-24 16:38:28 +02:00
Dan Walsh
7920a06561 add sanlock and wdmd policy 2011-05-23 18:37:50 -04:00
Dan Walsh
d97c92c34b New policy patch requires updated checkpolicy package 2011-05-23 18:27:11 -04:00
Miroslav Grepl
cb71de50e9 - Allow logrotate to execute systemctl
- Allow nsplugin_t to getattr on gpmctl
- Fix dev_getattr_all_chr_files() interface
- Allow shorewall to use inherited terms
- Allow userhelper to getattr all chr_file devices
- sandbox domains should be able to getattr and dontaudit search of sysctl_kernel_t
- Fix labeling for ABRT Retrace Server
2011-05-19 18:12:32 +02:00
Dan Walsh
d34689e1c3 Add callweaver module 2011-05-17 11:02:03 +02:00
Dan Walsh
7fbbd6f924 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-05-09 14:40:43 -04:00
Miroslav Grepl
27bf70c04e - Dontaudit sys_module for ifconfig
- Make telepathy and gkeyringd daemon working with confined users
- colord wants to read files in users homedir
- Remote login should be creating user_tmp_t not its own tmp files
2011-05-09 20:39:25 +00:00
Dan Walsh
ff120d7be5 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-05-06 10:51:56 -04:00
Miroslav Grepl
cfc00b53cb - Fix label for /usr/share/munin/plugins/munin_* plugins
- Add support for zarafa-indexer
- Fix boolean description
- Allow colord to getattr on /proc/scsi/scsi
- Add label for /lib/upstart/init
- Colord needs to list /mnt
2011-05-05 14:39:44 +00:00
Dan Walsh
e81c7996c4 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-05-03 16:37:04 -04:00
Miroslav Grepl
cead053ef4 Fix typo 2011-05-03 19:50:50 +00:00
Miroslav Grepl
6347ee7725 - Forard port changes from F15 for telepathy
- NetworkManager should be allowed to use /dev/rfkill
- Fix dontaudit messages to say Domain to not audit
- Allow telepathy domains to read/write gnome_cache files
- Allow telepathy domains to call getpw
- Fixes for colord and vnstatd policy
2011-05-03 19:46:26 +00:00
Miroslav Grepl
b02295db9b - Allow init_t getcap and setcap
- Allow namespace_init_t to use nsswitch
- aisexec will execute corosync
- colord tries to read files off noxattr file systems
- Allow init_t getcap and setcap
2011-04-27 16:15:38 +00:00
Dan Walsh
99b2fe91aa Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-04-27 11:06:38 -04:00
Dan Walsh
402e7b8a4a Default telepath to allow it to connect to network ports 2011-04-21 18:26:23 -04:00
Miroslav Grepl
a8c63d7e69 - Add support for ABRT retrace server
- Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners
- Allow telepath_msn_t to read /proc/PARENT/cmdline
- ftpd needs kill capability
- Allow telepath_msn_t to connect to sip port
- keyring daemon does not work on nfs homedirs
- Allow $1_sudo_t to read default SELinux context
- Add label for tgtd sock file in /var/run/
- Add apache_exec_rotatelogs interface
- allow all zaraha domains to signal themselves, server writes to /tmp
- Allow syslog to read the process state
- Add label for /usr/lib/chromium-browser/chrome
- Remove the telepathy transition from unconfined_t
- Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts
- Allow initrc_t domain to manage abrt pid files
- Add support for AEOLUS project
- Virt_admin should be allowed to manage images and processes
- Allow plymountd to send signals to init
- Change labeling of fping6
2011-04-21 16:35:40 +00:00
Dan Walsh
ff64d9c354 Accidently checked in my test spec file 2011-04-21 10:07:57 -04:00
Dan Walsh
fa7479b56f Remove MERGE comments from patch 2011-04-19 11:41:58 -04:00
Dan Walsh
bd16f8dd70 Readd my patch 2011-04-19 11:36:13 -04:00
Dan Walsh
9bd1686ff7 Move to version 26 of policy 2011-04-19 11:34:24 -04:00
Miroslav Grepl
a357639bb0 - Fixes for zarafa policy
- Add support for AEOLUS project
- Change labeling of fping6
- Allow plymountd to send signals to init
- Allow initrc_t domain to manage abrt pid files
- Virt_admin should be allowed to manage images and processes
2011-04-19 13:53:55 +00:00
Dan Walsh
637b33d9f3 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
Conflicts:
	selinux-policy.spec
2011-04-15 14:24:32 -04:00
Miroslav Grepl
6ac26422cc - xdm_t needs getsession for switch user
- Every app that used to exec init is now execing systemdctl
- Allow squid to manage krb5_host_rcache_t files
- Allow foghorn to connect to agentx port - Fixes for colord policy
2011-04-15 09:08:10 +00:00
Dan Walsh
d652e87854 Policy files should not be in repository 2011-04-12 10:58:28 -04:00
Dan Walsh
e935d25737 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
Conflicts:
	selinux-policy.spec
2011-04-12 10:57:09 -04:00
Dan Walsh
826311d497 Testing 2011-04-11 17:06:55 -04:00
Miroslav Grepl
1b7c8fcdf6 - Add Dan's patch to remove 64 bit variants
- Allow colord to use unix_dgram_socket
- Allow apps that search pids to read /var/run if it is a lnk_file
- iscsid_t creates its own directory
- Allow init to list var_lock_t dir
- apm needs to verify user accounts auth_use_nsswitch
- Add labeling for systemd unit files
- Allow gnomeclok to enable ntpd service using systemctl - systemd_syst
- Add label for matahari-broker.pid file
- We want to remove untrustedmcsprocess from ability to read /proc/pid
- Fixes for matahari policy
- Allow system_tmpfiles_t to delete user_home_t files in the /tmp dir
- Allow sshd to transition to sysadm_t if ssh_sysadm_login is turned on
2011-04-11 07:58:00 +00:00
Dan Walsh
86354fa4cc Remove lib64 mapping and use subs. change subs name to file_context.subs_dist 2011-04-05 15:30:24 -04:00
Miroslav Grepl
2130480ad3 - Fix typo 2011-04-05 09:38:41 +00:00
Miroslav Grepl
7300d2eec6 Fix typo 2011-04-04 23:54:47 +00:00
Miroslav Grepl
397c1e2d5c - Add /var/run/lock /var/lock definition to file_contexts.subs
- nslcd_t is looking for kerberos cc files
- SSH_USE_STRONG_RNG is 1 which requires /dev/random
- Fix auth_rw_faillog definition
- Allow sysadm_t to set attributes on fixed disks
- allow user domains to execute lsof and look at application sockets
- prelink_cron job calls telinit -u if init is rewritten
- Fixes to run qemu_t from staff_t
2011-04-04 23:41:02 +00:00
Miroslav Grepl
beba2f9b7a Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 2011-04-04 22:53:30 +00:00
Miroslav Grepl
509b0c2f0f Uncomment SEPOLGEN in Makefile 2011-04-04 21:00:32 +00:00
Dan Walsh
568f781d20 Update to latest versions and change policy version 2011-04-04 16:50:06 -04:00
Miroslav Grepl
81c96b1880 comment out the sepolgen line 2011-04-04 20:43:56 +00:00
Miroslav Grepl
aaa0ee57f3 comment out the sepolgen line 2011-04-04 20:33:32 +00:00
Miroslav Grepl
68129209ed comment out the sepolgen line 2011-04-04 20:16:34 +00:00
Miroslav Grepl
fb7e97f251 - Fix label for /var/run/udev to udev_var_run_t
- Mock needs to be able to read network state
2011-04-04 17:35:35 +00:00
Miroslav Grepl
462b89a9a5 - Add file_contexts.subs to handle /run and /run/lock
- Add other fixes relating to /run changes from F15 policy
2011-04-01 16:27:19 +00:00
Miroslav Grepl
2049a125bf - Add file_contexts.subs to handle /run and /run/lock 2011-04-01 16:13:17 +00:00
Miroslav Grepl
a7705c54e1 - Add file_contexts.subs to handle /run and /run/lock
- Add other fixes relating to /run changes from F15 policy
2011-04-01 16:12:27 +00:00
Miroslav Grepl
36d3f31dcf - Allow $1_sudo_t and $1_su_t open access to user terminals
- Allow initrc_t to use generic terminals
- Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs
-systemd is going to be useing /run and /run/lock for early bootup files.
- Fix some comments in rlogin.if
- Add policy for KDE backlighthelper
- sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems
- sssd wants to read .k5login file in users homedir
- setroubleshoot reads executables to see if they have TEXTREL
- Add /var/spool/audit support for new version of audit
- Remove kerberos_connect_524() interface calling
- Combine kerberos_master_port_t and kerberos_port_t
- systemd has setup /dev/kmsg as stderr for apps it executes
- Need these access so that init can impersonate sockets on unix_dgram_socket
2011-03-25 14:54:13 +00:00