Dan Walsh
c6fa935fd5
Fix sandbox tcp_socket calls to create_stream_socket_perms
...
Dontaudit sandbox_xserver_t trying to get the kernel to load modules
telepathy_msn sends dbus messages to networkmanager
mailman_t trys to read /root/.config
xserver tries to getpgid on processes that start it.
pam_systemd causes /var/run/users to be called for all login programs. Must allow them to create directories
2010-08-31 18:36:43 -04:00
Dan Walsh
4fccad906d
Allow qmail to use uucpd
...
Fixes found by Tom London for devicekit and udev using usbmuxd socket
2010-08-31 10:51:10 -04:00
Dan Walsh
5fb4db53ad
Add Miroslav Grepl patch for jabberd, adding new type for jabberd router.
2010-08-31 08:56:30 -04:00
Dan Walsh
5537e5558b
Apply Dominick Grift typo fixes
2010-08-30 17:32:41 -04:00
Dan Walsh
079779a634
Allow hald to transition to netutils
...
Block signal via mcs systems
2010-08-30 15:15:03 -04:00
Dan Walsh
ddcd5d6350
Dontaudit signals from sandbox domains to domains that transition to them
2010-08-30 13:32:47 -04:00
Dan Walsh
73f7d4f4a2
Fix spelling mistake
2010-08-30 11:30:00 -04:00
Dan Walsh
c71f02c02d
More fixes
2010-08-30 11:15:53 -04:00
Dan Walsh
2d4a79a061
Policy fixes
2010-08-30 08:57:06 -04:00
Dan Walsh
ac498fa5d9
More fixes
2010-08-27 10:56:56 -04:00
Dan Walsh
08e567dc56
Latest fixes
2010-08-26 20:30:04 -04:00
Dan Walsh
9561b0ab08
Update f14
2010-08-26 15:42:17 -04:00
Dan Walsh
4765a595e8
Fixes for f14
2010-08-26 15:29:37 -04:00
Dan Walsh
46c24a359b
ditto
2010-08-26 13:23:23 -04:00
Dan Walsh
aae38f05a6
whoya
2010-08-26 13:16:02 -04:00
Dan Walsh
2968e06818
Update f14
2010-08-26 12:55:57 -04:00
Dan Walsh
a947daf6df
Update f14
2010-08-26 10:27:35 -04:00
Dan Walsh
3eaa993945
UPdate for f14 policy
2010-08-26 09:41:21 -04:00
Chris PeBenito
00ca404a20
Remove unnecessary require on cgroup_admin().
2010-08-09 09:10:24 -04:00
Chris PeBenito
d687db9b42
Whitespace fixes on cgroup.
2010-08-09 08:52:39 -04:00
Dominick Grift
61d7ee58a4
Confine /sbin/cgclear.
...
Libcgroup moved cgclear to /sbin.
Confine it so that initrc_t can domain transition to the cgclear_t domain. That way we do not have to extend the initrc_t domains policy.
We might want to add cgroup_run_cgclear to sysadm module.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-09 08:47:15 -04:00
Dominick Grift
288845a638
Services layer xml files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 09:25:29 -04:00
Chris PeBenito
8da88970be
Accountsd cleanup.
2010-08-03 09:50:40 -04:00
Chris PeBenito
d0eebed0b7
Move accountsd to services.
2010-08-03 09:31:53 -04:00
Chris PeBenito
a7ee7f819a
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 09:20:22 -04:00
Chris PeBenito
9d4395a736
MojoMojo from Lain Arnell.
2010-08-02 09:28:06 -04:00
Chris PeBenito
a72e42f485
Interface documentation standardization patch from Dan Walsh.
2010-08-02 09:22:09 -04:00
Chris PeBenito
29f3bfa464
Fix JIT usage for freshclam.
...
http://marc.info/?l=selinux&m=127893898208934&w=2
2010-07-13 08:39:54 -04:00
Chris PeBenito
4b76ea5f51
Module version bump for fa1847f
.
2010-07-12 14:02:18 -04:00
Dominick Grift
fa1847f4a2
Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-09 09:43:04 -04:00
Chris PeBenito
3c4e9fce8e
Make spamassassin optional for milter, from Russell Coker.
2010-07-07 08:55:57 -04:00
Chris PeBenito
bca0cdb86e
Remove duplicate/redundant rules, from Russell Coker.
2010-07-07 08:41:20 -04:00
Chris PeBenito
1db1836ab9
Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role().
2010-07-06 13:17:05 -04:00
Dominick Grift
7e5463b58c
fix cgroup_admin
...
When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-01 09:02:58 -04:00
Chris PeBenito
113d2e023d
Minor tweaks and module version bump for a00fc1c
.
2010-06-25 09:51:34 -04:00
Dominick Grift
a00fc1c317
hddtemp fixes.
...
Clean up network control section.
Implement hddtemp_etc_t for /etc/sysconfig/hddtemp. The advantages are:
- hddtemp_t no longer needs access to read all generic etc_t files.
- allows us to implement a meaningful hddtemp_admin()
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-25 09:43:54 -04:00
Chris PeBenito
9a4d292902
Netutils patch from Dan Walsh.
...
ping gets leaked log descriptor from nagios.
Label send_arp as ping_exec_t
2010-06-17 10:16:19 -04:00
Chris PeBenito
48f99a81c0
Whitespace change: drop unnecessary blank line at the start of .te files.
2010-06-10 08:16:35 -04:00
Chris PeBenito
5c942ceb83
AFS patch from Dan Walsh.
2010-06-10 08:08:23 -04:00
Chris PeBenito
b521229560
Abrt patch from Dan Walsh.
...
Abrt uses /var/spool/abrt now and changed the name of its lock
Now uses a stream socket
Installs debuginfo packages
sys_nice itself
2010-06-10 07:58:00 -04:00
Chris PeBenito
53f9abbe68
Clean up cgroup. Rename cgconfigparser to cgconfig.
2010-06-08 09:15:41 -04:00
Chris PeBenito
0041a78ef7
Remove cgroup_t usage in cgroup_admin() since it is not owned by the module.
2010-06-08 09:12:03 -04:00
Chris PeBenito
04dcd73fe3
Whitespace fixes in cgroup and init.
2010-06-08 08:47:26 -04:00
Dominick Grift
ddf821332f
add libcg policy.
...
Libcgroup automates cgroup management.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-08 08:38:22 -04:00
Chris PeBenito
29af4c13e7
Bump module versions for release.
2010-05-24 15:32:01 -04:00
Chris PeBenito
7934ac10d3
Module version bump for 1184392 and more.
...
* module version bump
* make apache and unconfined portions optiona
* rearrange lines
2010-05-24 13:08:09 -04:00
Chris PeBenito
ca28376c4d
Module version bump for 7942f7f.
2010-05-24 13:08:09 -04:00
Chris PeBenito
bdf5e19931
Module version bump for 383bd32.
2010-05-24 13:08:09 -04:00
Chris PeBenito
63583f4e29
Module version bump for f61ef24.
2010-05-24 13:08:09 -04:00
Chris PeBenito
a107f875bd
Remove redundant optional and libs_* calls in clogd.
2010-05-24 13:08:08 -04:00