Commit Graph

19 Commits

Author SHA1 Message Date
Dan Walsh
bdc8508a69 Add policy for geard in docker world 2014-03-27 14:42:34 -04:00
Miroslav Grepl
ab84f40064 - Allow init_t to stream connect to ipsec
- Add /usr/lib/systemd/systemd-networkd policy
- Add sysnet_manage_config_dirs()
- Add support for /var/run/systemd/network and labeled it as net_conf_t
- Allow unpriv SELinux users to dbus chat with firewalld
- Add lvm_write_metadata()
- Label /etc/yum.reposd dir as system_conf_t. Should be safe because system_conf_t is base_ro_file_type
- Add support for /dev/vmcp and /dev/sclp
- Add docker_connect_any boolean
- Fix zabbix policy
- Allow zabbix to send system log msgs
- Allow pegasus_openlmi_storage_t to write lvm metadata
- Updated pcp_bind_all_unreserved_ports
- Allow numad to write scan_sleep_millisecs
- Turn on entropyd_use_audio boolean by default
- Allow cgred to read /etc/cgconfig.conf because it contains templates used together with rules from /etc/cgrules.conf.
- Allow lscpu running as rhsmcertd_t to read /proc/sysinfo
2014-03-12 11:14:14 +01:00
Dan Walsh
7254e6ed56 RUn docker instance as permissive, changing to fast 2014-02-27 15:50:00 -05:00
Lukas Vrabec
4cde844b7e Added osad to permissive domains 2014-02-03 14:09:01 +01:00
Dan Walsh
ae07faa147 Turn off F20 permissive domains, add docker 2013-11-21 09:20:24 -05:00
Lukas Vrabec
8fd86ca941 Added new policies to permissivedomains.te 2013-11-21 12:07:26 +01:00
Miroslav Grepl
a05567464c Make hypervvssd_t as permissive domain 2013-10-04 00:16:45 +02:00
Dan Walsh
1b0e0923f8 Cleanup related to init_domain()+inetd_domain fixes
- Use just init_domain instead of init_daemon_domain in inetd_core_service_domain
- svirt domains neeed to create kobject_uevint_sockets
- Lots of new access required for sosreport
- Allow tgtd_t to connect to isns ports
- Allow init_t to transition to all inetd domains:
- openct needs to be able to create netlink_object_uevent_sockets
- Dontaudit leaks into ldconfig_t
- Dontaudit su domains getattr on /dev devices, move su domains to attribute based calls
- Move kernel_stream_connect into all Xwindow using users
- Dontaudit inherited lock files in ifconfig o dhcpc_t
2013-09-05 09:40:37 -04:00
Dan Walsh
4fa797e9d8 Add prosody policy 2013-07-01 07:19:11 -04:00
Dan Walsh
88eb5b40ad Add gssproxy policy 2013-05-31 17:24:35 -04:00
Dan Walsh
13b7212ad0 add openstack swift domain 2013-02-04 17:03:20 -05:00
Dan Walsh
330d3c0f25 add openshift_cron_t as a permissive domain 2013-02-01 13:36:46 -05:00
Dan Walsh
32922067ef Add systemd_sysctl_t as a permissive domain 2013-01-31 10:30:03 -05:00
Dan Walsh
c14302d03d Rename gnomeclock to systemd_timedated 2013-01-15 18:54:56 -05:00
Dan Walsh
afbf138ed9 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
Conflicts:
	selinux-policy.spec
2013-01-15 11:54:07 -05:00
Dan Walsh
bd7833f997 Fresh start on permissive domains for F19 2013-01-05 07:12:20 -05:00
Miroslav Grepl
a270091f19 Make rawhide == f18 2012-12-17 17:21:00 +01:00
Dan Walsh
2815c1a4e4 Remove permissive domains in F17 from F18 2012-06-07 14:12:42 -04:00
Miroslav Grepl
4daeee80d1 Add permissivedomains module
* sync with F17
2012-06-06 15:26:24 +02:00