Daniel J Walsh
a67a1c12aa
- Upgrade to latest patches
2009-03-05 21:05:47 +00:00
Daniel J Walsh
0a03cce02d
- Fixes for libvirt
2009-03-04 19:41:16 +00:00
Daniel J Walsh
8c3a31a48a
- Update to Latest upstream
2009-03-03 20:10:30 +00:00
Daniel J Walsh
496752533e
- Further confinement of qemu images via svirt
2009-02-27 21:22:47 +00:00
Jesse Keating
150ff59c76
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-26 00:27:53 +00:00
Daniel J Walsh
52cbcb4196
- Allow NetworkManager to manage /etc/NetworkManager/system-connections
2009-02-20 01:07:59 +00:00
Daniel J Walsh
de67749970
- add virtual_image_context and virtual_domain_context files
2009-02-18 19:45:29 +00:00
Daniel J Walsh
8f6e4365ca
- Allow rpcd_t to send signal to mount_t
...
- Allow libvirtd to run ranged
2009-02-18 14:27:36 +00:00
Daniel J Walsh
8c2b68a3e1
- Fix sysnet/net_conf_t
2009-02-17 16:21:42 +00:00
Daniel J Walsh
81794767c6
- Fix squidGuard labeling
2009-02-17 14:07:10 +00:00
Daniel J Walsh
2eec438a0b
- Re-add corenet_in_generic_if(unlabeled_t)
2009-02-16 22:54:22 +00:00
Daniel J Walsh
e46e005f04
2009-02-11 20:40:13 +00:00
Daniel J Walsh
d43c255c87
UPdate policycorutils version
2009-02-10 16:10:28 +00:00
Daniel J Walsh
1d1c058a4e
- Add git web policy
2009-02-10 16:08:36 +00:00
Daniel J Walsh
bd0db4f147
- Add setrans contains from upstream
2009-02-09 22:07:20 +00:00
Daniel J Walsh
4ed140a4b7
- Allow xdm to create user_tmp_t sockets for switch user to work
2009-02-09 14:23:24 +00:00
Daniel J Walsh
bc861e624e
- Fix staff_t domain
2009-02-06 17:48:29 +00:00
Daniel J Walsh
73fe81bbab
- Grab remainder of network_peer_controls patch
2009-02-05 13:44:44 +00:00
Daniel J Walsh
659e96fa65
- More fixes for devicekit
2009-02-04 16:24:43 +00:00
Daniel J Walsh
c957c38343
- Upgrade to latest upstream
2009-02-04 04:02:17 +00:00
Daniel J Walsh
574cab47f1
- Add boolean to disallow unconfined_t login
2009-02-03 15:26:10 +00:00
Daniel J Walsh
0554a10b80
- Add back transition from xguest to mozilla
2009-01-30 16:49:11 +00:00
Daniel J Walsh
ab3e55d79a
- Add virt_content_ro_t and labeling for isos directory
2009-01-30 15:06:44 +00:00
Daniel J Walsh
2fbeb784fa
- Fixes for wicd daemon
2009-01-28 22:23:18 +00:00
Daniel J Walsh
f899107d92
- Fixes for wicd daemon
2009-01-28 17:23:17 +00:00
Daniel J Walsh
48adbeae08
- More mls/rpm fixes
2009-01-26 16:21:59 +00:00
Daniel J Walsh
14c9b9cdc6
- Add policy to make dbus/nm-applet work
2009-01-23 20:35:45 +00:00
Daniel J Walsh
40dd24d39b
- Remove polgen-ifgen from post and add trigger to policycoreutils-python
2009-01-22 20:10:48 +00:00
Daniel J Walsh
6f8856e9d4
- Add wm policy
...
- Make mls work in graphics mode
2009-01-21 22:49:23 +00:00
Daniel J Walsh
6cf32a1e8b
- Add wm policy
...
- Make mls work in graphics mode
2009-01-21 21:22:11 +00:00
Daniel J Walsh
1b94a1375f
- Add wm policy
2009-01-21 20:39:17 +00:00
Daniel J Walsh
2a4bdae89c
- Fixed for DeviceKit
2009-01-21 16:17:40 +00:00
Daniel J Walsh
acc137684b
- Add devicekit policy
2009-01-19 22:34:56 +00:00
Daniel J Walsh
1d72fb031f
- Update to upstream
2009-01-19 17:35:43 +00:00
Daniel J Walsh
7b146db852
- Define openoffice as an x_domain
2009-01-19 14:28:24 +00:00
Daniel J Walsh
eacea1d45d
- Define openoffice as an x_domain
2009-01-16 21:32:59 +00:00
Daniel J Walsh
339bf3bba8
- Fixes for reading xserver_tmp_t
2009-01-13 16:22:47 +00:00
Daniel J Walsh
87fb15321a
- Allow cups_pdf_t write to nfs_t
2009-01-12 16:59:00 +00:00
Daniel J Walsh
2ed2ff46f8
- Remove audio_entropy policy
2009-01-06 14:46:21 +00:00
Daniel J Walsh
292c49cacc
- Update to upstream
2009-01-05 22:55:20 +00:00
Daniel J Walsh
5df2628335
- Allow hal_acl_t to getattr/setattr fixed_disk
2009-01-04 19:45:03 +00:00
Daniel J Walsh
32363900ec
- Change userdom_read_all_users_state to include reading symbolic links in
...
/proc
2008-12-27 13:06:14 +00:00
Daniel J Walsh
cf8fd9f0cc
- Fix dbus reading /proc information
2008-12-22 22:51:28 +00:00
Daniel J Walsh
bae2e9888e
- Add missing alias for home directory content
2008-12-22 19:35:46 +00:00
Daniel J Walsh
33c7eab541
- Fixes for IBM java location
2008-12-17 21:15:08 +00:00
Daniel J Walsh
dcd0c96f34
- Allow unconfined_r unconfined_java_t
2008-12-11 15:21:57 +00:00
Daniel J Walsh
fd2b62ea68
- Add cron_role back to user domains
2008-12-09 21:04:28 +00:00
Daniel J Walsh
9a43d2b055
- Fix sudo setting of user keys
2008-12-08 22:00:56 +00:00
Daniel J Walsh
163db10557
- Allow iptables to talk to terminals
...
- Fixes for policy kit
- lots of fixes for booting.
2008-12-08 16:38:09 +00:00
Daniel J Walsh
2ae1615a14
- Allow iptables to talk to terminals
...
- Fixes for policy kit
- lots of fixes for booting.
2008-12-04 21:43:55 +00:00
Daniel J Walsh
c136db3296
- Allow iptables to talk to terminals
2008-12-04 20:36:26 +00:00
Daniel J Walsh
01ce3df8a6
- Allow iptables to talk to terminals
2008-12-04 18:47:26 +00:00
Daniel J Walsh
bcb1922de7
- Cleanup policy
2008-12-03 23:40:18 +00:00
Daniel J Walsh
739db21a4a
- Cleanup policy
2008-12-03 22:18:31 +00:00
Ignacio Vazquez-Abrams
23d6844939
Rebuild for Python 2.6
2008-12-01 15:00:41 +00:00
Daniel J Walsh
02d888c766
- Fix labeling on /var/spool/rsyslog
2008-11-25 19:18:01 +00:00
Daniel J Walsh
0d6e623017
- Allow postgresl to bind to udp nodes
2008-11-06 17:47:54 +00:00
Daniel J Walsh
2a650ea1aa
- Allow lvm to dbus chat with hal
...
- Allow rlogind to read nfs_t
2008-11-05 22:21:30 +00:00
Daniel J Walsh
074b12f275
- Fix cyphesis file context
2008-11-05 20:34:06 +00:00
Daniel J Walsh
6a09cfb688
- Allow hal/pm-utils to look at /var/run/video.rom
...
- Add ulogd policy
2008-11-05 18:26:36 +00:00
Daniel J Walsh
411a424e1c
- Additional fixes for cyphesis
...
- Fix certmaster file context
- Add policy for system-config-samba
2008-11-04 15:40:31 +00:00
Daniel J Walsh
333ebd64df
- Allow dhcpc to restart ypbind
...
- Fixup labeling in /var/run
2008-11-03 21:09:40 +00:00
Daniel J Walsh
1bc89b8d4c
- Fix confined users
...
- Allow xguest to read/write xguest_dbusd_t
2008-10-29 20:45:55 +00:00
Daniel J Walsh
2362056f7a
- Fix confined users
...
- Allow xguest to read/write xguest_dbusd_t
2008-10-29 17:12:16 +00:00
Daniel J Walsh
812930ae8d
- Allow openoffice execstack/execmem privs
2008-10-28 23:22:15 +00:00
Daniel J Walsh
d8e5d05b6e
- Allow openoffice execstack/execmem privs
2008-10-28 20:06:14 +00:00
Daniel J Walsh
a3e038c1a1
- Allow openoffice execstack/execmem privs
2008-10-27 21:07:05 +00:00
Daniel J Walsh
4fa9db787c
- Allow mozilla to run with unconfined_execmem_t
2008-10-25 11:14:56 +00:00
Daniel J Walsh
798a73de69
- Dontaudit domains trying to write to .xsession-errors
2008-10-24 13:41:09 +00:00
Daniel J Walsh
3281238148
- Allow nsplugin to look at autofs_t directory
2008-10-24 12:14:54 +00:00
Daniel J Walsh
de61cc7d10
- Allow kerneloops to create tmp files
2008-10-23 12:59:31 +00:00
Daniel J Walsh
ae68d97fe5
- More alias for fastcgi
2008-10-22 13:34:13 +00:00
Daniel J Walsh
236d3cc19a
- Remove mod_fcgid-selinux package
2008-10-21 18:31:38 +00:00
Daniel J Walsh
b9e15d9766
- Fix dovecot access
2008-10-20 19:53:30 +00:00
Daniel J Walsh
49f48f4a99
- Policy cleanup
2008-10-17 22:03:34 +00:00
Daniel J Walsh
b4cab5a3eb
- Remove Multiple spec
...
- Add include
- Fix makefile to not call per_role_expansion
2008-10-16 19:56:59 +00:00
Daniel J Walsh
6115689216
- Remove Multiple spec
...
- Add include
- Fix makefile to not call per_role_expansion
2008-10-16 17:28:39 +00:00
Daniel J Walsh
4b4392dd08
- Fix labeling of libGL
2008-10-15 21:32:30 +00:00
Daniel J Walsh
4125702a20
- Update to upstream
2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9
- Update to upstream
2008-10-11 23:57:43 +00:00
Daniel J Walsh
675bbabe24
- Update to upstream policy
2008-10-09 03:10:32 +00:00
Daniel J Walsh
1062bd3849
- Fixes for confined xwindows and xdm_t
2008-10-06 19:10:48 +00:00
Daniel J Walsh
86369ef439
- Allow confined users and xdm to exec wm
...
- Allow nsplugin to talk to fifo files on nfs
2008-10-03 20:11:22 +00:00
Daniel J Walsh
f1a8278899
- Allow NetworkManager to transition to avahi and iptables
...
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:49:44 +00:00
Daniel J Walsh
b42a1eddf9
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:07:40 +00:00
Daniel J Walsh
094ef3d610
- Fix labeling for oracle
2008-10-01 19:15:34 +00:00
Daniel J Walsh
2ede4ec7ba
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
2008-10-01 12:27:11 +00:00
Daniel J Walsh
99873745bf
- Change all user tmpfs_t files to be labeled user_tmpfs_t
...
- Allow radiusd to create sock_files
2008-09-30 14:39:16 +00:00
Daniel J Walsh
b709ffd738
- Upgrade to upstream
2008-09-25 18:54:16 +00:00
Daniel J Walsh
ed32c64290
- Allow confined users to login with dbus
2008-09-23 20:14:47 +00:00
Daniel J Walsh
a80e7ac6a3
- Fix transition to nsplugin
2008-09-23 15:14:53 +00:00
Daniel J Walsh
d86efe56b9
- Fix transition to nsplugin
2008-09-22 20:07:59 +00:00
Daniel J Walsh
f0375d509e
- Add file context for /dev/mspblk.*
2008-09-22 17:55:56 +00:00
Daniel J Walsh
f77dd2c9db
- Fix transition to nsplugin '
...
Thu Sep 18 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-22 12:33:03 +00:00
Daniel J Walsh
11ef2470b7
- Fix labeling on new pm*log
...
- Allow ssh to bind to all nodes
2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58
- Fix labeling on new pm*log
...
- Allow ssh to bind to all nodes
2008-09-18 19:34:12 +00:00
Daniel J Walsh
16c3ff1596
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-12 14:21:05 +00:00
Daniel J Walsh
aca77a6f2d
- Remove gamin policy
2008-09-08 21:01:42 +00:00
Daniel J Walsh
d0d3073e2f
- Add tinyxs-max file system support
2008-09-04 20:59:27 +00:00
Daniel J Walsh
0a219fe07b
- Update to upstream
...
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
3ad3552b8a
- Allow audit dispatcher to kill his children
2008-08-29 20:54:34 +00:00
Daniel J Walsh
cd8bee594b
- Update to upstream
...
- Fix crontab use by unconfined user
2008-08-29 19:29:23 +00:00
Daniel J Walsh
7638e78556
- Allow ifconfig_t to read dhcpc_state_t
2008-08-26 14:46:43 +00:00
Daniel J Walsh
eb7e6dca5e
- Allow ifconfig_t to read dhcpc_state_t
2008-08-13 19:24:36 +00:00
Daniel J Walsh
57ae10cc0d
- Update to upstream
2008-08-12 15:06:36 +00:00
Daniel J Walsh
1a0f642074
- Update to upstream
2008-08-11 21:19:25 +00:00
Daniel J Walsh
b5d09d1532
- Update to upstream
2008-08-07 20:05:57 +00:00
Daniel J Walsh
0f1bd620e5
- Allow system-config-selinux to work with policykit
2008-08-07 12:22:07 +00:00
Daniel J Walsh
174291bc3e
- Fix novel labeling
2008-08-05 20:49:34 +00:00
Daniel J Walsh
170fa29709
- Fix novel labeling
2008-08-01 16:38:49 +00:00
Daniel J Walsh
07bd5c4abb
- Consolodate pyzor,spamassassin, razor into one security domain
...
- Fix xdm requiring additional perms.
2008-07-30 13:48:03 +00:00
Daniel J Walsh
8f2532e249
- Fixes for logrotate, alsa
2008-07-25 11:53:34 +00:00
Daniel J Walsh
f12d5b90db
- Eliminate vbetool duplicate entry
2008-07-25 04:24:01 +00:00
Daniel J Walsh
0b05335dd6
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
...
- Change dhclient to be able to red networkmanager_var_run
2008-07-24 18:19:05 +00:00
Daniel J Walsh
feefeee019
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
2008-07-17 19:53:32 +00:00
Daniel J Walsh
078ad09a44
- Update to latest refpolicy
...
- Fix libsemanage initial install bug
2008-07-15 20:06:55 +00:00
Daniel J Walsh
6ed8533082
- Update to latest refpolicy
2008-07-15 15:22:39 +00:00
Daniel J Walsh
df6220163f
- Add inotify support to nscd
2008-07-10 15:28:32 +00:00
Daniel J Walsh
6db69f086d
Add nscd inotify fix
2008-07-09 13:05:54 +00:00
Daniel J Walsh
43f9fcec3e
- Allow unconfined_t to setfcap
2008-07-08 20:14:39 +00:00
Daniel J Walsh
273a44c689
- Allow amanda to read tape
...
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems
2008-07-07 17:56:28 +00:00
Daniel J Walsh
258b00e5b7
- Allow ypbind apps to net_bind_service
2008-07-03 20:14:23 +00:00
Daniel J Walsh
75edec44e7
- Allow all system domains and application domains to append to any log
...
file
2008-07-02 20:45:43 +00:00
Daniel J Walsh
cd60b64c83
- Allow gdm to read rpm database
...
- Allow nsplugin to read mplayer config files
2008-06-30 21:12:23 +00:00
Daniel J Walsh
c18681476b
- Allow vpnc to run ifconfig
2008-06-26 12:12:35 +00:00
Daniel J Walsh
f86ed5a437
- Allow confined users to use postgres
...
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server
2008-06-24 11:14:04 +00:00
Daniel J Walsh
547aa2a382
- Apply unconfined_execmem_exec_t to haskell programs
2008-06-23 12:20:04 +00:00
Daniel J Walsh
6959e0bb76
- Fix prelude file context
2008-06-23 00:55:21 +00:00
Daniel J Walsh
fe0d467c2b
- allow hplip to talk dbus
...
- Fix context on ~/.local dir
2008-06-22 12:22:25 +00:00
Daniel J Walsh
f4ff8bb944
- Prevent applications from reading x_device
2008-06-12 19:57:12 +00:00
Daniel J Walsh
5608a9da69
- Add /var/lib/selinux context
2008-06-12 18:44:52 +00:00
Daniel J Walsh
af0f735167
- Update to upstream
2008-06-12 14:50:00 +00:00
Daniel J Walsh
c5c253fae5
- Update to upstream
2008-06-11 19:01:26 +00:00
Daniel J Walsh
f513c7b90b
- Add livecd policy
2008-06-10 19:34:59 +00:00
Daniel J Walsh
15f71c5d61
- Add livecd policy
2008-06-04 17:26:52 +00:00
Daniel J Walsh
91ec07f1df
- Dontaudit search of admin_home for init_system_domain
...
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac
2008-06-04 12:57:43 +00:00
Daniel J Walsh
80e0b808d5
- Begin XAce integration
2008-06-03 20:27:28 +00:00
Daniel J Walsh
081b6ac47e
- Merge Upstream
2008-06-02 18:56:05 +00:00
Daniel J Walsh
2e33f7ba70
- Merge Upstream
2008-06-02 17:10:33 +00:00
Daniel J Walsh
4b7f030014
Update for rawhide
2008-05-19 13:02:56 +00:00
Daniel J Walsh
993c27dacb
- Allow amanada to create data files
2008-05-07 19:10:59 +00:00
Daniel J Walsh
6c25b428ce
- Remove dmesg boolean
...
- Allow user domains to read/write game data
2008-05-06 17:01:42 +00:00
Daniel J Walsh
86881dd93f
- Change unconfined_t to transition to unconfined_mono_t when running mono
...
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so
gnome-do will work
2008-04-29 16:05:11 +00:00
Daniel J Walsh
2d8ff5157a
- Remove old booleans from targeted-booleans.conf file
2008-04-28 21:24:59 +00:00
Daniel J Walsh
b4e933120a
- Don't run crontab from unconfined_t
2008-04-24 21:08:32 +00:00
Daniel J Walsh
ef5e600999
- Don't run crontab from unconfined_t
2008-04-24 19:41:22 +00:00
Daniel J Walsh
4b1d56da14
- Change etc files to config files to allow users to read them
2008-04-23 14:15:54 +00:00
Daniel J Walsh
a6a82aec79
- dontaudit mrtg reading /proc
...
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace
2008-04-15 20:27:09 +00:00
Daniel J Walsh
5896bad9cf
2008-04-14 20:01:48 +00:00
Daniel J Walsh
bb36d75512
2008-04-11 18:58:08 +00:00
Daniel J Walsh
06686c20a2
- Allow dhcpd to read kernel network state
2008-04-10 19:45:47 +00:00
Daniel J Walsh
41625a26ea
- Label /var/run/gdm correctly
...
- Fix unconfined_u user creation
2008-04-10 14:37:57 +00:00
Daniel J Walsh
254e3c7af3
- Allow transition from initrc_t to getty_t
2008-04-08 20:14:36 +00:00
Daniel J Walsh
5a576e06f0
- Allow passwd to communicate with user sockets to change gnome-keyring
2008-04-08 19:17:28 +00:00
Daniel J Walsh
7f851af8d9
- Fix initial install
2008-04-08 03:17:46 +00:00
Daniel J Walsh
c3c4a525c2
-
2008-04-06 12:06:47 +00:00
Daniel J Walsh
27943de6a0
- Allow radvd to use fifo_file
...
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
the boolean is set
2008-04-05 10:39:06 +00:00
Daniel J Walsh
c66f2bc425
- Allow nsplugin to read /etc/mozpluggerrc, user_fonts
...
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t
2008-04-01 09:21:21 +00:00
Daniel J Walsh
294ea7a213
- Allow initrc_t to dbus chat with consolekit.
2008-03-29 18:36:09 +00:00
Daniel J Walsh
e54cb216a8
- Additional access for nsplugin
...
- Allow xdm setcap/getcap until pulseaudio is fixed
2008-03-28 22:07:45 +00:00
Daniel J Walsh
f70afcdd9e
- Allow mount to mkdir on tmpfs
...
- Allow ifconfig to search debugfs
2008-03-26 06:17:27 +00:00
Daniel J Walsh
bf3d39e959
- Fix file context for MATLAB
...
- Fixes for xace
2008-03-21 23:24:11 +00:00
Daniel J Walsh
5ea3f10caf
- Allow stunnel to transition to inetd children domains
...
- Make unconfined_dbusd_t an unconfined domain
2008-03-20 16:11:16 +00:00
Daniel J Walsh
94b7be909e
2008-03-18 21:10:02 +00:00
Daniel J Walsh
ba9e5e8244
- Fixes for qemu/virtd
2008-03-17 21:42:05 +00:00
Daniel J Walsh
97081dcb9d
- Fix bug in mozilla policy to allow xguest transition
...
- This will fix the
2008-03-14 21:17:21 +00:00
Daniel J Walsh
a6e1280791
- Fix bug in mozilla policy to allow xguest transition
...
- This will fix the
2008-03-14 21:13:24 +00:00
Daniel J Walsh
d593d26c1d
- Allow nsplugin to run acroread
2008-03-14 15:59:07 +00:00
Daniel J Walsh
987b10f86d
- Add cups_pdf policy
...
- Add openoffice policy to run in xguest
2008-03-14 00:25:00 +00:00
Daniel J Walsh
7f811bf534
- prewika needs to contact mysql
...
- Allow syslog to read system_map files
2008-03-13 12:58:25 +00:00
Daniel J Walsh
ceda8feb68
- Change init_t to an unconfined_domain
2008-03-12 12:39:48 +00:00
Daniel J Walsh
0879f489ab
- Allow init to transition to initrc_t on shell exec.
...
- Fix init to be able to sendto init_t.
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
- More mls fixes
2008-03-12 01:10:44 +00:00
Bill Nottingham
110bce3a29
fixes for init, rhgb. also, fix the build
2008-03-11 22:46:00 +00:00
Daniel J Walsh
2041ac3d49
- Additional changes for MLS policy
2008-03-10 20:58:06 +00:00
Daniel J Walsh
1bf67d57ed
- Fix initrc_context generation for MLS
2008-03-06 22:25:06 +00:00
Daniel J Walsh
dc57e68eff
- Fixes for libvirt
2008-03-05 23:11:52 +00:00
Daniel J Walsh
5947905ef9
- Allow bitlebee to read locale_t
2008-03-04 21:38:18 +00:00
Daniel J Walsh
d8c160273b
- More xselinux rules
2008-02-29 22:33:22 +00:00
Daniel J Walsh
9a0f35b9ad
- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t
2008-02-29 22:18:30 +00:00
Daniel J Walsh
338714fc7f
-
2008-02-28 21:51:10 +00:00
Daniel J Walsh
b7229ad8bb
- Prepare policy for beta release
...
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 05:01:51 +00:00
Daniel J Walsh
40ce26840e
- Prepare policy for beta release
...
- Change some of the system domains back to unconfined
- Turn on some of the booleans
2008-02-28 04:35:56 +00:00
Daniel J Walsh
533c755e4d
- Allow nsplugin_config execstack/execmem
...
- Allow nsplugin_t to read alsa config
- Change apache to use user content
2008-02-28 03:32:23 +00:00
Daniel J Walsh
c092cc1478
- Add cyphesis policy
2008-02-26 23:02:51 +00:00
Daniel J Walsh
063999dd85
2008-02-26 19:24:53 +00:00
Daniel J Walsh
27b2b09ffe
-
2008-02-26 16:15:00 +00:00
Daniel J Walsh
f75033d612
- Update to upstream fixes
2008-02-26 13:45:23 +00:00
Daniel J Walsh
5ca2ff99b6
- Add xace support
2008-02-22 20:32:52 +00:00
Daniel J Walsh
8bd036a289
- Add fusectl file system
2008-02-21 19:43:52 +00:00
Daniel J Walsh
541ba8edec
- Fixes from yum-cron
...
- Update to latest upstream
2008-02-20 18:52:50 +00:00
Daniel J Walsh
e5acebe58c
2008-02-20 18:30:31 +00:00
Daniel J Walsh
306393505f
- Fix userdom_list_user_files
2008-02-19 22:20:15 +00:00
Daniel J Walsh
eb3e9fbc68
- Merge with upstream
2008-02-18 21:31:18 +00:00
Daniel J Walsh
7e1e7bed89
- Allow udev to send audit messages
2008-02-14 21:05:32 +00:00
Daniel J Walsh
9870c64ba7
- Add additional login users interfaces
...
- userdom_admin_login_user_template(staff)
2008-02-13 22:13:58 +00:00
Daniel J Walsh
49295b262f
- More fixes for polkit
2008-02-12 18:41:35 +00:00
Daniel J Walsh
ebe074be56
- More fixes for polkit
2008-02-11 22:53:26 +00:00
Daniel J Walsh
57ac1cab83
- Update to upstream
2008-02-06 21:47:42 +00:00
Daniel J Walsh
4637b67d50
- Fixes for staff_t
2008-02-05 21:25:09 +00:00
Daniel J Walsh
b53db53c9f
- Add policy for kerneloops
...
- Add policy for gnomeclock
2008-02-05 18:31:25 +00:00
Daniel J Walsh
881d64a16e
- Fixes for libvirt
2008-02-04 21:41:59 +00:00
Daniel J Walsh
60c693e546
- Fixes for nsplugin
2008-02-03 13:39:47 +00:00
Daniel J Walsh
11ac4bcde1
- Additional ports for vnc and allow qemu and libvirt to search all
...
directories
2008-02-02 15:42:44 +00:00
Daniel J Walsh
b19d470cd4
- Update to upstream
...
- Add libvirt policy
- add qemu policy
2008-02-02 06:30:04 +00:00
Daniel J Walsh
e1060e24d5
- Allow fail2ban to create a socket in /var/run
2008-02-01 13:49:05 +00:00
Daniel J Walsh
59d6fbb642
- Allow allow_httpd_mod_auth_pam to work
2008-01-31 20:59:05 +00:00
Daniel J Walsh
7c124f5e42
- Allow allow_httpd_mod_auth_pam to work
2008-01-31 19:32:51 +00:00
Daniel J Walsh
f18a882ba5
- Add audisp policy and prelude
2008-01-30 21:34:13 +00:00
Daniel J Walsh
0f70114e58
- Allow all user roles to executae samba net command
2008-01-30 13:56:22 +00:00
Daniel J Walsh
7c2be34d14
- Allow usertypes to read/write noxattr file systems
2008-01-28 16:48:49 +00:00
Daniel J Walsh
7c7d59935b
- Fix nsplugin to allow flashplugin to work in enforcing mode
2008-01-24 18:12:25 +00:00
Daniel J Walsh
0939872058
- Allow pam_selinux_permit to kill all processes
2008-01-23 18:24:12 +00:00
Daniel J Walsh
cc5bb89ef0
- Allow ptrace or user processes by users of same type
...
- Add boolean for transition to nsplugin
2008-01-22 19:46:50 +00:00
Daniel J Walsh
ef19b75773
- Allow nsplugin sys_nice, getsched, setsched
2008-01-22 17:35:34 +00:00
Daniel J Walsh
b3c8a04083
- Allow login programs to talk dbus to oddjob
2008-01-21 21:42:26 +00:00
Daniel J Walsh
98f84cb0ed
- Add procmail_log support
...
- Lots of fixes for munin
2008-01-21 15:57:25 +00:00
Daniel J Walsh
e26fef9ac3
- Allow setroubleshoot to read policy config and send audit messages
2008-01-15 20:43:04 +00:00
Daniel J Walsh
8a40d69539
- Allow users to execute all files in homedir, if boolean set
...
- Allow mount to read samba config
2008-01-14 19:47:11 +00:00
Daniel J Walsh
27c7d85aab
- Fixes for xguest to run java plugin
2008-01-13 14:01:50 +00:00
Daniel J Walsh
4be3ba520d
- dontaudit pam_t and dbusd writing to user_home_t
2008-01-11 19:45:47 +00:00
Daniel J Walsh
5baf53aabd
- Update gpg to allow reading of inotify
2008-01-08 19:58:56 +00:00
Daniel J Walsh
a502c55197
- Change user and staff roles to work correctly with varied perms
2008-01-03 22:13:09 +00:00
Daniel J Walsh
c64ec27caa
- Fix munin log,
...
- Eliminate duplicate mozilla file context
- fix wpa_supplicant spec
2007-12-31 21:47:39 +00:00
Daniel J Walsh
88ae3f5e0c
- Fix role transition from unconfined_r to system_r when running rpm
...
- Allow unconfined_domains to communicate with user dbus instances
2007-12-30 15:12:11 +00:00
Daniel J Walsh
5d13344539
- Fix role transition fro unconfined_r to system_r when running rpm
2007-12-24 12:01:17 +00:00
Daniel J Walsh
0ec33db4ff
- Let all uncofined domains communicate with dbus unconfined
2007-12-21 07:58:04 +00:00
Daniel J Walsh
673eaaeafb
- Run rpm in system_r
2007-12-20 21:26:31 +00:00
Daniel J Walsh
5615fe1b3d
- Zero out customizable types
2007-12-19 21:45:51 +00:00
Daniel J Walsh
9a2cf87457
- Fix definiton of admin_home_t
2007-12-19 10:42:06 +00:00
Daniel J Walsh
2f257cb996
- Fix munin file context
2007-12-19 09:27:15 +00:00
Daniel J Walsh
91c2fa9d31
- Allow cron to run unconfined apps
2007-12-18 13:59:31 +00:00
Daniel J Walsh
99d3676891
- Modify default login to unconfined_u
2007-12-17 22:49:08 +00:00
Daniel J Walsh
4d59c29e33
- Dontaudit dbus user client search of /root
2007-12-14 12:40:39 +00:00
Daniel J Walsh
5928688f61
- Dontaudit dbus user client search of /root
2007-12-13 22:42:22 +00:00
Daniel J Walsh
76e3401243
- Update to upstream
2007-12-13 18:44:18 +00:00
Daniel J Walsh
4c6f2dd6a3
- Fixes for polkit
...
- Allow xserver to ptrace
2007-12-12 14:53:07 +00:00
Daniel J Walsh
7dfe3eb3ef
- Add polkit policy
...
- Symplify userdom context, remove automatic per_role changes
2007-12-11 06:08:33 +00:00
Daniel J Walsh
a1341a85df
- Update to upstream
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-06 21:37:36 +00:00
Daniel J Walsh
02654b8fb4
- Update to upstream
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:19:13 +00:00
Daniel J Walsh
d195fc7e87
- Update to upstreamddddddddddddd
...
- Allow httpd_sys_script_t to search users homedirs
2007-12-05 03:11:46 +00:00
Daniel J Walsh
320f3e6459
- Allow rpm_script to transition to unconfined_execmem_t
2007-12-04 00:15:27 +00:00
Daniel J Walsh
3b47cb03b7
Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> 3.2.1-1
...
- Remove user based home directory separation
2007-12-03 00:15:23 +00:00
Daniel J Walsh
9186dc57d9
- Remove user based home directory separation
2007-11-30 22:33:18 +00:00
Daniel J Walsh
3a54e4809f
- Remove user specific crond_t
2007-11-28 16:56:57 +00:00
Daniel J Walsh
0fffbad8de
- Merge with upstream
...
- Allow xsever to read hwdata_t
- Allow login programs to setkeycreate
2007-11-26 15:40:45 +00:00
Daniel J Walsh
ddf4ec413f
- Update to upstream
2007-11-19 20:09:32 +00:00
Daniel J Walsh
7330e86b90
- Update to upstream
2007-11-10 14:14:41 +00:00
Daniel J Walsh
36404444a8
- Update to upstream
2007-11-07 19:42:24 +00:00
Daniel J Walsh
fa0d1c8884
- Update to upstream
2007-10-23 23:13:09 +00:00
Daniel J Walsh
d0649e9167
- Allow XServer to read /proc/self/cmdline
2007-10-22 14:27:29 +00:00
Daniel J Walsh
30dfdc7f05
- Fixes for hald_mac
...
- Treat unconfined_home_dir_t as a home dir
- dontaudit rhgb writes to fonts and root
2007-10-19 21:21:40 +00:00
Daniel J Walsh
3375c34d9a
- Fix dnsmasq
...
- Allow rshd full login privs
2007-10-19 15:01:30 +00:00
Daniel J Walsh
6455c9d6b5
- Allow rshd to connect to ports > 1023
2007-10-18 22:33:41 +00:00
Daniel J Walsh
953fd14b2e
- Fix vpn to bind to port 4500
...
- Allow ssh to create shm
- Allow rshd to bind to ports > 1023
- Add Kismet policy
2007-10-18 22:00:35 +00:00
Daniel J Walsh
ccf8a72ae3
- Fix vpn to bind to port 4500
...
- Allow ssh to create shm
- Allow rshd to bind to ports > 1023
2007-10-18 21:33:00 +00:00
Daniel J Walsh
b4ed6dbce0
- Allow rpm to chat with networkmanager
2007-10-17 03:51:04 +00:00
Daniel J Walsh
9185bf2fee
- Pass the UNK_PERMS param to makefile
...
- Fix gdm location
2007-10-13 14:15:08 +00:00
Daniel J Walsh
c27b2bd6ae
- Make alsa work
2007-10-11 18:57:00 +00:00
Daniel J Walsh
28021c8d41
- Fixes for consolekit and startx sessions
2007-10-09 20:53:38 +00:00
Daniel J Walsh
7a91e89abe
- Dontaudit consoletype talking to unconfined_t
2007-10-08 15:32:19 +00:00
Daniel J Walsh
8fd9df6414
- Remove homedir_template
2007-10-05 19:47:10 +00:00
Daniel J Walsh
922f646a26
- Remove homedir_template
2007-10-05 11:43:46 +00:00
Daniel J Walsh
24ccb8b103
- Check asound.state
2007-10-04 14:34:02 +00:00
Daniel J Walsh
492612d339
- Fix exim policy
2007-10-01 21:20:16 +00:00
Daniel J Walsh
1ffa684823
- Allow tmpreadper to read man_t
...
- Allow racoon to bind to all nodes
- Fixes for finger print reader
2007-10-01 17:03:12 +00:00
Daniel J Walsh
7c1c1729f9
- Allow xdm to talk to input device (fingerprint reader)
...
- Allow octave to run as java
2007-09-26 22:01:27 +00:00
Daniel J Walsh
d770c53fe9
- Allow login programs to set ioctl on /proc
2007-09-25 15:03:25 +00:00
Daniel J Walsh
fb11ad6653
- Allow nsswitch apps to read samba_var_t
2007-09-25 13:30:08 +00:00
Daniel J Walsh
f5018f18f8
- Fix maxima
2007-09-24 20:26:12 +00:00
Daniel J Walsh
d83ea801ac
- Eliminate rpm_t:fifo_file avcs
...
- Fix dbus path for helper app
2007-09-24 14:18:57 +00:00
Daniel J Walsh
6c319e4011
- Fix service start stop terminal avc's
2007-09-22 12:15:13 +00:00
Daniel J Walsh
ec4fb1ce99
- Allow also to search var_lib
...
- New context for dbus launcher
2007-09-21 23:46:18 +00:00
Daniel J Walsh
347ff1a0c3
- Allow cupsd_config_t to read/write usb_device_t
...
- Support for finger print reader,
- Many fixes for clvmd
- dbus starting networkmanager
2007-09-21 20:21:36 +00:00
Daniel J Walsh
07e28d136d
- Fix java and mono to run in xguest account
2007-09-20 22:30:51 +00:00
Daniel J Walsh
a9d4b80f50
- Fix to add xguest account when inititial install
...
- Allow mono, java, wine to run in userdomains
2007-09-20 17:21:13 +00:00
Daniel J Walsh
c67a1217e2
- Fix to add xguest account when inititial install
2007-09-20 14:58:12 +00:00
Daniel J Walsh
d90a3db27d
- Allow xserver to search devpts_t
...
- Dontaudit ldconfig output to homedir
2007-09-20 14:39:14 +00:00
Daniel J Walsh
21c534bcb9
- Allow xserver to search devpts_t
...
- Dontaudit ldconfig output to homedir
2007-09-19 17:40:59 +00:00
Daniel J Walsh
7ff410d3bc
- Remove hplip_etc_t change back to etc_t.
2007-09-19 01:11:31 +00:00
Daniel J Walsh
1a3fe36b5c
- Allow cron to search nfs and samba homedirs
2007-09-17 23:26:58 +00:00
Daniel J Walsh
babb3641bd
- Allow NetworkManager to dbus chat with yum-updated
2007-09-11 20:05:08 +00:00
Daniel J Walsh
bf7f975f77
- Allow xfs to bind to port 7100
2007-09-11 16:07:47 +00:00
Daniel J Walsh
25d586808d
- Allow newalias/sendmail dac_override
...
- Allow bind to bind to all udp ports
2007-09-10 22:02:06 +00:00
Daniel J Walsh
4eaf5c6dc6
- Turn off direct transition
2007-09-07 20:26:11 +00:00
Daniel J Walsh
c7e443c95c
- Allow wine to run in system role
2007-09-07 19:03:11 +00:00
Daniel J Walsh
37d6a1ce3f
- Fix java labeling
2007-09-06 23:34:02 +00:00
Daniel J Walsh
07b8680835
- Define user_home_type as home_type
2007-09-06 15:00:00 +00:00
Daniel J Walsh
601f0f04ee
- Allow sendmail to create etc_aliases_t
2007-09-06 02:24:18 +00:00
Daniel J Walsh
bea5486254
- Allow sendmail to create etc_aliases_t
2007-09-05 21:30:18 +00:00
Daniel J Walsh
bc85a6bb23
- Allow login programs to read symlinks on homedirs
2007-08-28 15:35:11 +00:00
Daniel J Walsh
e8b5993e52
- Update an readd modules
2007-08-27 21:43:05 +00:00
Daniel J Walsh
7f9951d4d3
- Cleanup spec file
2007-08-24 21:38:11 +00:00
Daniel J Walsh
d9f447990b
- Cleanup spec file
2007-08-24 21:30:17 +00:00
Daniel J Walsh
b865b8b32e
- Cleanup spec file
2007-08-24 21:21:56 +00:00
Daniel J Walsh
53f81916e1
- Cleanup spec file
2007-08-24 21:09:44 +00:00
Daniel J Walsh
3012ab200b
- Cleanup spec file
2007-08-24 20:44:19 +00:00
Daniel J Walsh
d83af23b7d
- Cleanup spec file
2007-08-24 19:52:40 +00:00
Daniel J Walsh
3b13a834c7
- Allow xserver to be started by unconfined process and talk to tty
2007-08-24 14:20:35 +00:00
Daniel J Walsh
95bbe5cff0
- Upgrade to upstream to grab postgressql changes
2007-08-23 14:07:25 +00:00
Daniel J Walsh
77a22067be
- Add setransd for mls policy
2007-08-22 14:46:21 +00:00