Commit Graph

3159 Commits

Author SHA1 Message Date
Dominick Grift
1b39decc10 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.
2010-09-23 14:59:22 +02:00
Dominick Grift
8725d6334d This permission is already allowed by included mmap_file_perms. 2010-09-23 14:55:33 +02:00
Dominick Grift
11ad1dae65 Source is postdrop and not local. Moving to postdrop local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
a7b40a9c25 Internal interaction goes before external interface calls. 2010-09-23 14:55:33 +02:00
Dominick Grift
f6e8660dcb These are not declarations move them to local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
9bd88470ac Redundant: All domains are allowed this access by default. 2010-09-23 14:52:41 +02:00
Dominick Grift
6d185571f2 Location /usr/libsexec/sesh does not exist. sesh is in /usr/libexec/sesh. 2010-09-23 14:49:38 +02:00
Dominick Grift
46d410612e Looks like /usr/bin/git-shell and /usr/libexec/git-core/git-shell are hard-linked. This causes conflicting filespecs (shell_exec_t for /usr/bin/git-shell and bin_t for /usr/libexec/git-core/git-shell)
Specify shell_exec_t for /usr/libexec/git-core/git-shell.
2010-09-23 14:49:38 +02:00
Dominick Grift
a8fbd94d6c Reduntant: Included init_daemon_domain already has this. 2010-09-23 14:48:05 +02:00
Dan Walsh
5d82597463 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-22 16:46:04 -04:00
Dan Walsh
6ed3f15e82 Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc
Allow shutdown to write utmp and search /var/log
Allow mozilla_plugin to send nsplugin signals
Split out samba_run_unconfined_net from unconfined_domain stuff.  TO allow unconfined.pp module to be removed
Allow nrpe to send signal and sigkill to the plugins
Fix up xguest to allow it to read hwdata and gconf_etc_t
Allow initrc_t to manage faillog
2010-09-22 16:42:32 -04:00
Dominick Grift
148e08d34f XML summary fixes.
XML summary fixes.
2010-09-22 15:41:46 +02:00
Dominick Grift
3a3e7db078 Use filetrans_pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
44f8aa190c Use stream connect pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
8bde5ef68b Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-22 15:41:46 +02:00
Dominick Grift
96d3c0d35c Make git daemon executable file an application executable file. 2010-09-22 15:41:46 +02:00
Dominick Grift
08c4bb080f Search parent directory to be able to interact with targets content. 2010-09-22 15:41:45 +02:00
Dominick Grift
38039abcd1 These interface calls are more suitable here. Also should rename boolean to ftpd_network_connect_db and possibly split mysql and postgresql. 2010-09-22 15:41:45 +02:00
Dominick Grift
02687a7034 Move calls to external interfaces below policy that governs internal interaction.
Move calls to external interfaces below policy that governs internal interaction.
2010-09-22 15:41:45 +02:00
Dominick Grift
d542026b86 The capability IPC goes on top of the local policy.
The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.
2010-09-22 15:41:45 +02:00
Dominick Grift
b952f9532a This is a duplicate declaration.
This is a duplicate declaration.
2010-09-22 15:41:45 +02:00
Dominick Grift
ef521e9919 Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
2010-09-22 15:41:43 +02:00
Dominick Grift
68ac47d8c5 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:41:42 +02:00
Dominick Grift
0bdd855157 This is not required here. 2010-09-22 15:39:46 +02:00
Dominick Grift
82c971533a Youre not allowed to directly use external types. 2010-09-22 15:39:46 +02:00
Dominick Grift
59c544a437 Redundant: All deamons are already allowed this access by default. 2010-09-22 15:39:46 +02:00
Dominick Grift
edcc8aa20d Redundant: Included init_daemon_domain already has this. 2010-09-22 15:39:44 +02:00
Dominick Grift
1dfc76f76b Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-22 15:39:43 +02:00
Dominick Grift
9a0f7994cb Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:35:31 +02:00
Dominick Grift
9c7f2af2ed Redundant: Is already permitted by included rw_chr_file_perms. 2010-09-22 15:35:29 +02:00
Dominick Grift
72ba80bf88 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-22 15:35:28 +02:00
Miroslav Grepl
b0a5fc3c27 Allow boinc projects to execute java 2010-09-21 16:03:36 +02:00
Dominick Grift
fc0d3d55f8 Merge branch 'base' 2010-09-21 13:57:06 +02:00
Dominick Grift
f262674898 Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
2010-09-21 13:50:00 +02:00
Dominick Grift
612346475b XML summary fixes.
XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.
2010-09-21 13:50:00 +02:00
Dominick Grift
0eef2ca0f7 Use brace extension where possible.
Use brace extension where possible.
2010-09-21 13:50:00 +02:00
Dominick Grift
69d1431276 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-21 13:50:00 +02:00
Dominick Grift
5ce19e3980 Type zarafa_server_t is not a file type. 2010-09-21 13:50:00 +02:00
Dominick Grift
e130679fa0 This is a role capability.
This is a role capability.

This is a role capability.
2010-09-21 13:50:00 +02:00
Dominick Grift
7bc4e83ea9 Redundant: Included files_search_var_lib already permits access to list generic var directories. 2010-09-21 13:50:00 +02:00
Dominick Grift
ddbd71a506 Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.
2010-09-21 13:49:59 +02:00
Dominick Grift
5a98a53ade Missing required type. 2010-09-21 13:49:59 +02:00
Dominick Grift
d696185c23 Use stream connect pattern. 2010-09-21 13:49:59 +02:00
Dominick Grift
b85c14f0b0 Allow users to ptrace and send any signal to their pyzor agent.
Allow users to ptrace and send any signal to their razor agent.
2010-09-21 13:49:59 +02:00
Dominick Grift
6cd6ed35bd Use ps_process_pattern to read state. 2010-09-21 13:49:59 +02:00
Dominick Grift
2a724571c9 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-21 13:49:58 +02:00
Dominick Grift
3507be9506 Move this to were the other is and where it should be.
Move this to were the other is and where it should be.
2010-09-21 13:47:31 +02:00
Dominick Grift
2528a2d701 Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.
2010-09-21 13:47:30 +02:00
Dominick Grift
b46b3ad67f Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.
2010-09-21 13:16:29 +02:00
Dominick Grift
30bbb6a533 This is not a role capability. 2010-09-21 13:16:29 +02:00