Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Fix typo.
Squash me with f7691806b4a54f3debfabaa403e1472acc17427e
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Squash with 84812bc8dd814709734c2b6d1ef2ff2b84adc35d
Syntax error.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
XML summary fixes.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
This is a role capability.
This is a role capability.
This is a role capability.
This is a role capability.
This is a role capability.
This is a role capability.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.
Allow users to prtrace and send any signal to their cron job.
Allow users to prtrace and send any signal to their cron job.
Allow users to prtrace and send any signal to their cron job.
Allow users to ps, ptrace and send any signal to their session bus.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
This is a role capability.
This is a role capability.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This is a role capability.
This is a role capability.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
Signed-off-by: Dominick Grift <domg472@gmail.com>
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use permission sets where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Access to get attributes of target privoxy_t domain is included with ps_process_pattern.
Access to get attributes of target radiusd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.
Allow postgresql admin to search parent directories to be able to manage postgresql content.
Allow prelude_admin to search parent directories to be able to manage prelude content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.
Access to get attributes of target asterisk_t domain is included with ps_process_pattern.
Permission to get attributes of target automount_t domain is included with ps_process_pattern.
Access to get attributes of target ntpd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.
Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Allow hugetlbfs_t to be on device_t file system
Fix for ajaxterm policy
Fix type in dbus_delete_pid_files
Change openvpn to only allow search of users home dir
cleanup of nsplugin interface definition
Latest pm-utils is causing lots of domains to see a leaked lock file
I want mplayer to run as unconfined_execmem_t
mountpoint is causing dbus and init apps to getattr on all filesystems directories
Miroslav update dkim-milter
NetworkManager dbus chats with init
Allow apps that can read user_fonts_t to read the symbolic link
udev needs to manage etc_t
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fprintd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
Add mozilla_plugin_tmp_t
Allow mozilla_plugin to interact with pulseaudio tmpfs_t
Add apache labels for poodle
Add boolean to allow apache to connect to memcache_port
nagious sends signal and sigkill to system_mail_t