Commit Graph

605 Commits

Author SHA1 Message Date
Daniel J Walsh
d83af23b7d - Cleanup spec file 2007-08-24 19:52:40 +00:00
Daniel J Walsh
3b13a834c7 - Allow xserver to be started by unconfined process and talk to tty 2007-08-24 14:20:35 +00:00
Daniel J Walsh
95bbe5cff0 - Upgrade to upstream to grab postgressql changes 2007-08-23 14:07:25 +00:00
Daniel J Walsh
77a22067be - Add setransd for mls policy 2007-08-22 14:46:21 +00:00
Daniel J Walsh
c77aca56ae - Add setransd for mls policy 2007-08-21 20:08:22 +00:00
Daniel J Walsh
4f23c46830 - Add ldconfig_cache_t 2007-08-20 23:02:30 +00:00
Daniel J Walsh
b4ae7d845a - Allow sshd to write to proc_t for afs login 2007-08-20 22:15:46 +00:00
Daniel J Walsh
f012074e0f - Allow xserver access to urand 2007-08-18 11:54:11 +00:00
Daniel J Walsh
7f6883ca6e - allow dovecot to search mountpoints 2007-08-15 00:55:49 +00:00
Daniel J Walsh
0354c22269 - Fix Makefile for building policy modules 2007-08-11 11:18:09 +00:00
Daniel J Walsh
60a9ef60f0 - Fix dhcpc startup of service 2007-08-10 20:04:48 +00:00
Daniel J Walsh
bf33202534 - Fix dbus chat to not happen for xguest and guest users 2007-08-10 16:10:27 +00:00
Daniel J Walsh
d44a393484 - Fix nagios cgi
- allow squid to communicate with winbind
2007-08-09 19:18:57 +00:00
Daniel J Walsh
1a12c251ca - Fixes for ldconfig 2007-08-06 21:33:36 +00:00
Daniel J Walsh
d8c8b2b904 - Update from upstream 2007-08-03 20:38:28 +00:00
Daniel J Walsh
f9778219aa - Update from upstream 2007-08-03 19:53:44 +00:00
Daniel J Walsh
25a75469ff - Update from upstream 2007-08-03 19:26:04 +00:00
Daniel J Walsh
4ce75b7cd5 - Fix new usb devices and dmfm 2007-08-01 17:13:35 +00:00
Daniel J Walsh
8239a93362 - Fix new usb devices and dmfm 2007-08-01 16:03:23 +00:00
Daniel J Walsh
6d2e7d5ebb - Eliminate mount_ntfs_t policy, merge into mount_t 2007-07-31 20:51:43 +00:00
Daniel J Walsh
47a35fa722 - Eliminate mount_ntfs_t policy, merge into mount_t 2007-07-31 17:53:29 +00:00
Daniel J Walsh
07351eb493 - Allow xserver to write to ramfs mounted by rhgb 2007-07-30 14:37:54 +00:00
Daniel J Walsh
9c038630bf - Add context for dbus machine id 2007-07-27 18:21:35 +00:00
Daniel J Walsh
2fac1d6655 - Update with latest changes from upstream 2007-07-26 17:54:24 +00:00
Daniel J Walsh
24acabce75 - Fix prelink to handle execmod 2007-07-24 20:47:24 +00:00
Daniel J Walsh
0f8f545d1a - Fix prelink to handle execmod 2007-07-24 14:39:01 +00:00
Daniel J Walsh
e0ae206813 - Add ntpd_key_t to handle secret data 2007-07-23 20:34:22 +00:00
Daniel J Walsh
2ced404c55 - Add anon_inodefs
- Allow unpriv user exec pam_exec_t
- Fix trigger
2007-07-23 16:00:09 +00:00
Daniel J Walsh
779d23c7e4 - Allow cups to use generic usb
- fix inetd to be able to run random apps (git)
2007-07-20 15:13:37 +00:00
Daniel J Walsh
908512cccc - Add proper contexts for rsyslogd 2007-07-19 20:55:20 +00:00
Daniel J Walsh
297dd1a900 - Allow execution of gconf 2007-07-19 14:45:16 +00:00
Daniel J Walsh
1d03199c5e - Fix moilscanner update problem 2007-07-14 12:56:45 +00:00
Daniel J Walsh
7e3506426b - Begin adding policy to separate setsebool from semanage
- Fix xserver.if definition to not break sepolgen.if
2007-07-12 21:37:30 +00:00
Daniel J Walsh
16d9531977 - Fix xserver.if definition to not break sepolgen.if 2007-07-12 14:44:32 +00:00
Daniel J Walsh
2796de2a45 - Add new devices 2007-07-11 20:45:02 +00:00
Daniel J Walsh
154d8231c3 - Add brctl policy 2007-07-11 19:44:56 +00:00
Daniel J Walsh
501a17b8b2 - Fix root login to include system_r 2007-07-06 19:23:20 +00:00
Daniel J Walsh
35e7f77fea - Allow prelink to read kernel sysctls 2007-07-06 19:09:19 +00:00
Daniel J Walsh
af677794a8 - Default to user_u:system_r:unconfined_t 2007-07-03 19:20:47 +00:00
Daniel J Walsh
b267b6f201 - Default to user_u:system_r:unconfined_t 2007-07-02 20:32:38 +00:00
Daniel J Walsh
b529ed6a06 - Default to user_u:system_r:unconfined_t 2007-07-02 15:00:50 +00:00
Daniel J Walsh
2fdb5fd7c6 - fix squid
- Fix rpm running as uid
2007-07-02 01:58:41 +00:00
Daniel J Walsh
b786a2b04a - Fix syslog declaration 2007-06-27 19:48:33 +00:00
Daniel J Walsh
7f44213c00 - Allow avahi to access inotify
- Remove a lot of bogus security_t:filesystem avcs
2007-06-27 18:12:03 +00:00
Daniel J Walsh
269acb5ee8 - Remove ifdef strict policy from upstream 2007-06-26 12:09:30 +00:00
Daniel J Walsh
a4ec9b75e1 - Remove ifdef strict policy from upstream 2007-06-22 19:21:00 +00:00
Daniel J Walsh
56187c2f8a - Remove ifdef strict policy from upstream 2007-05-31 18:40:35 +00:00
Daniel J Walsh
bdb830255c - Fix for amands
- Allow semanage to read pp files
- Allow rhgb to read xdm_xserver_tmp
2007-05-23 18:35:37 +00:00
Daniel J Walsh
346d2dccfd 2007-05-21 18:54:40 +00:00
Daniel J Walsh
9ffb88eba3 - allow alsactl to read kernel state 2007-05-17 17:16:26 +00:00
Daniel J Walsh
fc35770056 - More fixes for alsactl
- Transition from hal and modutils
- Fixes for suspend resume.
- insmod domtrans to alsactl
- insmod writes to hal log
2007-05-16 22:13:23 +00:00
Daniel J Walsh
88c8465c87 - More fixes for alsactl 2007-05-16 21:48:52 +00:00
Daniel J Walsh
cf806ebda9 - Fixes for suspend resume.
- insmod domtrans to alsactl
- insmod writes to hal log
2007-05-16 21:09:41 +00:00
Daniel J Walsh
7c3dcb3584 - Allow unconfined_t to transition to NetworkManager_t
- Fix netlabel policy
2007-05-16 19:31:34 +00:00
Daniel J Walsh
810e69636e - Update to latest from upstream 2007-05-14 19:54:57 +00:00
Daniel J Walsh
8cd496f1d6 - Update to latest from upstream 2007-05-14 18:10:58 +00:00
Daniel J Walsh
057603fbda - Update to latest from upstream 2007-05-07 18:07:26 +00:00
Daniel J Walsh
daa6abe9e1 - Update to latest from upstream 2007-05-04 17:30:10 +00:00
Daniel J Walsh
a615d5b893 - Update to latest from upstream 2007-05-02 02:53:14 +00:00
Daniel J Walsh
8fea836859 - Update to latest from upstream 2007-05-01 20:53:29 +00:00
Daniel J Walsh
6821c3df97 - 2007-04-27 17:23:49 +00:00
Daniel J Walsh
77d25ebf92 - Fixes for unix_update
- Fix logwatch to be able to search all dirs
2007-04-25 18:31:32 +00:00
Daniel J Walsh
8396b2dbd2 - Upstream bumped the version 2007-04-23 17:00:48 +00:00
Daniel J Walsh
61947fac0a - Allow consolekit to syslog
- Allow ntfs to work with hal
2007-04-20 20:13:07 +00:00
Daniel J Walsh
2db3c1e86a - Allow iptbales to read etc_runtime_t 2007-04-19 18:24:08 +00:00
Daniel J Walsh
4661767044 - MLS Fixes 2007-04-19 13:58:54 +00:00
Daniel J Walsh
53b22295eb - MLS Fixes 2007-04-19 13:40:31 +00:00
Daniel J Walsh
883a0252b0 - Fix path of /etc/lvm/cache directory
- Fixes for alsactl and pppd_t
- Fixes for consolekit
2007-04-18 21:00:52 +00:00
Daniel J Walsh
ab59becfc6 - Fixes for alsactl and pppd_t 2007-04-18 20:50:02 +00:00
Daniel J Walsh
32b18f8ae9 - Fixes for consolekit 2007-04-18 20:45:20 +00:00
Daniel J Walsh
7671cee047 - Allow insmod_t to mount kvmfs_t filesystems 2007-04-17 20:42:32 +00:00
Daniel J Walsh
9fc00bcbda - Rwho policy
- Fixes for consolekit
2007-04-17 19:28:14 +00:00
Daniel J Walsh
e6f3cfbe2d - fixes for fusefs 2007-04-16 17:11:45 +00:00
Daniel J Walsh
8c912ab526 - Fix samba_net to allow it to view samba_var_t 2007-04-12 21:09:34 +00:00
Daniel J Walsh
a3b1a2c522 - Update to upstream 2007-04-11 20:55:28 +00:00
Daniel J Walsh
5d5caebf83 - Fix Sonypic backlight
- Allow snmp to look at squid_conf_t
2007-04-10 15:20:50 +00:00
Daniel J Walsh
7f1bd869ee - Fixes for pyzor, cyrus, consoletype on everything installs 2007-04-09 20:47:56 +00:00
Daniel J Walsh
0b3279dee5 - Fix hald_acl_t to be able to getattr/setattr on usb devices
- Dontaudit write to unconfined_pipes for load_policy
2007-04-09 18:36:06 +00:00
Daniel J Walsh
21029bf045 - Allow bluetooth to read inotifyfs 2007-04-07 11:35:20 +00:00
Daniel J Walsh
e6b9e29195 - Fixes for samba domain controller.
- Allow ConsoleKit to look at ttys
2007-04-04 20:46:07 +00:00
Daniel J Walsh
f9f9ddcde1 - Fix interface call 2007-04-04 19:44:58 +00:00
Daniel J Walsh
89d3de7112 - Allow syslog-ng to read /var
- Allow locate to getattr on all filesystems
- nscd needs setcap
2007-04-03 19:25:58 +00:00
Daniel J Walsh
2528fa0969 - Update to upstream 2007-04-02 21:06:47 +00:00
Daniel J Walsh
8e5289e20b - Update to upstream 2007-04-02 19:53:16 +00:00
Daniel J Walsh
ce7f30a258 - Update to upstream 2007-04-02 15:17:45 +00:00
Daniel J Walsh
f040ac5fd3 - Allow samba to run groupadd 2007-03-23 15:42:50 +00:00
Daniel J Walsh
f634733f95 - Update to upstream 2007-03-23 14:32:31 +00:00
Daniel J Walsh
281f5f5a50 - Fix labeling on udev.tbl dirs 2007-03-22 10:40:53 +00:00
Daniel J Walsh
552645bad0 - Fixes for logwatch 2007-03-21 03:39:06 +00:00
Daniel J Walsh
593fb16ef5 - Add fusermount and mount_ntfs policy 2007-03-20 20:45:45 +00:00
Daniel J Walsh
9d59ec430e - Update to upstream
- Allow saslauthd to use kerberos keytabs
2007-03-20 16:22:25 +00:00
Daniel J Walsh
d3aabaedb4 2007-03-20 15:01:28 +00:00
Daniel J Walsh
741e816e8e - Fixes for samba_var_t 2007-03-19 19:33:06 +00:00
Daniel J Walsh
db4f0ec7b9 - Remove disable_trans booleans
- hald_acl_t needs to talk to nscd
2007-03-19 14:51:28 +00:00
Daniel J Walsh
2823e28d58 - Remove enable_audit booleans
- hald_acl_t needs to talk to nscd
2007-03-19 14:42:08 +00:00
Daniel J Walsh
2f82eed685 - Fix prelink to be able to manage usr dirs. 2007-03-16 03:14:13 +00:00
Daniel J Walsh
9468a641a6 - Allow insmod to launch init scripts 2007-03-14 12:48:09 +00:00
Daniel J Walsh
271752a5ca - Remove setsebool policy 2007-03-13 17:46:34 +00:00
Daniel J Walsh
bdb7f99f00 - Fix handling of unlabled_t packets 2007-03-12 14:51:29 +00:00
Daniel J Walsh
2a9b648b37 - More of my patches from upstream 2007-03-11 05:19:36 +00:00
Daniel J Walsh
1fed4c745c - Update to latest from upstream
- Add fail2ban policy
2007-03-01 21:57:47 +00:00
Daniel J Walsh
9a8202d585 - Update to latest from upstream
- Add fail2ban policy
2007-03-01 16:30:20 +00:00
Daniel J Walsh
5ad70cf38c - Update to remove security_t:filesystem getattr problems 2007-02-28 21:23:19 +00:00
Daniel J Walsh
13893ed688 - Policy for consolekit 2007-02-27 18:34:08 +00:00
Daniel J Walsh
af8af9caee 2007-02-26 15:06:22 +00:00
Daniel J Walsh
cc1be2260f - Revert Nemiver change
- Set sudo as a corecmd so prelink will work, remove sudoedit mapping,
    since this will not work, it does not transition.
- Allow samba to execute useradd
2007-02-23 15:35:01 +00:00
Daniel J Walsh
b0861172ab - Add sepolgen support
- Add bugzilla policy
2007-02-20 21:37:52 +00:00
Daniel J Walsh
b7da3b9e3e - Add sepolgen support
- Add bugzilla policy
2007-02-20 17:35:59 +00:00
Daniel J Walsh
2fa5bb00e9 - Add sepolgen support
- Add bugzilla policy
2007-02-16 19:55:48 +00:00
Daniel J Walsh
e10e57a4a6 THu Feb 15 2007 Dan Walsh <dwalsh@redhat.com> 2.5.3-3
- Add sepolgen support
- Add bugzilla policy
2007-02-15 20:46:02 +00:00
Daniel J Walsh
07dcdf7654 - Fix file context for nemiver 2007-02-15 20:29:48 +00:00
Daniel J Walsh
1a24735d8f - Fix file context for nemiver 2007-02-15 00:19:30 +00:00
Daniel J Walsh
df0bef9ac0 - 2007-02-12 16:27:42 +00:00
Daniel J Walsh
9aff35b779 - 2007-02-12 16:18:31 +00:00
Daniel J Walsh
39b6cecaf2 - Allow mozilla, evolution and thunderbird to read dev_random. Resolves:
#227002
- Allow spamd to connect to smtp port Resolves: #227184
- Fixes to make ypxfr work Resolves: #227237
2007-02-06 16:54:13 +00:00
Daniel J Walsh
33501ce93f - Fix ssh_agent to be marked as an executable
- Allow Hal to rw sound device
2007-02-04 12:42:16 +00:00
Daniel J Walsh
de0b364127 - Fix spamassisin so crond can update spam files
- Fixes to allow kpasswd to work
- Fixes for bluetooth
2007-02-01 21:40:50 +00:00
Daniel J Walsh
3902fd87fd - Remove some targeted diffs in file context file 2007-01-31 22:18:10 +00:00
Daniel J Walsh
edd045d7c0 - Fix squid cachemgr labeling 2007-01-26 16:12:32 +00:00
Daniel J Walsh
e45f5d36d0 - Add ability to generate webadm_t policy
- Lots of new interfaces for httpd
- Allow sshd to login as unconfined_t
2007-01-25 19:07:00 +00:00
Daniel J Walsh
cc7c06a0d1 - Continue fixing, additional user domains 2007-01-23 01:08:45 +00:00
Daniel J Walsh
f86e42306e - Begin adding user confinement to targeted policy 2007-01-22 16:52:18 +00:00
Daniel J Walsh
45478192f4 - Fixes for prelink, ktalkd, netlabel 2007-01-17 19:58:32 +00:00
Daniel J Walsh
ee095f5817 - Fixes for prelink, ktalkd, netlabel 2007-01-11 22:43:22 +00:00
Daniel J Walsh
b6ed674a00 - Fixes for prelink, ktalkd, netlabel 2007-01-10 22:05:57 +00:00
Daniel J Walsh
ae5ace1a7e - Fixes for prelink, ktalkd, netlabel 2007-01-10 22:01:29 +00:00
Daniel J Walsh
9e0fa4fef3 - Allow prelink when run from rpm to create tmp files Resolves: #221865
- Remove file_context for exportfs Resolves: #221181
- Allow spamassassin to create ~/.spamassissin Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves: #200110
- Fixes to run prelink in MLS machine Resolves: #221233
- Allow spamassassin to read var_lib_t dir Resolves: #219234
2007-01-09 15:26:56 +00:00
Daniel J Walsh
a384d73899 - Allow prelink when run from rpm to create tmp files Resolves: #221865
- Remove file_context for exportfs Resolves: #221181
- Allow spamassassin to create ~/.spamassissin Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves: #200110
2007-01-09 15:24:41 +00:00
Daniel J Walsh
8a03d5e828 - Allow spamassassin to read var_lib_t dir Resolves: #219234 2007-01-02 16:40:08 +00:00
Daniel J Walsh
9bcfd16a2d - fix mplayer to work under strict policy
- Allow iptables to use nscd Resolves: #220794
2006-12-29 20:01:11 +00:00
Daniel J Walsh
8bacd8ed15 - Add gconf policy and make it work with strict 2006-12-28 17:39:12 +00:00
Daniel J Walsh
5db544f392 - Many fixes for strict policy and by extension mls. 2006-12-24 15:26:26 +00:00
Daniel J Walsh
135ea97ff1 - Many fixes for strict policy and by extension mls. 2006-12-24 07:31:09 +00:00
Daniel J Walsh
9051d60c06 - Fix to allow ftp to bind to ports > 1024 Resolves: #219349 2006-12-22 17:39:01 +00:00
Daniel J Walsh
5ded3c385e 2006-12-22 16:58:33 +00:00
Daniel J Walsh
4fd323b783 2006-12-22 16:56:53 +00:00
Daniel J Walsh
f9e32a004d - Allow semanage to exec it self. Label genhomedircon as semanage_exec_t
Resolves: #219421
- Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080
2006-12-20 20:40:30 +00:00
Daniel J Walsh
be9aefca3d - allow automount to setgid Resolves: #219999 2006-12-18 21:50:13 +00:00
Daniel J Walsh
5e01b4610b - Allow cron to polyinstatiate
- Fix creation of boot flags Resolves: #207433
2006-12-15 21:42:14 +00:00
Daniel J Walsh
272aa0b2e8 2006-12-14 20:06:00 +00:00
Daniel J Walsh
3a51847bd9 Resolves: #218978 2006-12-13 17:06:33 +00:00
Daniel J Walsh
422dcf1da8 Resolves: #218978 2006-12-13 17:03:55 +00:00
Daniel J Walsh
e3b143b243 - Allow initrc to create files in /var directories Resolves: #219227 2006-12-12 21:46:24 +00:00
Daniel J Walsh
6157a7e6e4 - More fixes for MLS 2006-12-11 12:35:45 +00:00
Daniel J Walsh
dd5d7e7583 - More Fixes polyinstatiation Resolves: #216184 2006-12-06 23:27:45 +00:00
Daniel J Walsh
a169fb7433 - Fix handling of keyrings 2006-12-06 19:38:32 +00:00
Daniel J Walsh
852ba6bb2f - Fix polyinstatiation
- Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350
2006-12-05 23:05:39 +00:00
Daniel J Walsh
414ddd0de3 - More fixes for quota Resolves: #212957 2006-12-01 21:52:08 +00:00
Daniel J Walsh
9f388c1a78 - ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014 2006-12-01 17:58:00 +00:00
Daniel J Walsh
b6ffd7c2ae - Allow login programs to polyinstatiate homedirs Resolves: #216184
- Allow quotacheck to create database files Resolves: #212957
2006-11-30 22:06:22 +00:00