Commit Graph

962 Commits

Author SHA1 Message Date
Daniel J Walsh
72bc25da0e - Allow xserver to use netlink_kobject_uevent_socket 2009-09-07 01:29:07 +00:00
Daniel J Walsh
1a2981be4a - Dontaudit setroubleshootfix looking at /root directory 2009-09-02 13:33:15 +00:00
Daniel J Walsh
65c3f9a0a8 - Update to upsteam 2009-08-31 21:27:50 +00:00
Daniel J Walsh
cb5670ca1b - Allow gssd to send signals to users
- Fix duplicate label for apache content
2009-08-31 13:39:37 +00:00
Daniel J Walsh
faf9cbbc4b - Update to upstream 2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f - Remove polkit_auth on upgrades 2009-08-28 18:56:15 +00:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
07c04f81b6 - Add back in unconfined.pp and unconfineduser.pp 2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337 - Fixes for cdrecord, mdadm, and others 2009-08-26 12:12:39 +00:00
Daniel J Walsh
080ce6f2c8 - Add capability setting to dhcpc and gpm 2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393 - Allow cronjobs to read exim_spool_t 2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce - Fix system-config-services policy 2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac - Allow libvirt to change user componant of virt_domain 2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Daniel J Walsh
b2c5e72a15 - Make all unconfined_domains permissive so we can see what AVC's happen 2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864 - Add pt_chown policy 2009-08-12 20:10:51 +00:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf - Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data
2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f - Allow devicekit_disk to list inotify 2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:37:39 +00:00
Daniel J Walsh
4673269d66 - Allow exim to getattr on mountpoints
- Fixes for pulseaudio
2009-08-04 11:32:06 +00:00
Daniel J Walsh
947b439e10 - Allow svirt_t to stream_connect to virtd_t 2009-07-31 19:05:34 +00:00
Daniel J Walsh
af4fa8266c - Allod hald_dccm_t to create sock_files in /tmp 2009-07-31 11:02:24 +00:00
Daniel J Walsh
abd1536931 - More fixes from upstream 2009-07-30 20:30:26 +00:00
Daniel J Walsh
c6e2224c70 - Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72 - Update to upstream 2009-07-28 19:08:17 +00:00
Daniel J Walsh
9160520a0e - Allow certmaster to override dac permissions 2009-07-27 22:09:57 +00:00
Daniel J Walsh
df7055d5b3 - Update to upstream 2009-07-23 21:47:41 +00:00
Daniel J Walsh
8da0248476 - Fix context for VirtualBox 2009-07-19 16:04:30 +00:00
Daniel J Walsh
2360ff9f3f - Update to upstream 2009-07-15 19:12:04 +00:00
Daniel J Walsh
a88b486824 - Fixes for xguest 2009-07-08 15:37:57 +00:00
Daniel J Walsh
819f419b33 - fix multiple directory ownership of mandirs 2009-07-07 21:06:52 +00:00
Tom Callaway
a85aeff615 fix duplicate directory ownership with filesystem, policycoreutils 2009-07-07 15:41:05 +00:00
Daniel J Walsh
d9676a6ada - Update to upstream 2009-07-06 21:16:26 +00:00
Daniel J Walsh
bcc53daced - Add rules for rtkit-daemon 2009-06-30 11:46:56 +00:00
Daniel J Walsh
7b16d569d8 - Update to upstream
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
221642f17f - Add rtkit policy 2009-06-25 21:43:36 +00:00
Daniel J Walsh
d399fb4d25 - Allow rpcd_t to stream connect to rpcbind 2009-06-24 20:45:26 +00:00
Daniel J Walsh
9850f4d30d - Allow kpropd to create tmp files 2009-06-24 13:15:55 +00:00
Daniel J Walsh
93dc66eaeb - Fix last duplicate /var/log/rpmpkgs 2009-06-23 13:23:52 +00:00
Daniel J Walsh
a9f0953822 - Update to upstream
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40 - Update to upstream
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529 - Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
9386d6f55f - Fix mcs rules to include chr_file and blk_file 2009-06-18 20:01:47 +00:00
Daniel J Walsh
e3bf6793cb - Add label for udev-acl 2009-06-18 14:42:34 +00:00
Daniel J Walsh
f8df9e54c4 - Additional rules for consolekit/udev, privoxy and various other fixes 2009-06-15 20:04:07 +00:00
Daniel J Walsh
49883e898d - New version for upstream 2009-06-15 15:26:20 +00:00
Daniel J Walsh
d3ae977ab7 - New version for upstream 2009-06-12 18:59:09 +00:00
Daniel J Walsh
6b838056a8 - Allow NetworkManager to read inotifyfs 2009-06-11 21:26:42 +00:00
Daniel J Walsh
aa7b9cbc5e - Allow setroubleshoot to run mlocate 2009-06-10 17:50:55 +00:00
Daniel J Walsh
8197718634 - Update to upstream 2009-06-08 21:47:04 +00:00
Daniel J Walsh
9ee63df41a - New log file for vmware
- Allow xdm to setattr on user_tmp_t
2009-05-26 16:57:59 +00:00
Daniel J Walsh
ef7416c2b8 - Upgrade to upstream 2009-05-22 14:37:43 +00:00
Daniel J Walsh
eead2a6f25 - Allow fprintd to access sys_ptrace
- Add sandbox policy
2009-05-20 17:28:24 +00:00
Daniel J Walsh
7b6c105887 - Add varnishd policy 2009-05-18 18:49:15 +00:00
Daniel J Walsh
f72bd44737 - Fixes for kpropd 2009-05-14 18:53:40 +00:00
Daniel J Walsh
fcb4418ad5 - Allow brctl to r/w tun_tap_device_t 2009-05-14 14:37:43 +00:00
Daniel J Walsh
62cfafdcb7 - Add /usr/share/selinux/packages
- Turn on nsplugin boolean
2009-05-12 18:10:29 +00:00
Daniel J Walsh
0f6b92d1fa - Allow rpcd_t to send signals to kernel threads 2009-05-11 13:11:03 +00:00
Daniel J Walsh
992419431e - Fix upgrade for F10 to F11 2009-05-08 19:43:27 +00:00
Daniel J Walsh
a2098a521f - Add policy for /var/lib/fprint 2009-05-07 19:09:40 +00:00
Daniel J Walsh
8a0604e919 -Remove duplicate line 2009-05-06 12:51:59 +00:00
Daniel J Walsh
959ab94100 - Allow svirt to manage pci and other sysfs device data 2009-05-05 20:48:39 +00:00
Daniel J Walsh
0e31a0e8ca - Fix package selection handling 2009-05-04 19:37:29 +00:00
Daniel J Walsh
c32d79e2c3 - Fix /sbin/ip6tables-save context
- Allod udev to transition to mount
- Fix loading of mls policy file
2009-05-04 18:20:29 +00:00
Daniel J Walsh
5dd89f3819 - Fix /sbin/ip6tables-save context 2009-05-02 11:52:13 +00:00
Daniel J Walsh
37ebfc9102 - Add shorewall policy 2009-04-30 22:22:00 +00:00
Daniel J Walsh
21b13fca45 - Additional rules for fprintd and sssd 2009-04-30 11:51:07 +00:00
Daniel J Walsh
40d8f60dd7 - Allow nsplugin to unix_read unix_write sem for unconfined_java 2009-04-28 20:09:21 +00:00
Daniel J Walsh
b3ac4a052b - Fix uml files to be owned by users 2009-04-28 15:49:42 +00:00
Daniel J Walsh
e080bbd4f6 - Fix Upgrade path to install unconfineduser.pp when unocnfined package is
3.0.0 or less
2009-04-28 15:13:35 +00:00
Daniel J Walsh
b11dbbb323 - Allow confined users to manace virt_content_t, since this is home dir
content
- Allow all domains to read rpm_script_tmp_t which is what shell creates on
    redirection
2009-04-27 18:56:58 +00:00
Daniel J Walsh
b0991a2dfd - Fix labeling on /var/lib/misc/prelink*
- Allow xserver to rw_shm_perms with all x_clients
- Allow prelink to execute files in the users home directory
2009-04-27 14:45:15 +00:00
Daniel J Walsh
89c9c9ae6a - Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
2009-04-24 19:28:35 +00:00
Daniel J Walsh
eaaf2ab923 - Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
2009-04-24 17:50:36 +00:00
Daniel J Walsh
dac8380cd0 - Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
2009-04-24 13:17:08 +00:00
Daniel J Walsh
db0dafaaeb - Update to latest milter code from Paul Howarth 2009-04-24 11:53:55 +00:00
Daniel J Walsh
cd0a396413 - Update to latest milter code from Paul Howarth 2009-04-24 11:42:43 +00:00
Daniel J Walsh
5ce1c49771 - Additional perms for readahead 2009-04-24 04:09:22 +00:00
Daniel J Walsh
4d5adb716e - Allow pulseaudio to acquire_svc on session bus
- Fix readahead labeling
2009-04-23 14:48:46 +00:00
Daniel J Walsh
3c498a780b - Allow sshd to read var_lib symlinks for freenx 2009-04-22 19:18:30 +00:00
Daniel J Walsh
a32a1594b6 - Allow nsplugin unix_read and write on users shm and sem
- Allow sysadm_t to execute su
2009-04-21 20:31:51 +00:00
Daniel J Walsh
d982e7e091 - Fixes for podsleuth 2009-04-18 12:13:36 +00:00
Daniel J Walsh
dc00fc32b6 *** empty log message *** 2009-04-17 14:19:17 +00:00
Daniel J Walsh
6203f422e2 - Allow cupsd_t to create link files in print_spool_t 2009-04-16 15:14:26 +00:00
Daniel J Walsh
4a0aac139f - Allow audioentroy to read etc files 2009-04-15 12:03:09 +00:00
Daniel J Walsh
685032cae2 - Add fail2ban_var_lib_t
- Fixes for devicekit_power_t
2009-04-14 11:02:35 +00:00
Daniel J Walsh
d4af172a64 - Separate out the ucnonfined user from the unconfined.pp package 2009-04-11 12:30:22 +00:00
Daniel J Walsh
90e4193775 - Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t. 2009-04-08 13:18:20 +00:00
Daniel J Walsh
25a47636ae - Upgrade to latest upstream
- Allow devicekit_disk sys_rawio
2009-04-08 00:59:46 +00:00
Daniel J Walsh
510c2a3987 - Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream
2009-04-06 17:07:59 +00:00
Daniel J Walsh
04b6828096 - Allow podsleuth to use tmpfs files 2009-04-03 21:27:39 +00:00
Daniel J Walsh
80beeee40e - Add customizable_types for svirt 2009-04-03 19:25:21 +00:00
Daniel J Walsh
f49c57d5e6 - Allow setroubelshoot exec* privs to prevent crash from bad libraries
- add cpufreqselector
2009-04-03 14:45:58 +00:00
Daniel J Walsh
90ea5b3fef - Dontaudit listing of /root directory for cron system jobs 2009-04-02 15:23:58 +00:00
Daniel J Walsh
3434a9be73 - Fix missing ld.so.cache label 2009-03-30 16:06:48 +00:00
Daniel J Walsh
c0158a8c68 - Add label for ~/.forward and /root/.forward 2009-03-27 19:48:17 +00:00