Chris PeBenito
efcf9df253
kudzu will telinit to make init re-read the inittab after configuring serial consoles
2007-03-20 19:00:35 +00:00
Chris PeBenito
a5f5eba459
Add dontaudits for init fds and console to init_daemon_domain().
2007-03-20 18:47:18 +00:00
Chris PeBenito
4832f0e066
create user gpg keys dir patch from dan
2007-03-19 19:10:43 +00:00
Chris PeBenito
93784927ca
add kvmfs support, from dan
2007-03-19 18:48:14 +00:00
Chris PeBenito
7200146ea8
trivial patch for radius from dan
2007-03-19 18:42:57 +00:00
Chris PeBenito
86b28c9594
trivial patch from dan for sysstat access to sysfs
2007-03-19 18:38:54 +00:00
Chris PeBenito
e66689f7be
other part of consolekit addition
2007-03-19 18:36:36 +00:00
Chris PeBenito
c224d91c7b
from Dan:
...
This is a new policy for the User Switching capability coming in gnome.
consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
2007-03-19 18:01:15 +00:00
Chris PeBenito
6c20f77e80
patch from Dan for sudo:
...
sudo should be able to getattr on all executables not just
bin_t/sbin_t. Confined executeables run from sudo need this.
sudo_exec_t needs to be marked as exec_type so prelink will work correctly.
sudo semanage should work
2007-03-19 16:32:44 +00:00
Chris PeBenito
0cca516db7
fix for rh bug 203290
2007-03-08 19:01:21 +00:00
Chris PeBenito
b5a6c86f46
last bit of dans patch
2007-03-08 17:53:52 +00:00
Chris PeBenito
cdc91b9aeb
Patch for handling restart of nscd when ran from useradd, groupadd, and admin passwd, from Dan Walsh.
2007-03-08 15:14:45 +00:00
Chris PeBenito
59bedc1886
procmail uses /tmp files
...
Wants to send signull to itself
Can exec ls
Read spamassinn_lib_dirs
New directory for spamassin /var/lib/
pyzor uses tmp files
2007-03-07 21:33:22 +00:00
Chris PeBenito
7aefc69117
trivial change from dan
2007-03-06 17:44:26 +00:00
Chris PeBenito
7aca2aa827
setroubleshoot has a plugin that checks the file context on disk versus a matchpathcon. So needs additional privs
2007-03-06 17:16:08 +00:00
Chris PeBenito
c23eb5b1c4
Patch for gssd fixes from Dan Walsh
2007-03-06 16:18:59 +00:00
Chris PeBenito
c5561c777d
patches for lvm and ricci fixes from Dan Walsh.
2007-03-06 15:35:02 +00:00
Chris PeBenito
f2c69c47b3
lmtp and smtp are the same file require same context of setfiles complains
...
postfix_pickup_t wants to read postfix_spool_maildrop_t dir
2007-03-01 20:41:19 +00:00
Chris PeBenito
ecc98e19e3
patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh.
2007-03-01 15:43:39 +00:00
Chris PeBenito
4900fdf7d1
Patch for kerberized telnet fixes from Dan Walsh.
2007-02-28 17:17:52 +00:00
Chris PeBenito
09c56f5496
Patch for kerberized ftp and other ftp fixes from Dan Walsh.
2007-02-28 17:01:47 +00:00
Chris PeBenito
2aea366ffc
Patch for an additional wine executable from Dan Walsh.
2007-02-28 16:23:06 +00:00
Chris PeBenito
bf39cdb807
Patch for additional games file contexts from Dan Walsh.
2007-02-28 15:30:38 +00:00
Chris PeBenito
86d754eed6
Add support for libselinux 2.0.5 init_selinuxmnt() changes.
2007-02-27 17:02:35 +00:00
Chris PeBenito
ca448bd66c
add init_exec() to init_telinit().
2007-02-26 20:19:53 +00:00
Chris PeBenito
f0eaed31be
Patch for misc fixes to bluetooth from Dan Walsh.
2007-02-26 17:23:52 +00:00
Chris PeBenito
5b06477c8e
On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote:
...
> Eliminate excess avc messages created when using kerberos libraries
>
> krb5kdc wans to setsched
>
> Also uses a fifo_file to communicate.
>
> Needs to search_network_sysctl
2007-02-26 17:04:56 +00:00
Chris PeBenito
bbb7cc8927
Patch to start deprecating usercanread attribute from Ryan Bradetich.
2007-02-26 16:13:23 +00:00
Chris PeBenito
3a39015792
On Tue, 2007-02-20 at 12:30 -0500, Daniel J Walsh wrote:
...
> prelink creates temporarly files that it then needs to relabel.
2007-02-23 21:20:46 +00:00
Chris PeBenito
5c45eaede1
On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
...
> audit needs fsetid
>
> syslog needs to be able to create a tcp_socket for off machine logging.
2007-02-23 20:19:29 +00:00
Chris PeBenito
66cf194680
Patch to remove redundant mls_trusted_object() call from Dan Walsh.
2007-02-23 20:05:12 +00:00
Chris PeBenito
4685213857
Patch for misc fixes to nis ypxfr policy from Dan Walsh.
2007-02-23 19:52:52 +00:00
Chris PeBenito
aeb54c6dd0
Patch to allow apmd to telinit from Dan Walsh.
2007-02-23 19:41:41 +00:00
Chris PeBenito
d114071e7a
While using samba and SELinux with Debian GNU/Linux (etch) the
...
following files need to be labeled correctly:
/var/run/samba/gencache.tdb
/var/run/samba/share_info.tdb
Should also concern other distributions than Debian.
-Stefan
2007-02-23 19:30:17 +00:00
Chris PeBenito
bcac3a5e3d
Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
2007-02-23 19:08:45 +00:00
Chris PeBenito
f1be09c2b1
make ttys and ptys device nodes
2007-02-20 20:17:07 +00:00
Chris PeBenito
6b19be3360
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
Chris PeBenito
10e12095d6
Fix explicit use of httpd_t in openca_domtrans(), bug #22 .
2007-02-07 22:10:45 +00:00
Chris PeBenito
ff943a1b9b
Clean up file context regexes in apache and java, from Eamon Walsh:
...
Some file_contexts regular expressions in refpolicy-strict are causing
genhomedircon to die; refpolicy is failing to build for me entirely.
The regular expressions seem redundant to me, perhaps I am missing
something, but the following patch fixes the problems for me. Please
review and apply
2007-01-24 17:10:31 +00:00
Chris PeBenito
42c5c5f612
bump versions for release.
2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
Chris PeBenito
d6d16b9796
patch from dan Wed, 29 Nov 2006 17:06:40 -0500
2006-12-04 20:10:56 +00:00
Chris PeBenito
563e58e863
patch from dan for some missing gen_require()s
2006-11-29 13:44:40 +00:00
Chris PeBenito
bff907113d
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:57:22 +00:00
Chris PeBenito
c31f6724c0
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
2006-11-28 15:47:47 +00:00
Chris PeBenito
fa45da0efd
add aide, ccs, and ricci
2006-11-16 20:56:24 +00:00
Chris PeBenito
c6a60bb28d
On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
...
> Here is the policy changes needed for the context contains security
> checking in PAM and cron.
2006-11-14 13:38:52 +00:00
Chris PeBenito
ed38ca9f3d
fixes from gentoo strict testing:
...
- Allow semanage to read from /root on strict non-MLS for
local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
on clients.
2006-11-13 03:24:07 +00:00
Chris PeBenito
0f9a2be65d
add missing gentoo file contexts for initrc and lvm
2006-11-07 19:38:10 +00:00
Chris PeBenito
f497b8df50
Christopher J. PeBenito wrote:
...
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
2006-11-01 15:42:22 +00:00