Chris PeBenito
f2f296ba60
openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories.
2009-09-02 09:24:10 -04:00
Chris PeBenito
aa83007d5a
add hddtemp from dan.
2009-09-01 08:34:04 -04:00
Chris PeBenito
6774578327
module version number bump for nscd patch.
2009-08-31 09:44:38 -04:00
Manoj Srivastava
2a79debe9b
nscd cache location changed from /var/db/nscd to /var/cache/nscd
...
The nscd policy module uses the old nscd cache location. The cache location
changed with glibc 2.7-1, and the current nscd does place the files in
/var/cache/nscd/.
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
2009-08-31 09:43:52 -04:00
Chris PeBenito
aaff2fcfcd
module version number bump for tun patches
2009-08-31 09:17:31 -04:00
Chris PeBenito
bd75703c7d
reorganize tun patch changes.
2009-08-31 08:49:57 -04:00
Paul Moore
9dc3cd1635
refpol: Policy for the new TUN driver access controls
...
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices. The policy rules for creating and attaching to a device are as
shown below:
# create a new device
allow domain_t self:tun_socket { create };
# attach to a persistent device (created by tunlbl_t)
allow domain_t tunlbl_t:tun_socket { relabelfrom };
allow domain_t self:tun_socket { relabelto };
Further discussion can be found on this thread:
* http://marc.info/?t=125080850900002&r=1&w=2
Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito
4279891d1f
patch from Eamon Walsh to remove useage of deprecated xserver interfaces.
2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04
deprecate userdom_xwindows_client_template
...
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role(). Deprecate
the former and put the rules into the latter.
For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
2009-08-28 13:29:36 -04:00
Chris PeBenito
dbb7dd9484
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd
split dev_manage_dri_dev() into a manage and a filetrans interface.
2009-08-25 09:43:38 -04:00
Chris PeBenito
0484277038
reorganize dbus.fc.
2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546
module version bumps and changelog update for the previous 3 commits.
2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1
Gentoo dbus in libexec
2009-08-18 13:13:40 -04:00
LABBE Corentin
58cc9903dd
Missing comma in policykit
2009-08-18 13:13:26 -04:00
Chris PeBenito
909922027b
Debian policykit fixes from Martin Orr.
...
The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that. Also a couple of policykit rules.
2009-08-18 09:49:31 -04:00
Chris PeBenito
2a77737d4e
Add missing rules to make unconfined_cronjob_t a valid cron job domain.
...
Unconfined_cronjob_t is not a valid cron job domain because the cron
module is lacking a transition from the crond to the unconfined_cronjob_t
domain. This adds the transition and also a constraints exemption since
part of the transition is also a seuser and role change typically.
2009-08-12 14:15:39 -04:00
Chris PeBenito
e335910197
Add missing compatibility aliases for xdm_xserver*_t types.
...
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for
compatibility were mistakenly not added to the policy.
2009-08-05 11:17:53 -04:00
Chris PeBenito
9570b28801
module version number bump for release 2.20090730 that was mistakenly omitted.
2009-08-05 10:59:21 -04:00
Chris PeBenito
50458c8bb7
pull most of fedora changes to rpc.
2009-07-29 14:55:30 -04:00
Chris PeBenito
0c89174f7f
pull most of fedora changes to samba.
2009-07-29 14:40:34 -04:00
Chris PeBenito
363e8fb98a
pull in part of fedora mta changes
2009-07-29 10:59:09 -04:00
Chris PeBenito
20c3ccee1a
add fprintd module from dan.
2009-07-29 10:28:31 -04:00
Chris PeBenito
677c4c2fea
add devicekit module from dan.
2009-07-29 10:02:06 -04:00
Chris PeBenito
4e7c0a93a6
consolekit patch from dan.
2009-07-29 09:13:54 -04:00
Chris PeBenito
33322290f2
automount patch from dan.
2009-07-29 08:59:26 -04:00
Chris PeBenito
8f3bddfbfd
cups patch from dan.
2009-07-28 15:46:26 -04:00
Chris PeBenito
4be3e11094
pull in apache_admin() from fedora
2009-07-28 13:24:08 -04:00
Chris PeBenito
423a4a3a2c
fix dbus type transition conflict.
...
switch dbus ranged calls from daemon domain to system domain. This works
around a type transition conflict. It is also why the non-ranged
init_system_domain() is used instead of init_daemon_domain().
2009-07-28 11:05:19 -04:00
Chris PeBenito
c7ae9ae1c8
Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy
2009-07-28 08:00:03 -04:00
Chris PeBenito
ebf3ec9063
snort patch from dan.
2009-07-27 16:04:10 -04:00
Chris PeBenito
708a74a212
oddjob patch from dan.
2009-07-27 10:52:20 -04:00
Chris PeBenito
fa50187c5e
kerneloops patch from dan
2009-07-27 10:44:19 -04:00
Chris PeBenito
9de7c1706d
hal patch from dan.
2009-07-27 10:18:50 -04:00
Chris PeBenito
fe1205a810
avahi patch from dan
2009-07-27 09:57:20 -04:00
Chris PeBenito
e04438840b
dbus patch from dan
2009-07-27 09:46:35 -04:00
Chris PeBenito
09516cb4be
remove read_default_t tunable
2009-07-23 08:58:35 -04:00
Chris PeBenito
13306f56b6
afs client patch from dan.
2009-07-21 10:11:03 -04:00
Chris PeBenito
b93a7dacca
bluetooth patch from dan.
2009-07-21 10:10:47 -04:00
Chris PeBenito
ad0aea536b
clamav patch from dan.
2009-07-21 10:10:31 -04:00
Chris PeBenito
92f08c7130
mailman patch from dan.
2009-07-21 10:10:17 -04:00
Chris PeBenito
1847443ea3
ricci patch from dan.
2009-07-21 10:10:00 -04:00
Chris PeBenito
d8822462c4
fix policykit interface
2009-07-21 10:09:14 -04:00
Chris PeBenito
7395f80119
ppp patch from dan
2009-07-20 15:41:19 -04:00
Chris PeBenito
4aa075262a
kerberos patch from dan
2009-07-20 15:41:08 -04:00
Chris PeBenito
8f17f7c2ee
dnsmasq patch from dan.
2009-07-20 15:40:57 -04:00
Chris PeBenito
93d300831d
dhcp patch from dan
2009-07-20 15:40:41 -04:00
Chris PeBenito
af5374d3a5
policykit.if whitespace fix
2009-07-20 11:37:22 -04:00
Chris PeBenito
9e90ce33db
add policykit from dan.
2009-07-20 11:15:09 -04:00
Chris PeBenito
b67201eae7
fix bad varnishd interface names
2009-07-20 09:44:25 -04:00