rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
5,187 Commits 8 Branches 93 Tags 37 MiB
f8d85476fd
Commit Graph

5187 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
1a2981be4a - Dontaudit setroubleshootfix looking at /root directory 2009-09-02 13:33:15 +00:00
Chris PeBenito
f2f296ba60 openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories. 2009-09-02 09:24:10 -04:00
Chris PeBenito
93be4ba581 Webalizer does not list inotify, this was caused by leaked file descriptors in either dbus or cron. Both of which have been cleaned up. 2009-09-02 09:10:30 -04:00
Chris PeBenito
625be1b4e6 add shorewall from dan. 2009-09-02 08:58:52 -04:00
Chris PeBenito
71965a1fc5 add kdump from dan. 2009-09-02 08:33:25 -04:00
Chris PeBenito
a4b6385b9d cdrecord patch from dan. 2009-09-01 09:22:40 -04:00
Chris PeBenito
1a79193449 awstats patch from dan. 2009-09-01 08:59:24 -04:00
Chris PeBenito
b2324fa76d certwatch patch from dan. 2009-09-01 08:50:39 -04:00
Chris PeBenito
b515ab0182 mrtg patch from dan. 2009-09-01 08:44:20 -04:00
Chris PeBenito
aa83007d5a add hddtemp from dan. 2009-09-01 08:34:04 -04:00
Daniel J Walsh
65c3f9a0a8 - Update to upsteam 2009-08-31 21:27:50 +00:00
Daniel J Walsh
d367ee8125 - Allow gssd to send signals to users 
- Fix duplicate label for apache content
 2009-08-31 17:06:58 +00:00
Daniel J Walsh
7d592be23e - Allow gssd to send signals to users 
- Fix duplicate label for apache content
 2009-08-31 16:05:43 +00:00
Chris PeBenito
aac56b12b7 add ptchown policy from dan. 2009-08-31 10:21:01 -04:00
Chris PeBenito
a3dd1499ef pulseaudio patch from dan. 2009-08-31 10:07:57 -04:00
Chris PeBenito
da4332a3c5 man page update from dan. 2009-08-31 09:57:55 -04:00
Chris PeBenito
6774578327 module version number bump for nscd patch. 2009-08-31 09:44:38 -04:00
Manoj Srivastava
2a79debe9b nscd cache location changed from /var/db/nscd to /var/cache/nscd 
The nscd policy module uses the old nscd cache location. The cache location
changed with glibc 2.7-1, and the current nscd does place the files in
/var/cache/nscd/.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
 2009-08-31 09:43:52 -04:00
Daniel J Walsh
cb5670ca1b - Allow gssd to send signals to users 
- Fix duplicate label for apache content
 2009-08-31 13:39:37 +00:00
Chris PeBenito
a9e9678fc7 kismet patch from dan. 2009-08-31 09:38:47 -04:00
Chris PeBenito
aaff2fcfcd module version number bump for tun patches 2009-08-31 09:17:31 -04:00
Chris PeBenito
0be901ba40 rename admin_tun_type to admindomain. 2009-08-31 09:03:51 -04:00
Chris PeBenito
bd75703c7d reorganize tun patch changes. 2009-08-31 08:49:57 -04:00
Paul Moore
9dc3cd1635 refpol: Policy for the new TUN driver access controls 
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
 2009-08-31 08:36:06 -04:00
Paul Moore
333494fd59 refpol: Add the "tun_socket" object class flask definitions 
Add the new "tun_socket" class to the flask definitions.  The "tun_socket"
object class is used by the new TUN driver hooks which allow policy to control
access to TUN/TAP devices.

Signed-off-by: Paul Moore <paul.moore@hp.com>
 2009-08-31 08:36:00 -04:00
Daniel J Walsh
faf9cbbc4b - Update to upstream 2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f - Remove polkit_auth on upgrades 2009-08-28 18:56:15 +00:00
Chris PeBenito
4279891d1f patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
Chris PeBenito
93c49bdb04 deprecate userdom_xwindows_client_template 
The X policy for users is currently split between
userdom_xwindows_client_template() and xserver_role().  Deprecate
the former and put the rules into the latter.

For preserving restricted X roles (xguest), divide the rules
into xserver_restricted_role() and xserver_role().
 2009-08-28 13:29:36 -04:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp 
- Add Sandbox unshare
 2009-08-26 20:19:02 +00:00
Chris PeBenito
fef5dcf3af Remove excessive permissions in logging_send_syslog_msg(). Ticket #14. 2009-08-26 10:05:36 -04:00
Daniel J Walsh
07c04f81b6 - Add back in unconfined.pp and unconfineduser.pp 2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337 - Fixes for cdrecord, mdadm, and others 2009-08-26 12:12:39 +00:00
Chris PeBenito
e27827b86c split dev_create_cardmgr_dev() into a create and a filetrans interface. 2009-08-25 09:56:56 -04:00
Chris PeBenito
dbb7dd9484 Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy 2009-08-25 09:44:28 -04:00
Chris PeBenito
69347451fd split dev_manage_dri_dev() into a manage and a filetrans interface. 2009-08-25 09:43:38 -04:00
Daniel J Walsh
7078554d07 - Add capability setting to dhcpc and gpm 2009-08-24 13:09:08 +00:00
Daniel J Walsh
d6f79017f2 - Add capability setting to dhcpc and gpm 2009-08-23 17:39:51 +00:00
Daniel J Walsh
080ce6f2c8 - Add capability setting to dhcpc and gpm 2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393 - Allow cronjobs to read exim_spool_t 2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce - Fix system-config-services policy 2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac - Allow libvirt to change user componant of virt_domain 2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus 
- Add smoltclient policy
 2009-08-18 22:43:34 +00:00
Daniel J Walsh
7a5e03cc74 - Allow cupsd_config_t to be started by dbus 
- Add smoltclient policy
 2009-08-18 22:29:11 +00:00
Chris PeBenito
0484277038 reorganize dbus.fc. 2009-08-18 13:37:46 -04:00
Chris PeBenito
62c80e2546 module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
LABBE Corentin
0d700b0fa1 Gentoo dbus in libexec 2009-08-18 13:13:40 -04:00
LABBE Corentin
755c52b8f7 portage need capability sys_nice 2009-08-18 13:13:31 -04:00
LABBE Corentin
58cc9903dd Missing comma in policykit 2009-08-18 13:13:26 -04:00