Daniel J Walsh
f2a1dcd3d4
- Add asterisk policy back in
...
- Update to upstream release 2.20091117
2009-11-25 20:19:12 +00:00
Daniel J Walsh
ee88b050c5
- Add asterisk policy back in
2009-11-20 16:55:54 +00:00
Daniel J Walsh
ce8c76d673
- Add asterisk policy back in
2009-11-20 16:31:54 +00:00
Daniel J Walsh
55acbfd715
- Update to upstream release 2.20091117
2009-11-18 22:22:56 +00:00
Daniel J Walsh
5e44eb8657
- Update to upstream
2009-11-14 05:18:01 +00:00
Daniel J Walsh
32594a1112
- Allow vpnc request the kernel to load modules
2009-10-02 15:15:36 +00:00
Daniel J Walsh
aaf52ff041
- Add plymouth policy
2009-09-30 18:50:23 +00:00
Daniel J Walsh
d976a83a17
- Allow cupsd_config to read user tmp
...
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
Daniel J Walsh
8b10e3abd7
- Update rhcs policy
2009-09-29 12:38:58 +00:00
Daniel J Walsh
85582d623f
- Allow users to exec restorecond
2009-09-25 18:47:07 +00:00
Daniel J Walsh
f5a104d238
- Allow sendmail to request kernel modules load
2009-09-24 23:30:16 +00:00
Daniel J Walsh
4c2f298bf2
- Fix all kernel_request_load_module domains
2009-09-22 12:49:53 +00:00
Daniel J Walsh
405a74c394
- Fix all kernel_request_load_module domains
2009-09-21 13:55:41 +00:00
Daniel J Walsh
41f8e385a1
- Remove allow_exec* booleans for confined users. Only available for
...
unconfined_t
2009-09-20 14:32:30 +00:00
Daniel J Walsh
8323d545c4
- More fixes for sandbox_web_t
2009-09-19 02:03:03 +00:00
Daniel J Walsh
ab462917cf
- Allow sshd to create .ssh directory and content
2009-09-18 22:12:25 +00:00
Daniel J Walsh
d53d158d2b
- Fix request_module line to module_request
2009-09-18 20:44:00 +00:00
Daniel J Walsh
1fb0a98434
- Fix sandbox policy to allow it to run under firefox.
...
- Dont audit leaks.
2009-09-18 16:20:05 +00:00
Daniel J Walsh
9de7033708
- Fixes for sandbox
2009-09-17 21:41:30 +00:00
Daniel J Walsh
69290fd9df
- Update to upstream
...
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
23e7082b4b
- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
...
- Remove policycoreutils-python requirement except for minimum
2009-09-15 21:45:12 +00:00
Daniel J Walsh
6b7b0c1cdc
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
...
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
e20e351e10
- Add wordpress/wp-content/uploads label
...
- Fixes for sandbox when run from staff_t
2009-09-11 21:15:35 +00:00
Daniel J Walsh
ddc8588081
- Update to upstream
...
- Fixes for devicekit_disk
2009-09-10 15:38:44 +00:00
Daniel J Walsh
ab8f807545
- More fixes
2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b
- More fixes
2009-09-08 23:55:31 +00:00
Daniel J Walsh
123ae9957d
- Lots of fixes for initrc and other unconfined domains
2009-09-08 14:30:36 +00:00
Daniel J Walsh
72bc25da0e
- Allow xserver to use netlink_kobject_uevent_socket
2009-09-07 01:29:07 +00:00
Daniel J Walsh
1a2981be4a
- Dontaudit setroubleshootfix looking at /root directory
2009-09-02 13:33:15 +00:00
Daniel J Walsh
65c3f9a0a8
- Update to upsteam
2009-08-31 21:27:50 +00:00
Daniel J Walsh
cb5670ca1b
- Allow gssd to send signals to users
...
- Fix duplicate label for apache content
2009-08-31 13:39:37 +00:00
Daniel J Walsh
faf9cbbc4b
- Update to upstream
2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f
- Remove polkit_auth on upgrades
2009-08-28 18:56:15 +00:00
Daniel J Walsh
42f9effee7
- Add back in unconfined.pp and unconfineduser.pp
...
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
07c04f81b6
- Add back in unconfined.pp and unconfineduser.pp
2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337
- Fixes for cdrecord, mdadm, and others
2009-08-26 12:12:39 +00:00
Daniel J Walsh
080ce6f2c8
- Add capability setting to dhcpc and gpm
2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393
- Allow cronjobs to read exim_spool_t
2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb
- Add ABRT policy
2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce
- Fix system-config-services policy
2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac
- Allow libvirt to change user componant of virt_domain
2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f
- Allow cupsd_config_t to be started by dbus
...
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5
- Add policycoreutils-python to pre install
2009-08-18 12:34:26 +00:00
Daniel J Walsh
b2c5e72a15
- Make all unconfined_domains permissive so we can see what AVC's happen
2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864
- Add pt_chown policy
2009-08-12 20:10:51 +00:00
Daniel J Walsh
867473ac62
- Add kdump policy for Miroslav Grepl
...
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a
- Turn on execstack on a temporary basis ( #512845 )
2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf
- Allow nsplugin to connecto the session bus
...
- Allow samba_net to write to coolkey data
2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f
- Allow devicekit_disk to list inotify
2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52
- Allow svirt images to create sock_file in svirt_var_run_t
2009-08-05 20:37:39 +00:00
Daniel J Walsh
4673269d66
- Allow exim to getattr on mountpoints
...
- Fixes for pulseaudio
2009-08-04 11:32:06 +00:00
Daniel J Walsh
947b439e10
- Allow svirt_t to stream_connect to virtd_t
2009-07-31 19:05:34 +00:00
Daniel J Walsh
af4fa8266c
- Allod hald_dccm_t to create sock_files in /tmp
2009-07-31 11:02:24 +00:00
Daniel J Walsh
abd1536931
- More fixes from upstream
2009-07-30 20:30:26 +00:00
Daniel J Walsh
c6e2224c70
- Fix polkit label
...
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72
- Update to upstream
2009-07-28 19:08:17 +00:00
Daniel J Walsh
9160520a0e
- Allow certmaster to override dac permissions
2009-07-27 22:09:57 +00:00
Daniel J Walsh
df7055d5b3
- Update to upstream
2009-07-23 21:47:41 +00:00
Daniel J Walsh
8da0248476
- Fix context for VirtualBox
2009-07-19 16:04:30 +00:00
Daniel J Walsh
2360ff9f3f
- Update to upstream
2009-07-15 19:12:04 +00:00
Daniel J Walsh
a88b486824
- Fixes for xguest
2009-07-08 15:37:57 +00:00
Daniel J Walsh
819f419b33
- fix multiple directory ownership of mandirs
2009-07-07 21:06:52 +00:00
Tom Callaway
a85aeff615
fix duplicate directory ownership with filesystem, policycoreutils
2009-07-07 15:41:05 +00:00
Daniel J Walsh
d9676a6ada
- Update to upstream
2009-07-06 21:16:26 +00:00
Daniel J Walsh
bcc53daced
- Add rules for rtkit-daemon
2009-06-30 11:46:56 +00:00
Daniel J Walsh
7b16d569d8
- Update to upstream
...
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
221642f17f
- Add rtkit policy
2009-06-25 21:43:36 +00:00
Daniel J Walsh
d399fb4d25
- Allow rpcd_t to stream connect to rpcbind
2009-06-24 20:45:26 +00:00
Daniel J Walsh
9850f4d30d
- Allow kpropd to create tmp files
2009-06-24 13:15:55 +00:00
Daniel J Walsh
93dc66eaeb
- Fix last duplicate /var/log/rpmpkgs
2009-06-23 13:23:52 +00:00
Daniel J Walsh
a9f0953822
- Update to upstream
...
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40
- Update to upstream
...
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529
- Update to upstream
...
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
9386d6f55f
- Fix mcs rules to include chr_file and blk_file
2009-06-18 20:01:47 +00:00
Daniel J Walsh
e3bf6793cb
- Add label for udev-acl
2009-06-18 14:42:34 +00:00
Daniel J Walsh
f8df9e54c4
- Additional rules for consolekit/udev, privoxy and various other fixes
2009-06-15 20:04:07 +00:00
Daniel J Walsh
49883e898d
- New version for upstream
2009-06-15 15:26:20 +00:00
Daniel J Walsh
d3ae977ab7
- New version for upstream
2009-06-12 18:59:09 +00:00
Daniel J Walsh
6b838056a8
- Allow NetworkManager to read inotifyfs
2009-06-11 21:26:42 +00:00
Daniel J Walsh
aa7b9cbc5e
- Allow setroubleshoot to run mlocate
2009-06-10 17:50:55 +00:00
Daniel J Walsh
8197718634
- Update to upstream
2009-06-08 21:47:04 +00:00
Daniel J Walsh
9ee63df41a
- New log file for vmware
...
- Allow xdm to setattr on user_tmp_t
2009-05-26 16:57:59 +00:00
Daniel J Walsh
ef7416c2b8
- Upgrade to upstream
2009-05-22 14:37:43 +00:00
Daniel J Walsh
eead2a6f25
- Allow fprintd to access sys_ptrace
...
- Add sandbox policy
2009-05-20 17:28:24 +00:00
Daniel J Walsh
7b6c105887
- Add varnishd policy
2009-05-18 18:49:15 +00:00
Daniel J Walsh
f72bd44737
- Fixes for kpropd
2009-05-14 18:53:40 +00:00
Daniel J Walsh
fcb4418ad5
- Allow brctl to r/w tun_tap_device_t
2009-05-14 14:37:43 +00:00
Daniel J Walsh
62cfafdcb7
- Add /usr/share/selinux/packages
...
- Turn on nsplugin boolean
2009-05-12 18:10:29 +00:00
Daniel J Walsh
0f6b92d1fa
- Allow rpcd_t to send signals to kernel threads
2009-05-11 13:11:03 +00:00
Daniel J Walsh
992419431e
- Fix upgrade for F10 to F11
2009-05-08 19:43:27 +00:00
Daniel J Walsh
a2098a521f
- Add policy for /var/lib/fprint
2009-05-07 19:09:40 +00:00
Daniel J Walsh
8a0604e919
-Remove duplicate line
2009-05-06 12:51:59 +00:00
Daniel J Walsh
959ab94100
- Allow svirt to manage pci and other sysfs device data
2009-05-05 20:48:39 +00:00
Daniel J Walsh
0e31a0e8ca
- Fix package selection handling
2009-05-04 19:37:29 +00:00
Daniel J Walsh
c32d79e2c3
- Fix /sbin/ip6tables-save context
...
- Allod udev to transition to mount
- Fix loading of mls policy file
2009-05-04 18:20:29 +00:00
Daniel J Walsh
5dd89f3819
- Fix /sbin/ip6tables-save context
2009-05-02 11:52:13 +00:00
Daniel J Walsh
37ebfc9102
- Add shorewall policy
2009-04-30 22:22:00 +00:00
Daniel J Walsh
21b13fca45
- Additional rules for fprintd and sssd
2009-04-30 11:51:07 +00:00
Daniel J Walsh
40d8f60dd7
- Allow nsplugin to unix_read unix_write sem for unconfined_java
2009-04-28 20:09:21 +00:00
Daniel J Walsh
b3ac4a052b
- Fix uml files to be owned by users
2009-04-28 15:49:42 +00:00
Daniel J Walsh
e080bbd4f6
- Fix Upgrade path to install unconfineduser.pp when unocnfined package is
...
3.0.0 or less
2009-04-28 15:13:35 +00:00
Daniel J Walsh
b11dbbb323
- Allow confined users to manace virt_content_t, since this is home dir
...
content
- Allow all domains to read rpm_script_tmp_t which is what shell creates on
redirection
2009-04-27 18:56:58 +00:00
Daniel J Walsh
b0991a2dfd
- Fix labeling on /var/lib/misc/prelink*
...
- Allow xserver to rw_shm_perms with all x_clients
- Allow prelink to execute files in the users home directory
2009-04-27 14:45:15 +00:00
Daniel J Walsh
89c9c9ae6a
- Allow initrc_t to delete dev_null
...
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
2009-04-24 19:28:35 +00:00
Daniel J Walsh
eaaf2ab923
- Allow initrc_t to delete dev_null
...
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
2009-04-24 17:50:36 +00:00
Daniel J Walsh
dac8380cd0
- Allow initrc_t to delete dev_null
...
- Allow readahead to configure auditing
2009-04-24 13:17:08 +00:00
Daniel J Walsh
db0dafaaeb
- Update to latest milter code from Paul Howarth
2009-04-24 11:53:55 +00:00
Daniel J Walsh
cd0a396413
- Update to latest milter code from Paul Howarth
2009-04-24 11:42:43 +00:00
Daniel J Walsh
5ce1c49771
- Additional perms for readahead
2009-04-24 04:09:22 +00:00
Daniel J Walsh
4d5adb716e
- Allow pulseaudio to acquire_svc on session bus
...
- Fix readahead labeling
2009-04-23 14:48:46 +00:00
Daniel J Walsh
3c498a780b
- Allow sshd to read var_lib symlinks for freenx
2009-04-22 19:18:30 +00:00
Daniel J Walsh
a32a1594b6
- Allow nsplugin unix_read and write on users shm and sem
...
- Allow sysadm_t to execute su
2009-04-21 20:31:51 +00:00
Daniel J Walsh
d982e7e091
- Fixes for podsleuth
2009-04-18 12:13:36 +00:00
Daniel J Walsh
dc00fc32b6
*** empty log message ***
2009-04-17 14:19:17 +00:00
Daniel J Walsh
6203f422e2
- Allow cupsd_t to create link files in print_spool_t
2009-04-16 15:14:26 +00:00
Daniel J Walsh
4a0aac139f
- Allow audioentroy to read etc files
2009-04-15 12:03:09 +00:00
Daniel J Walsh
685032cae2
- Add fail2ban_var_lib_t
...
- Fixes for devicekit_power_t
2009-04-14 11:02:35 +00:00
Daniel J Walsh
d4af172a64
- Separate out the ucnonfined user from the unconfined.pp package
2009-04-11 12:30:22 +00:00
Daniel J Walsh
90e4193775
- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.
2009-04-08 13:18:20 +00:00
Daniel J Walsh
25a47636ae
- Upgrade to latest upstream
...
- Allow devicekit_disk sys_rawio
2009-04-08 00:59:46 +00:00
Daniel J Walsh
510c2a3987
- Dontaudit binds to ports < 1024 for named
...
- Upgrade to latest upstream
2009-04-06 17:07:59 +00:00
Daniel J Walsh
04b6828096
- Allow podsleuth to use tmpfs files
2009-04-03 21:27:39 +00:00
Daniel J Walsh
80beeee40e
- Add customizable_types for svirt
2009-04-03 19:25:21 +00:00
Daniel J Walsh
f49c57d5e6
- Allow setroubelshoot exec* privs to prevent crash from bad libraries
...
- add cpufreqselector
2009-04-03 14:45:58 +00:00
Daniel J Walsh
90ea5b3fef
- Dontaudit listing of /root directory for cron system jobs
2009-04-02 15:23:58 +00:00
Daniel J Walsh
3434a9be73
- Fix missing ld.so.cache label
2009-03-30 16:06:48 +00:00
Daniel J Walsh
c0158a8c68
- Add label for ~/.forward and /root/.forward
2009-03-27 19:48:17 +00:00
Daniel J Walsh
6130d52b7c
- Fixes for svirt
2009-03-27 00:01:52 +00:00
Daniel J Walsh
9ca87fc9d8
- Fixes to allow svirt read iso files in homedir
2009-03-24 19:45:02 +00:00
Daniel J Walsh
ec9800856c
- Add xenner and wine fixes from mgrepl
2009-03-24 14:33:05 +00:00
Daniel J Walsh
5dce3c12f7
- Add xenner and wine fixes from mgrepl
2009-03-20 18:42:38 +00:00
Daniel J Walsh
bfc78b6af9
- Allow mdadm to read/write mls override
2009-03-18 19:34:57 +00:00
Daniel J Walsh
095146a89d
- Change to svirt to only access svirt_image_t
2009-03-17 19:52:35 +00:00
Daniel J Walsh
d4b8dcf968
- Fix libvirt policy
2009-03-16 16:02:20 +00:00
Daniel J Walsh
b12011f2ab
- Upgrade to latest upstream
2009-03-12 15:48:51 +00:00
Daniel J Walsh
c240b604f6
- Fixes for iscsid and sssd
...
- More cleanups for upgrade from F10 to Rawhide.
2009-03-11 20:25:16 +00:00
Daniel J Walsh
e72f55aac0
- Add pulseaudio, sssd policy
...
- Allow networkmanager to exec udevadm
2009-03-09 21:58:08 +00:00
Daniel J Walsh
0c34c69a38
- Add pulseaudio context
2009-03-09 16:18:51 +00:00
Daniel J Walsh
a67a1c12aa
- Upgrade to latest patches
2009-03-05 21:05:47 +00:00
Daniel J Walsh
0a03cce02d
- Fixes for libvirt
2009-03-04 19:41:16 +00:00
Daniel J Walsh
8c3a31a48a
- Update to Latest upstream
2009-03-03 20:10:30 +00:00
Daniel J Walsh
496752533e
- Further confinement of qemu images via svirt
2009-02-27 21:22:47 +00:00
Jesse Keating
150ff59c76
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-26 00:27:53 +00:00
Daniel J Walsh
52cbcb4196
- Allow NetworkManager to manage /etc/NetworkManager/system-connections
2009-02-20 01:07:59 +00:00
Daniel J Walsh
de67749970
- add virtual_image_context and virtual_domain_context files
2009-02-18 19:45:29 +00:00
Daniel J Walsh
8f6e4365ca
- Allow rpcd_t to send signal to mount_t
...
- Allow libvirtd to run ranged
2009-02-18 14:27:36 +00:00
Daniel J Walsh
8c2b68a3e1
- Fix sysnet/net_conf_t
2009-02-17 16:21:42 +00:00
Daniel J Walsh
81794767c6
- Fix squidGuard labeling
2009-02-17 14:07:10 +00:00
Daniel J Walsh
2eec438a0b
- Re-add corenet_in_generic_if(unlabeled_t)
2009-02-16 22:54:22 +00:00
Daniel J Walsh
e46e005f04
2009-02-11 20:40:13 +00:00
Daniel J Walsh
d43c255c87
UPdate policycorutils version
2009-02-10 16:10:28 +00:00
Daniel J Walsh
1d1c058a4e
- Add git web policy
2009-02-10 16:08:36 +00:00
Daniel J Walsh
bd0db4f147
- Add setrans contains from upstream
2009-02-09 22:07:20 +00:00
Daniel J Walsh
4ed140a4b7
- Allow xdm to create user_tmp_t sockets for switch user to work
2009-02-09 14:23:24 +00:00
Daniel J Walsh
bc861e624e
- Fix staff_t domain
2009-02-06 17:48:29 +00:00
Daniel J Walsh
73fe81bbab
- Grab remainder of network_peer_controls patch
2009-02-05 13:44:44 +00:00
Daniel J Walsh
659e96fa65
- More fixes for devicekit
2009-02-04 16:24:43 +00:00
Daniel J Walsh
c957c38343
- Upgrade to latest upstream
2009-02-04 04:02:17 +00:00
Daniel J Walsh
574cab47f1
- Add boolean to disallow unconfined_t login
2009-02-03 15:26:10 +00:00
Daniel J Walsh
0554a10b80
- Add back transition from xguest to mozilla
2009-01-30 16:49:11 +00:00
Daniel J Walsh
ab3e55d79a
- Add virt_content_ro_t and labeling for isos directory
2009-01-30 15:06:44 +00:00
Daniel J Walsh
2fbeb784fa
- Fixes for wicd daemon
2009-01-28 22:23:18 +00:00
Daniel J Walsh
f899107d92
- Fixes for wicd daemon
2009-01-28 17:23:17 +00:00
Daniel J Walsh
48adbeae08
- More mls/rpm fixes
2009-01-26 16:21:59 +00:00
Daniel J Walsh
14c9b9cdc6
- Add policy to make dbus/nm-applet work
2009-01-23 20:35:45 +00:00
Daniel J Walsh
40dd24d39b
- Remove polgen-ifgen from post and add trigger to policycoreutils-python
2009-01-22 20:10:48 +00:00
Daniel J Walsh
6f8856e9d4
- Add wm policy
...
- Make mls work in graphics mode
2009-01-21 22:49:23 +00:00
Daniel J Walsh
6cf32a1e8b
- Add wm policy
...
- Make mls work in graphics mode
2009-01-21 21:22:11 +00:00
Daniel J Walsh
1b94a1375f
- Add wm policy
2009-01-21 20:39:17 +00:00
Daniel J Walsh
2a4bdae89c
- Fixed for DeviceKit
2009-01-21 16:17:40 +00:00
Daniel J Walsh
acc137684b
- Add devicekit policy
2009-01-19 22:34:56 +00:00
Daniel J Walsh
1d72fb031f
- Update to upstream
2009-01-19 17:35:43 +00:00
Daniel J Walsh
7b146db852
- Define openoffice as an x_domain
2009-01-19 14:28:24 +00:00
Daniel J Walsh
eacea1d45d
- Define openoffice as an x_domain
2009-01-16 21:32:59 +00:00
Daniel J Walsh
339bf3bba8
- Fixes for reading xserver_tmp_t
2009-01-13 16:22:47 +00:00
Daniel J Walsh
87fb15321a
- Allow cups_pdf_t write to nfs_t
2009-01-12 16:59:00 +00:00
Daniel J Walsh
2ed2ff46f8
- Remove audio_entropy policy
2009-01-06 14:46:21 +00:00
Daniel J Walsh
292c49cacc
- Update to upstream
2009-01-05 22:55:20 +00:00
Daniel J Walsh
5df2628335
- Allow hal_acl_t to getattr/setattr fixed_disk
2009-01-04 19:45:03 +00:00
Daniel J Walsh
32363900ec
- Change userdom_read_all_users_state to include reading symbolic links in
...
/proc
2008-12-27 13:06:14 +00:00
Daniel J Walsh
cf8fd9f0cc
- Fix dbus reading /proc information
2008-12-22 22:51:28 +00:00
Daniel J Walsh
bae2e9888e
- Add missing alias for home directory content
2008-12-22 19:35:46 +00:00
Daniel J Walsh
33c7eab541
- Fixes for IBM java location
2008-12-17 21:15:08 +00:00
Daniel J Walsh
dcd0c96f34
- Allow unconfined_r unconfined_java_t
2008-12-11 15:21:57 +00:00
Daniel J Walsh
fd2b62ea68
- Add cron_role back to user domains
2008-12-09 21:04:28 +00:00
Daniel J Walsh
9a43d2b055
- Fix sudo setting of user keys
2008-12-08 22:00:56 +00:00
Daniel J Walsh
163db10557
- Allow iptables to talk to terminals
...
- Fixes for policy kit
- lots of fixes for booting.
2008-12-08 16:38:09 +00:00
Daniel J Walsh
2ae1615a14
- Allow iptables to talk to terminals
...
- Fixes for policy kit
- lots of fixes for booting.
2008-12-04 21:43:55 +00:00
Daniel J Walsh
c136db3296
- Allow iptables to talk to terminals
2008-12-04 20:36:26 +00:00
Daniel J Walsh
01ce3df8a6
- Allow iptables to talk to terminals
2008-12-04 18:47:26 +00:00
Daniel J Walsh
bcb1922de7
- Cleanup policy
2008-12-03 23:40:18 +00:00
Daniel J Walsh
739db21a4a
- Cleanup policy
2008-12-03 22:18:31 +00:00
Ignacio Vazquez-Abrams
23d6844939
Rebuild for Python 2.6
2008-12-01 15:00:41 +00:00
Daniel J Walsh
02d888c766
- Fix labeling on /var/spool/rsyslog
2008-11-25 19:18:01 +00:00
Daniel J Walsh
0d6e623017
- Allow postgresl to bind to udp nodes
2008-11-06 17:47:54 +00:00
Daniel J Walsh
2a650ea1aa
- Allow lvm to dbus chat with hal
...
- Allow rlogind to read nfs_t
2008-11-05 22:21:30 +00:00
Daniel J Walsh
074b12f275
- Fix cyphesis file context
2008-11-05 20:34:06 +00:00
Daniel J Walsh
6a09cfb688
- Allow hal/pm-utils to look at /var/run/video.rom
...
- Add ulogd policy
2008-11-05 18:26:36 +00:00
Daniel J Walsh
411a424e1c
- Additional fixes for cyphesis
...
- Fix certmaster file context
- Add policy for system-config-samba
2008-11-04 15:40:31 +00:00
Daniel J Walsh
333ebd64df
- Allow dhcpc to restart ypbind
...
- Fixup labeling in /var/run
2008-11-03 21:09:40 +00:00
Daniel J Walsh
1bc89b8d4c
- Fix confined users
...
- Allow xguest to read/write xguest_dbusd_t
2008-10-29 20:45:55 +00:00
Daniel J Walsh
2362056f7a
- Fix confined users
...
- Allow xguest to read/write xguest_dbusd_t
2008-10-29 17:12:16 +00:00
Daniel J Walsh
812930ae8d
- Allow openoffice execstack/execmem privs
2008-10-28 23:22:15 +00:00
Daniel J Walsh
d8e5d05b6e
- Allow openoffice execstack/execmem privs
2008-10-28 20:06:14 +00:00
Daniel J Walsh
a3e038c1a1
- Allow openoffice execstack/execmem privs
2008-10-27 21:07:05 +00:00
Daniel J Walsh
4fa9db787c
- Allow mozilla to run with unconfined_execmem_t
2008-10-25 11:14:56 +00:00
Daniel J Walsh
798a73de69
- Dontaudit domains trying to write to .xsession-errors
2008-10-24 13:41:09 +00:00
Daniel J Walsh
3281238148
- Allow nsplugin to look at autofs_t directory
2008-10-24 12:14:54 +00:00
Daniel J Walsh
de61cc7d10
- Allow kerneloops to create tmp files
2008-10-23 12:59:31 +00:00
Daniel J Walsh
ae68d97fe5
- More alias for fastcgi
2008-10-22 13:34:13 +00:00
Daniel J Walsh
236d3cc19a
- Remove mod_fcgid-selinux package
2008-10-21 18:31:38 +00:00
Daniel J Walsh
b9e15d9766
- Fix dovecot access
2008-10-20 19:53:30 +00:00
Daniel J Walsh
49f48f4a99
- Policy cleanup
2008-10-17 22:03:34 +00:00
Daniel J Walsh
b4cab5a3eb
- Remove Multiple spec
...
- Add include
- Fix makefile to not call per_role_expansion
2008-10-16 19:56:59 +00:00
Daniel J Walsh
6115689216
- Remove Multiple spec
...
- Add include
- Fix makefile to not call per_role_expansion
2008-10-16 17:28:39 +00:00
Daniel J Walsh
4b4392dd08
- Fix labeling of libGL
2008-10-15 21:32:30 +00:00
Daniel J Walsh
4125702a20
- Update to upstream
2008-10-14 23:50:08 +00:00
Daniel J Walsh
b6cc6a84e9
- Update to upstream
2008-10-11 23:57:43 +00:00
Daniel J Walsh
675bbabe24
- Update to upstream policy
2008-10-09 03:10:32 +00:00
Daniel J Walsh
1062bd3849
- Fixes for confined xwindows and xdm_t
2008-10-06 19:10:48 +00:00
Daniel J Walsh
86369ef439
- Allow confined users and xdm to exec wm
...
- Allow nsplugin to talk to fifo files on nfs
2008-10-03 20:11:22 +00:00
Daniel J Walsh
f1a8278899
- Allow NetworkManager to transition to avahi and iptables
...
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:49:44 +00:00
Daniel J Walsh
b42a1eddf9
- Allow domains to search other domains keys, coverup kernel bug
2008-10-03 15:07:40 +00:00
Daniel J Walsh
094ef3d610
- Fix labeling for oracle
2008-10-01 19:15:34 +00:00
Daniel J Walsh
2ede4ec7ba
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
2008-10-01 12:27:11 +00:00
Daniel J Walsh
99873745bf
- Change all user tmpfs_t files to be labeled user_tmpfs_t
...
- Allow radiusd to create sock_files
2008-09-30 14:39:16 +00:00
Daniel J Walsh
b709ffd738
- Upgrade to upstream
2008-09-25 18:54:16 +00:00
Daniel J Walsh
ed32c64290
- Allow confined users to login with dbus
2008-09-23 20:14:47 +00:00
Daniel J Walsh
a80e7ac6a3
- Fix transition to nsplugin
2008-09-23 15:14:53 +00:00
Daniel J Walsh
d86efe56b9
- Fix transition to nsplugin
2008-09-22 20:07:59 +00:00
Daniel J Walsh
f0375d509e
- Add file context for /dev/mspblk.*
2008-09-22 17:55:56 +00:00
Daniel J Walsh
f77dd2c9db
- Fix transition to nsplugin '
...
Thu Sep 18 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes
2008-09-22 12:33:03 +00:00
Daniel J Walsh
11ef2470b7
- Fix labeling on new pm*log
...
- Allow ssh to bind to all nodes
2008-09-18 21:02:12 +00:00
Daniel J Walsh
530772ab58
- Fix labeling on new pm*log
...
- Allow ssh to bind to all nodes
2008-09-18 19:34:12 +00:00
Daniel J Walsh
16c3ff1596
- Merge upstream changes
...
- Add Xavier Toth patches
2008-09-12 14:21:05 +00:00
Daniel J Walsh
aca77a6f2d
- Remove gamin policy
2008-09-08 21:01:42 +00:00
Daniel J Walsh
d0d3073e2f
- Add tinyxs-max file system support
2008-09-04 20:59:27 +00:00
Daniel J Walsh
0a219fe07b
- Update to upstream
...
- New handling of init scripts
2008-09-03 20:16:35 +00:00
Daniel J Walsh
3ad3552b8a
- Allow audit dispatcher to kill his children
2008-08-29 20:54:34 +00:00
Daniel J Walsh
cd8bee594b
- Update to upstream
...
- Fix crontab use by unconfined user
2008-08-29 19:29:23 +00:00
Daniel J Walsh
7638e78556
- Allow ifconfig_t to read dhcpc_state_t
2008-08-26 14:46:43 +00:00
Daniel J Walsh
eb7e6dca5e
- Allow ifconfig_t to read dhcpc_state_t
2008-08-13 19:24:36 +00:00
Daniel J Walsh
57ae10cc0d
- Update to upstream
2008-08-12 15:06:36 +00:00
Daniel J Walsh
1a0f642074
- Update to upstream
2008-08-11 21:19:25 +00:00
Daniel J Walsh
b5d09d1532
- Update to upstream
2008-08-07 20:05:57 +00:00
Daniel J Walsh
0f1bd620e5
- Allow system-config-selinux to work with policykit
2008-08-07 12:22:07 +00:00
Daniel J Walsh
174291bc3e
- Fix novel labeling
2008-08-05 20:49:34 +00:00
Daniel J Walsh
170fa29709
- Fix novel labeling
2008-08-01 16:38:49 +00:00
Daniel J Walsh
07bd5c4abb
- Consolodate pyzor,spamassassin, razor into one security domain
...
- Fix xdm requiring additional perms.
2008-07-30 13:48:03 +00:00
Daniel J Walsh
8f2532e249
- Fixes for logrotate, alsa
2008-07-25 11:53:34 +00:00
Daniel J Walsh
f12d5b90db
- Eliminate vbetool duplicate entry
2008-07-25 04:24:01 +00:00
Daniel J Walsh
0b05335dd6
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
...
- Change dhclient to be able to red networkmanager_var_run
2008-07-24 18:19:05 +00:00
Daniel J Walsh
feefeee019
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
2008-07-17 19:53:32 +00:00
Daniel J Walsh
078ad09a44
- Update to latest refpolicy
...
- Fix libsemanage initial install bug
2008-07-15 20:06:55 +00:00
Daniel J Walsh
6ed8533082
- Update to latest refpolicy
2008-07-15 15:22:39 +00:00
Daniel J Walsh
df6220163f
- Add inotify support to nscd
2008-07-10 15:28:32 +00:00
Daniel J Walsh
6db69f086d
Add nscd inotify fix
2008-07-09 13:05:54 +00:00
Daniel J Walsh
43f9fcec3e
- Allow unconfined_t to setfcap
2008-07-08 20:14:39 +00:00
Daniel J Walsh
273a44c689
- Allow amanda to read tape
...
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems
2008-07-07 17:56:28 +00:00
Daniel J Walsh
258b00e5b7
- Allow ypbind apps to net_bind_service
2008-07-03 20:14:23 +00:00
Daniel J Walsh
75edec44e7
- Allow all system domains and application domains to append to any log
...
file
2008-07-02 20:45:43 +00:00
Daniel J Walsh
cd60b64c83
- Allow gdm to read rpm database
...
- Allow nsplugin to read mplayer config files
2008-06-30 21:12:23 +00:00
Daniel J Walsh
c18681476b
- Allow vpnc to run ifconfig
2008-06-26 12:12:35 +00:00
Daniel J Walsh
f86ed5a437
- Allow confined users to use postgres
...
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server
2008-06-24 11:14:04 +00:00
Daniel J Walsh
547aa2a382
- Apply unconfined_execmem_exec_t to haskell programs
2008-06-23 12:20:04 +00:00
Daniel J Walsh
6959e0bb76
- Fix prelude file context
2008-06-23 00:55:21 +00:00
Daniel J Walsh
fe0d467c2b
- allow hplip to talk dbus
...
- Fix context on ~/.local dir
2008-06-22 12:22:25 +00:00
Daniel J Walsh
f4ff8bb944
- Prevent applications from reading x_device
2008-06-12 19:57:12 +00:00
Daniel J Walsh
5608a9da69
- Add /var/lib/selinux context
2008-06-12 18:44:52 +00:00
Daniel J Walsh
af0f735167
- Update to upstream
2008-06-12 14:50:00 +00:00
Daniel J Walsh
c5c253fae5
- Update to upstream
2008-06-11 19:01:26 +00:00
Daniel J Walsh
f513c7b90b
- Add livecd policy
2008-06-10 19:34:59 +00:00
Daniel J Walsh
15f71c5d61
- Add livecd policy
2008-06-04 17:26:52 +00:00
Daniel J Walsh
91ec07f1df
- Dontaudit search of admin_home for init_system_domain
...
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac
2008-06-04 12:57:43 +00:00
Daniel J Walsh
80e0b808d5
- Begin XAce integration
2008-06-03 20:27:28 +00:00
Daniel J Walsh
081b6ac47e
- Merge Upstream
2008-06-02 18:56:05 +00:00
Daniel J Walsh
2e33f7ba70
- Merge Upstream
2008-06-02 17:10:33 +00:00
Daniel J Walsh
4b7f030014
Update for rawhide
2008-05-19 13:02:56 +00:00
Daniel J Walsh
993c27dacb
- Allow amanada to create data files
2008-05-07 19:10:59 +00:00
Daniel J Walsh
6c25b428ce
- Remove dmesg boolean
...
- Allow user domains to read/write game data
2008-05-06 17:01:42 +00:00
Daniel J Walsh
86881dd93f
- Change unconfined_t to transition to unconfined_mono_t when running mono
...
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so
gnome-do will work
2008-04-29 16:05:11 +00:00
Daniel J Walsh
2d8ff5157a
- Remove old booleans from targeted-booleans.conf file
2008-04-28 21:24:59 +00:00
Daniel J Walsh
b4e933120a
- Don't run crontab from unconfined_t
2008-04-24 21:08:32 +00:00
Daniel J Walsh
ef5e600999
- Don't run crontab from unconfined_t
2008-04-24 19:41:22 +00:00
Daniel J Walsh
4b1d56da14
- Change etc files to config files to allow users to read them
2008-04-23 14:15:54 +00:00
Daniel J Walsh
a6a82aec79
- dontaudit mrtg reading /proc
...
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace
2008-04-15 20:27:09 +00:00
Daniel J Walsh
5896bad9cf
2008-04-14 20:01:48 +00:00
Daniel J Walsh
bb36d75512
2008-04-11 18:58:08 +00:00
Daniel J Walsh
06686c20a2
- Allow dhcpd to read kernel network state
2008-04-10 19:45:47 +00:00
Daniel J Walsh
41625a26ea
- Label /var/run/gdm correctly
...
- Fix unconfined_u user creation
2008-04-10 14:37:57 +00:00
Daniel J Walsh
254e3c7af3
- Allow transition from initrc_t to getty_t
2008-04-08 20:14:36 +00:00
Daniel J Walsh
5a576e06f0
- Allow passwd to communicate with user sockets to change gnome-keyring
2008-04-08 19:17:28 +00:00
Daniel J Walsh
7f851af8d9
- Fix initial install
2008-04-08 03:17:46 +00:00
Daniel J Walsh
c3c4a525c2
-
2008-04-06 12:06:47 +00:00
Daniel J Walsh
27943de6a0
- Allow radvd to use fifo_file
...
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home dirs if
the boolean is set
2008-04-05 10:39:06 +00:00
Daniel J Walsh
c66f2bc425
- Allow nsplugin to read /etc/mozpluggerrc, user_fonts
...
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t
2008-04-01 09:21:21 +00:00
Daniel J Walsh
294ea7a213
- Allow initrc_t to dbus chat with consolekit.
2008-03-29 18:36:09 +00:00
Daniel J Walsh
e54cb216a8
- Additional access for nsplugin
...
- Allow xdm setcap/getcap until pulseaudio is fixed
2008-03-28 22:07:45 +00:00
Daniel J Walsh
f70afcdd9e
- Allow mount to mkdir on tmpfs
...
- Allow ifconfig to search debugfs
2008-03-26 06:17:27 +00:00
Daniel J Walsh
bf3d39e959
- Fix file context for MATLAB
...
- Fixes for xace
2008-03-21 23:24:11 +00:00