Commit Graph

1515 Commits

Author SHA1 Message Date
Dominick Grift
fae9473242 Support network connect mysql DB. 2010-09-24 12:33:28 +02:00
Dominick Grift
5492a180fd There is already an optional policy block for daemontools. Join the two. 2010-09-24 12:33:28 +02:00
Dominick Grift
9444a138f5 Consistent ordering of declarations. 2010-09-24 12:33:28 +02:00
Dominick Grift
3c4ffa3294 Use domtrans_pattern where possible. 2010-09-24 12:33:27 +02:00
Dominick Grift
1e2abee10b Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:33:26 +02:00
Dominick Grift
39178aaf8a This is no declaration. Moving to local policy. 2010-09-24 12:27:59 +02:00
Dominick Grift
09873e59ca These were duplicate TE rules. 2010-09-24 12:27:59 +02:00
Dominick Grift
1507cc2a79 Internal interaction goes before external interface calls. 2010-09-24 12:27:59 +02:00
Dominick Grift
86225e1f16 These interface calls are more suitable here. Might want to implement boolean spamd_network_connect_db. 2010-09-24 12:27:59 +02:00
Dominick Grift
54590acde7 Replace type and attributes statements by comma delimiters where possible. 2010-09-24 12:27:59 +02:00
Dominick Grift
730ec51878 This is git system content. 2010-09-23 17:28:34 +02:00
Dominick Grift
78ea2abe0f Search parent directory to be able to interact with targets content. 2010-09-23 16:22:26 +02:00
Dominick Grift
a5ea1490d4 Merge branch 'base' 2010-09-23 15:07:33 +02:00
Dan Walsh
f4dc198843 Make hal a dbus_system_domain
Allow dovecot to append all logs
2010-09-23 08:59:40 -04:00
Dominick Grift
ac5201ecde Use permission sets where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
cefe9f9919 Replace type and attributes statements by comma delimiters where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
18f2a72d7f Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-23 14:59:23 +02:00
Dominick Grift
0f7c400223 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-23 14:59:23 +02:00
Dominick Grift
c2b2d22b35 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-23 14:59:23 +02:00
Dominick Grift
1b39decc10 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.
2010-09-23 14:59:22 +02:00
Dominick Grift
8725d6334d This permission is already allowed by included mmap_file_perms. 2010-09-23 14:55:33 +02:00
Dominick Grift
11ad1dae65 Source is postdrop and not local. Moving to postdrop local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
a7b40a9c25 Internal interaction goes before external interface calls. 2010-09-23 14:55:33 +02:00
Dominick Grift
f6e8660dcb These are not declarations move them to local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
9bd88470ac Redundant: All domains are allowed this access by default. 2010-09-23 14:52:41 +02:00
Dominick Grift
6d185571f2 Location /usr/libsexec/sesh does not exist. sesh is in /usr/libexec/sesh. 2010-09-23 14:49:38 +02:00
Dominick Grift
46d410612e Looks like /usr/bin/git-shell and /usr/libexec/git-core/git-shell are hard-linked. This causes conflicting filespecs (shell_exec_t for /usr/bin/git-shell and bin_t for /usr/libexec/git-core/git-shell)
Specify shell_exec_t for /usr/libexec/git-core/git-shell.
2010-09-23 14:49:38 +02:00
Dominick Grift
a8fbd94d6c Reduntant: Included init_daemon_domain already has this. 2010-09-23 14:48:05 +02:00
Dan Walsh
5d82597463 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-22 16:46:04 -04:00
Dan Walsh
6ed3f15e82 Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc
Allow shutdown to write utmp and search /var/log
Allow mozilla_plugin to send nsplugin signals
Split out samba_run_unconfined_net from unconfined_domain stuff.  TO allow unconfined.pp module to be removed
Allow nrpe to send signal and sigkill to the plugins
Fix up xguest to allow it to read hwdata and gconf_etc_t
Allow initrc_t to manage faillog
2010-09-22 16:42:32 -04:00
Dominick Grift
148e08d34f XML summary fixes.
XML summary fixes.
2010-09-22 15:41:46 +02:00
Dominick Grift
3a3e7db078 Use filetrans_pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
44f8aa190c Use stream connect pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
8bde5ef68b Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-22 15:41:46 +02:00
Dominick Grift
96d3c0d35c Make git daemon executable file an application executable file. 2010-09-22 15:41:46 +02:00
Dominick Grift
08c4bb080f Search parent directory to be able to interact with targets content. 2010-09-22 15:41:45 +02:00
Dominick Grift
38039abcd1 These interface calls are more suitable here. Also should rename boolean to ftpd_network_connect_db and possibly split mysql and postgresql. 2010-09-22 15:41:45 +02:00
Dominick Grift
02687a7034 Move calls to external interfaces below policy that governs internal interaction.
Move calls to external interfaces below policy that governs internal interaction.
2010-09-22 15:41:45 +02:00
Dominick Grift
d542026b86 The capability IPC goes on top of the local policy.
The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.

The capability IPC goes on top of the local policy.
2010-09-22 15:41:45 +02:00
Dominick Grift
b952f9532a This is a duplicate declaration.
This is a duplicate declaration.
2010-09-22 15:41:45 +02:00
Dominick Grift
ef521e9919 Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
2010-09-22 15:41:43 +02:00
Dominick Grift
68ac47d8c5 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:41:42 +02:00
Dominick Grift
0bdd855157 This is not required here. 2010-09-22 15:39:46 +02:00
Dominick Grift
82c971533a Youre not allowed to directly use external types. 2010-09-22 15:39:46 +02:00
Dominick Grift
59c544a437 Redundant: All deamons are already allowed this access by default. 2010-09-22 15:39:46 +02:00
Dominick Grift
edcc8aa20d Redundant: Included init_daemon_domain already has this. 2010-09-22 15:39:44 +02:00
Dominick Grift
1dfc76f76b Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-22 15:39:43 +02:00
Dominick Grift
9a0f7994cb Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:35:31 +02:00
Dominick Grift
9c7f2af2ed Redundant: Is already permitted by included rw_chr_file_perms. 2010-09-22 15:35:29 +02:00
Dominick Grift
72ba80bf88 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-22 15:35:28 +02:00