rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3,149 Commits 9 Branches 105 Tags 34 MiB
fb52482a1f
Commit Graph

40 Commits

Author SHA1 Message Date
Dan Walsh
6ed3f15e82 Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc 
Allow shutdown to write utmp and search /var/log
Allow mozilla_plugin to send nsplugin signals
Split out samba_run_unconfined_net from unconfined_domain stuff.  TO allow unconfined.pp module to be removed
Allow nrpe to send signal and sigkill to the plugins
Fix up xguest to allow it to read hwdata and gconf_etc_t
Allow initrc_t to manage faillog
 2010-09-22 16:42:32 -04:00
Dan Walsh
0a394bf04f Add vnstat policy 
allow logrotate to mail syslog files
Allow chrom-sandbox to search nfs_t
Allow libvirt to send audit messages
Dontaudit leaked console to xauth
 2010-09-16 17:46:06 -04:00
Dan Walsh
14ffaf836d Merge upstream 2010-09-16 07:05:26 -04:00
Dan Walsh
9461b60657 Add the ability to send audit messages to confined admin policies 
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS
 2010-09-15 11:31:20 -04:00
Chris PeBenito
25d796ed37 Unconditional staff and user oidentd home config access from Dominick Grift. 2010-09-15 08:20:16 -04:00
Dominick Grift
941e3db567 Access for confined users to oidentd user home content is unconditional. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-09-15 08:05:41 -04:00
Dan Walsh
366396d855 Fix cert calls in telepath, boinc, kerberos 
Add sys_admin to xend to allow it to start
Add oident calls to staff_t
 2010-09-10 13:18:49 -04:00
Dan Walsh
dfe675b8f7 Mozilla_plugin needs to getattr on tmpfs and no longer needs to write to tmpfs_t 
cleanup of nsplugin interface definition
Latest pm-utils is causing lots of domains to see a leaked lock file
I want mplayer to run as unconfined_execmem_t
mountpoint is causing dbus and init apps to getattr on all filesystems directories
Miroslav update dkim-milter
NetworkManager dbus chats with init
Allow apps that can read user_fonts_t to read the symbolic link
udev needs to manage etc_t
 2010-09-08 12:06:20 -04:00
Dan Walsh
03527520de firstboot is leaking a netlink_route socket into iptables. We need to dontaudit 
tmpfs_t/devpts_t files can be stored on device_t file system
unconfined_mono_t can pass file descriptors to chrome_sandbox, so need transition from all unoconfined users types
Hald can connect to user processes over streams
xdm_t now changes the brightness level on the system
mdadm needs to manage hugetlbfs filesystems
 2010-09-01 09:47:50 -04:00
Dan Walsh
2d4a79a061 Policy fixes 2010-08-30 08:57:06 -04:00
Dan Walsh
ac498fa5d9 More fixes 2010-08-27 10:56:56 -04:00
Dan Walsh
2968e06818 Update f14 2010-08-26 12:55:57 -04:00
Dan Walsh
a947daf6df Update f14 2010-08-26 10:27:35 -04:00
Dan Walsh
3eaa993945 UPdate for f14 policy 2010-08-26 09:41:21 -04:00
Chris PeBenito
c62f1bef77 Dbadm updates from KaiGai Kohei. 2010-08-19 08:41:39 -04:00
Jeremy Solt
c87e150280 roles patch from Dan Walsh to move unwanted interface calls into a ifndef 2010-08-09 09:20:31 -04:00
Chris PeBenito
08690c84ad Remove ethereal module since the application was renamed to wireshark due to trademark issues. 2010-07-07 09:31:57 -04:00
Chris PeBenito
cad4224e8e Guest patch from Dan Walsh. 
Dominic asked to remove mono and java from guest_t
 2010-07-06 08:35:56 -04:00
Chris PeBenito
48f99a81c0 Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
Chris PeBenito
29af4c13e7 Bump module versions for release. 2010-05-24 15:32:01 -04:00
Chris PeBenito
09b92dcc3c Guest patch from Dan Walsh. 2010-03-05 14:09:49 -05:00
Jeremy Solt
6a9ef9e852 gen_require typo fix in dbadm.if from Dan Walsh 2010-03-04 09:18:03 -05:00
Chris PeBenito
c06a4452e2 Xguest patch from Dan Walsh. 2010-02-17 09:23:17 -05:00
Chris PeBenito
22a2874dbf Add dbadm, from KaiGai Kohei. 2010-02-08 10:34:08 -05:00
Chris PeBenito
9570b28801 module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
Chris PeBenito
4be3e11094 pull in apache_admin() from fedora 2009-07-28 13:24:08 -04:00
Chris PeBenito
84d88df579 trunk: fix typo in guest role decl. 2009-07-08 15:23:29 +00:00
Chris PeBenito
3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito
153fe24bdc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
Chris PeBenito
42d567c3f4 trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
Chris PeBenito
3c9b2e9bc6 trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
Chris PeBenito
79a5a8084d trunk: 2 patches from dan. 2009-03-11 14:19:50 +00:00
Chris PeBenito
64daa85393 trunk: add sysadm_entry_spec_domtrans_to() interface from clip. 2009-01-15 15:07:37 +00:00
Chris PeBenito
296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito
5d4f4b5375 trunk: bump version numbers for release. 2008-10-14 15:46:36 +00:00
Chris PeBenito
b81bfc2651 trunk: Samba/winbind update from Mike Edenfield. 2008-08-05 12:54:11 +00:00
Chris PeBenito
6224fc1485 trunk: 7 patches from Fedora policy, cherry picked by david hrdeman. 2008-07-24 23:56:03 +00:00
Chris PeBenito
0bfccda4e8 trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
Chris PeBenito
b34db7a8ec trunk: another pile of misc fixes. 2008-05-22 15:24:52 +00:00
Chris PeBenito
e9c6cda7da trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00