Commit Graph

912 Commits

Author SHA1 Message Date
Dan Walsh
fb52482a1f Allow firewallgui to sys_rawio which seems to be required to setup masqerading
Allow all domains to search through default_t directories, in order to find differnet labels.  For example people serring up /foo/bar to be share via samba.
Add label for /var/log/slim.log
2010-09-25 06:23:04 -04:00
Dan Walsh
f7307c60ba Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-24 11:55:35 -04:00
Dan Walsh
7cfb935473 Allow rpc.quota to do quotamod
Allow mozilla_plugin to execute mozilla_home_t
2010-09-24 11:55:05 -04:00
Miroslav Grepl
df488eda7b Move c2s to run in jabber_router_t domain
Other fixes for jabberd policy
2010-09-24 14:14:38 +02:00
Dominick Grift
ff9b16dc29 Merge branch 'base' 2010-09-24 12:52:43 +02:00
Dominick Grift
7d1f5642b0 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-24 12:44:39 +02:00
Dominick Grift
7832131bae XML summary fixes.
XML summary fixes.
2010-09-24 12:44:37 +02:00
Dominick Grift
a25335e1fa Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-24 12:44:16 +02:00
Dominick Grift
4781493e45 Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
2010-09-24 12:44:16 +02:00
Dominick Grift
e2d9aa29c5 Source is x_domain and not xserver_t. Moving to x_domain local policy. 2010-09-24 12:44:16 +02:00
Dominick Grift
568349bd70 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.

The process and capability IPC goes on top of local policy.

The process and capability IPC goes on top of local policy.
2010-09-24 12:44:16 +02:00
Dominick Grift
daed45f480 Redundant: Included userdom_user_home_content already has this.
Redundant: Included userdom_user_home_content already has this.

Redundant: Included userdom_user_home_content already has this.

Redundant: Included userdom_search_user_home_dirs already has this.

Redundant: Included userdom_user_home_content already has this.
2010-09-24 12:44:16 +02:00
Dominick Grift
6aa632a63e Remove stray semi-colon. 2010-09-24 12:44:15 +02:00
Dominick Grift
aaf8a677ba Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:44:14 +02:00
Dominick Grift
8b858f2652 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-24 12:37:05 +02:00
Dominick Grift
ce6df09d63 Redundant: Included inetd_service_domain has this.
Redundant: Included inetd_tcp_service_domain has this.

Redundant: Included inetd_tcp_service_domain has this. Conditional init_daemon_domain has it also.

Redundant: Included inetd_tcp_service_domain has this.
2010-09-24 12:33:58 +02:00
Dominick Grift
fae9473242 Support network connect mysql DB. 2010-09-24 12:33:28 +02:00
Dominick Grift
5492a180fd There is already an optional policy block for daemontools. Join the two. 2010-09-24 12:33:28 +02:00
Dominick Grift
9444a138f5 Consistent ordering of declarations. 2010-09-24 12:33:28 +02:00
Dominick Grift
3c4ffa3294 Use domtrans_pattern where possible. 2010-09-24 12:33:27 +02:00
Dominick Grift
1e2abee10b Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:33:26 +02:00
Dominick Grift
39178aaf8a This is no declaration. Moving to local policy. 2010-09-24 12:27:59 +02:00
Dominick Grift
09873e59ca These were duplicate TE rules. 2010-09-24 12:27:59 +02:00
Dominick Grift
1507cc2a79 Internal interaction goes before external interface calls. 2010-09-24 12:27:59 +02:00
Dominick Grift
86225e1f16 These interface calls are more suitable here. Might want to implement boolean spamd_network_connect_db. 2010-09-24 12:27:59 +02:00
Dominick Grift
54590acde7 Replace type and attributes statements by comma delimiters where possible. 2010-09-24 12:27:59 +02:00
Dan Walsh
e027e93f2c More typos 2010-09-23 17:39:31 -04:00
Dan Walsh
55bffb7189 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-23 17:20:36 -04:00
Dan Walsh
7c94a3ab0d Allow consolehelper to read fonts and config files in user homedir 2010-09-23 15:14:34 -04:00
Dominick Grift
730ec51878 This is git system content. 2010-09-23 17:28:34 +02:00
Dominick Grift
a5ea1490d4 Merge branch 'base' 2010-09-23 15:07:33 +02:00
Dan Walsh
f4dc198843 Make hal a dbus_system_domain
Allow dovecot to append all logs
2010-09-23 08:59:40 -04:00
Dominick Grift
ac5201ecde Use permission sets where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
cefe9f9919 Replace type and attributes statements by comma delimiters where possible. 2010-09-23 14:59:23 +02:00
Dominick Grift
18f2a72d7f Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-23 14:59:23 +02:00
Dominick Grift
0f7c400223 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-23 14:59:23 +02:00
Dominick Grift
c2b2d22b35 Reduntant: Included init_daemon_domain already has this.
Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.

Reduntant: Included init_daemon_domain already has this.
2010-09-23 14:59:23 +02:00
Dominick Grift
1b39decc10 The process and capability IPC goes on top of local policy.
The process and capability IPC goes on top of local policy.
2010-09-23 14:59:22 +02:00
Dominick Grift
8725d6334d This permission is already allowed by included mmap_file_perms. 2010-09-23 14:55:33 +02:00
Dominick Grift
11ad1dae65 Source is postdrop and not local. Moving to postdrop local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
a7b40a9c25 Internal interaction goes before external interface calls. 2010-09-23 14:55:33 +02:00
Dominick Grift
f6e8660dcb These are not declarations move them to local policy section. 2010-09-23 14:55:33 +02:00
Dominick Grift
9bd88470ac Redundant: All domains are allowed this access by default. 2010-09-23 14:52:41 +02:00
Dominick Grift
a8fbd94d6c Reduntant: Included init_daemon_domain already has this. 2010-09-23 14:48:05 +02:00
Dan Walsh
5d82597463 Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy 2010-09-22 16:46:04 -04:00
Dan Walsh
6ed3f15e82 Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc
Allow shutdown to write utmp and search /var/log
Allow mozilla_plugin to send nsplugin signals
Split out samba_run_unconfined_net from unconfined_domain stuff.  TO allow unconfined.pp module to be removed
Allow nrpe to send signal and sigkill to the plugins
Fix up xguest to allow it to read hwdata and gconf_etc_t
Allow initrc_t to manage faillog
2010-09-22 16:42:32 -04:00
Dominick Grift
148e08d34f XML summary fixes.
XML summary fixes.
2010-09-22 15:41:46 +02:00
Dominick Grift
3a3e7db078 Use filetrans_pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
44f8aa190c Use stream connect pattern. 2010-09-22 15:41:46 +02:00
Dominick Grift
8bde5ef68b Redundant brace nothing to expand here.
Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
2010-09-22 15:41:46 +02:00