Commit Graph

1196 Commits

Author SHA1 Message Date
Daniel J Walsh
405a74c394 - Fix all kernel_request_load_module domains 2009-09-21 13:55:41 +00:00
Daniel J Walsh
41f8e385a1 - Remove allow_exec* booleans for confined users. Only available for
unconfined_t
2009-09-20 14:32:30 +00:00
Daniel J Walsh
8323d545c4 - More fixes for sandbox_web_t 2009-09-19 02:03:03 +00:00
Daniel J Walsh
2bf7d82f60 - More fixes for sandbox_web_t 2009-09-19 01:38:29 +00:00
Daniel J Walsh
ab462917cf - Allow sshd to create .ssh directory and content 2009-09-18 22:12:25 +00:00
Daniel J Walsh
da08b5716a - Fix request_module line to module_request 2009-09-18 22:11:35 +00:00
Daniel J Walsh
d53d158d2b - Fix request_module line to module_request 2009-09-18 20:44:00 +00:00
Daniel J Walsh
1fb0a98434 - Fix sandbox policy to allow it to run under firefox.
- Dont audit leaks.
2009-09-18 16:20:05 +00:00
Daniel J Walsh
9de7033708 - Fixes for sandbox 2009-09-17 21:41:30 +00:00
Daniel J Walsh
69290fd9df - Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
23e7082b4b - Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
- Remove policycoreutils-python requirement except for minimum
2009-09-15 21:45:12 +00:00
Daniel J Walsh
6b7b0c1cdc - Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
    the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
e20e351e10 - Add wordpress/wp-content/uploads label
- Fixes for sandbox when run from staff_t
2009-09-11 21:15:35 +00:00
Daniel J Walsh
ddc8588081 - Update to upstream
- Fixes for devicekit_disk
2009-09-10 15:38:44 +00:00
Daniel J Walsh
1b1ad1395f - Update to upstream
- Fixes for devicekit_disk
2009-09-10 15:31:01 +00:00
Daniel J Walsh
ab8f807545 - More fixes 2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b - More fixes 2009-09-08 23:55:31 +00:00
Daniel J Walsh
123ae9957d - Lots of fixes for initrc and other unconfined domains 2009-09-08 14:30:36 +00:00
Daniel J Walsh
72bc25da0e - Allow xserver to use netlink_kobject_uevent_socket 2009-09-07 01:29:07 +00:00
Daniel J Walsh
35651d45d8 - Allow xserver to use netlink_kobject_uevent_socket 2009-09-07 01:18:05 +00:00
Daniel J Walsh
1a2981be4a - Dontaudit setroubleshootfix looking at /root directory 2009-09-02 13:33:15 +00:00
Daniel J Walsh
65c3f9a0a8 - Update to upsteam 2009-08-31 21:27:50 +00:00
Daniel J Walsh
d367ee8125 - Allow gssd to send signals to users
- Fix duplicate label for apache content
2009-08-31 17:06:58 +00:00
Daniel J Walsh
7d592be23e - Allow gssd to send signals to users
- Fix duplicate label for apache content
2009-08-31 16:05:43 +00:00
Daniel J Walsh
cb5670ca1b - Allow gssd to send signals to users
- Fix duplicate label for apache content
2009-08-31 13:39:37 +00:00
Daniel J Walsh
faf9cbbc4b - Update to upstream 2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f - Remove polkit_auth on upgrades 2009-08-28 18:56:15 +00:00
Daniel J Walsh
42f9effee7 - Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
07c04f81b6 - Add back in unconfined.pp and unconfineduser.pp 2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337 - Fixes for cdrecord, mdadm, and others 2009-08-26 12:12:39 +00:00
Daniel J Walsh
7078554d07 - Add capability setting to dhcpc and gpm 2009-08-24 13:09:08 +00:00
Daniel J Walsh
d6f79017f2 - Add capability setting to dhcpc and gpm 2009-08-23 17:39:51 +00:00
Daniel J Walsh
080ce6f2c8 - Add capability setting to dhcpc and gpm 2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393 - Allow cronjobs to read exim_spool_t 2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb - Add ABRT policy 2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce - Fix system-config-services policy 2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac - Allow libvirt to change user componant of virt_domain 2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
7a5e03cc74 - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
2009-08-18 22:29:11 +00:00
Daniel J Walsh
9c270225e5 - Add policycoreutils-python to pre install 2009-08-18 12:34:26 +00:00
Daniel J Walsh
b2c5e72a15 - Make all unconfined_domains permissive so we can see what AVC's happen 2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864 - Add pt_chown policy 2009-08-12 20:10:51 +00:00
Daniel J Walsh
cbedd06c12 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-12 20:09:21 +00:00
Daniel J Walsh
867473ac62 - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf - Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data
2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f - Allow devicekit_disk to list inotify 2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:37:39 +00:00
Daniel J Walsh
b270c763b4 - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 20:18:06 +00:00
Daniel J Walsh
f3b436ca6a - Allow svirt images to create sock_file in svirt_var_run_t 2009-08-05 19:37:52 +00:00