rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity
4,597 Commits 9 Branches 111 Tags 34 MiB
ff64d9c354
Commit Graph

4597 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
e45f5d36d0 - Add ability to generate webadm_t policy 
- Lots of new interfaces for httpd
- Allow sshd to login as unconfined_t
 2007-01-25 19:07:00 +00:00
Chris PeBenito
ff943a1b9b Clean up file context regexes in apache and java, from Eamon Walsh: 
Some file_contexts regular expressions in refpolicy-strict are causing 
genhomedircon to die; refpolicy is failing to build for me entirely.

The regular expressions seem redundant to me, perhaps I am missing 
something, but the following patch fixes the problems for me.  Please 
review and apply
 2007-01-24 17:10:31 +00:00
Daniel J Walsh
cc7c06a0d1 - Continue fixing, additional user domains 2007-01-23 01:08:45 +00:00
Daniel J Walsh
352de5d2ec - Begin adding user confinement to targeted policy 2007-01-22 18:15:16 +00:00
Daniel J Walsh
f86e42306e - Begin adding user confinement to targeted policy 2007-01-22 16:52:18 +00:00
Daniel J Walsh
45478192f4 - Fixes for prelink, ktalkd, netlabel 2007-01-17 19:58:32 +00:00
Daniel J Walsh
ee095f5817 - Fixes for prelink, ktalkd, netlabel 2007-01-11 22:43:22 +00:00
Daniel J Walsh
b6ed674a00 - Fixes for prelink, ktalkd, netlabel 2007-01-10 22:05:57 +00:00
Daniel J Walsh
ae5ace1a7e - Fixes for prelink, ktalkd, netlabel 2007-01-10 22:01:29 +00:00
Daniel J Walsh
9e0fa4fef3 - Allow prelink when run from rpm to create tmp files Resolves: #221865 
- Remove file_context for exportfs Resolves: #221181
- Allow spamassassin to create ~/.spamassissin Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves: #200110
- Fixes to run prelink in MLS machine Resolves: #221233
- Allow spamassassin to read var_lib_t dir Resolves: #219234
 2007-01-09 15:26:56 +00:00
Daniel J Walsh
a384d73899 - Allow prelink when run from rpm to create tmp files Resolves: #221865 
- Remove file_context for exportfs Resolves: #221181
- Allow spamassassin to create ~/.spamassissin Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty Resolves: #200110
 2007-01-09 15:24:41 +00:00
Daniel J Walsh
8a03d5e828 - Allow spamassassin to read var_lib_t dir Resolves: #219234 2007-01-02 16:40:08 +00:00
Daniel J Walsh
9bcfd16a2d - fix mplayer to work under strict policy 
- Allow iptables to use nscd Resolves: #220794
 2006-12-29 20:01:11 +00:00
Daniel J Walsh
8bacd8ed15 - Add gconf policy and make it work with strict 2006-12-28 17:39:12 +00:00
Daniel J Walsh
5db544f392 - Many fixes for strict policy and by extension mls. 2006-12-24 15:26:26 +00:00
Daniel J Walsh
135ea97ff1 - Many fixes for strict policy and by extension mls. 2006-12-24 07:31:09 +00:00
Daniel J Walsh
9051d60c06 - Fix to allow ftp to bind to ports > 1024 Resolves: #219349 2006-12-22 17:39:01 +00:00
Daniel J Walsh
5ded3c385e 2006-12-22 16:58:33 +00:00
Daniel J Walsh
4fd323b783 2006-12-22 16:56:53 +00:00
Daniel J Walsh
f9e32a004d - Allow semanage to exec it self. Label genhomedircon as semanage_exec_t 
Resolves: #219421
- Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080
 2006-12-20 20:40:30 +00:00
Daniel J Walsh
be9aefca3d - allow automount to setgid Resolves: #219999 2006-12-18 21:50:13 +00:00
Daniel J Walsh
5e01b4610b - Allow cron to polyinstatiate 
- Fix creation of boot flags Resolves: #207433
 2006-12-15 21:42:14 +00:00
Daniel J Walsh
272aa0b2e8 2006-12-14 20:06:00 +00:00
Daniel J Walsh
3a51847bd9 Resolves: #218978 2006-12-13 17:06:33 +00:00
Daniel J Walsh
422dcf1da8 Resolves: #218978 2006-12-13 17:03:55 +00:00
Chris PeBenito
b001503548 update version and changelog for release 2006-12-12 21:59:26 +00:00
Daniel J Walsh
e3b143b243 - Allow initrc to create files in /var directories Resolves: #219227 2006-12-12 21:46:24 +00:00
Chris PeBenito
42c5c5f612 bump versions for release. 2006-12-12 21:22:47 +00:00
Chris PeBenito
c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
Daniel J Walsh
6157a7e6e4 - More fixes for MLS 2006-12-11 12:35:45 +00:00
Daniel J Walsh
dd5d7e7583 - More Fixes polyinstatiation Resolves: #216184 2006-12-06 23:27:45 +00:00
Daniel J Walsh
a169fb7433 - Fix handling of keyrings 2006-12-06 19:38:32 +00:00
Daniel J Walsh
852ba6bb2f - Fix polyinstatiation 
- Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350
 2006-12-05 23:05:39 +00:00
Chris PeBenito
d6d16b9796 patch from dan Wed, 29 Nov 2006 17:06:40 -0500 2006-12-04 20:10:56 +00:00
Daniel J Walsh
414ddd0de3 - More fixes for quota Resolves: #212957 2006-12-01 21:52:08 +00:00
Daniel J Walsh
9f388c1a78 - ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014 2006-12-01 17:58:00 +00:00
Daniel J Walsh
b6ffd7c2ae - Allow login programs to polyinstatiate homedirs Resolves: #216184 
- Allow quotacheck to create database files Resolves: #212957
 2006-11-30 22:06:22 +00:00
Daniel J Walsh
aba668f5f8 - Allow login programs to polyinstatiate homedirs Resolves: #216184 2006-11-30 20:55:33 +00:00
Daniel J Walsh
036c1c2fb6 - Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 
Resolves: #217611 Resolves: #217640 Resolves: #217725
 2006-11-30 20:23:49 +00:00
Daniel J Walsh
cc1462b7d0 - Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 
Resolves: #217611 Resolves: #217640 Resolves: #217725
 2006-11-29 20:11:02 +00:00
Chris PeBenito
563e58e863 patch from dan for some missing gen_require()s 2006-11-29 13:44:40 +00:00
Chris PeBenito
bff907113d fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out. 2006-11-28 15:57:22 +00:00
Chris PeBenito
c31f6724c0 fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out. 2006-11-28 15:47:47 +00:00
Daniel J Walsh
e4d46c95f3 - Fix context for helix players file_context #216942 2006-11-27 22:17:34 +00:00
Daniel J Walsh
02560dace3 - Fix load_policy to be able to mls_write_down so it can talk to the 
terminal
 2006-11-20 23:24:21 +00:00
Daniel J Walsh
4218645103 - Fixes for hwclock, clamav, ftp 2006-11-20 23:01:06 +00:00
Daniel J Walsh
9e4aeac9dd - Move to upstream version which accepted my patches 2006-11-17 19:21:40 +00:00
Chris PeBenito
fa45da0efd add aide, ccs, and ricci 2006-11-16 20:56:24 +00:00
Daniel J Walsh
b28d0a788f - Fixes for nvidia driver 2006-11-16 19:25:03 +00:00
Chris PeBenito
d31d3c159e This modifies the mls constraint for polmatch in the association class. 
Specifically:

- polmatch need no longer make an exception for unlabeled_t
  since a flow will now always match SPD rules with no contexts (per
  the IPSec leak fix patch upstreamed a few weeks back), as
  opposed to needing polmatch access to unlabeled_t.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
 2006-11-16 13:38:14 +00:00