rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
SELinux policy configuration
5,439 Commits 9 Branches 107 Tags 34 MiB
Shell 100%
0e84535c7a
Go to file
Miroslav Grepl 0e84535c7a - Allow antivirus_t to bind to all unreserved ports. Clamd binds to random unassigned port (by default in range 1024-2048) 
- Allow abrt-hook-ccpp to change SELinux user identity for created objects.
- Allow abrt-hook-ccpp to get attributes of all processes because of core_pattern.
- Allow setuid/setgid capabilities for abrt-hook-ccpp.
- Add default labeling for /etc/Pegasus/cimserver_current.conf. It is a correct patch instead of the current /etc/Pegasus/pegasus_current.conf.
- Allow fenced node dbus msg when using foghorn witch configured foghorn, snmpd, and snmptrapd.
- cockpit has grown content in /var/run directory
- Add support for /dev/mptctl device used to check RAID status.
- Allow systemd-hostnamed to communicate with dhcp via dbus.
- systemd-logind remove all IPC objects owned by a user on a logout. This covers also SysV memory. This change allows to destroy unpriviledged user SysV shared memory segments.
- Add userdom_destroy_unpriv_user_shared_mem() interface.
- Label /var/run/systemd/shutdown directory as systemd_logind_var_run_t to allow systemd-logind to access it if shutdown is invoked.
- Access needed by systemd-machine to manage docker containers
- Allow systemd-logind to read /run/utmp when shutdown is invoked.
2015-11-20 10:09:52 +01:00
.gitignore - Update to upstream 2011-01-17 18:42:12 +00:00
booleans-minimum.conf - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans.subs_dist * Tue Apr 8 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-45 2014-04-08 11:35:12 +02:00
config.tgz Update config.tgz to reflect changes in default context for SELinux users related to pam_selinux.so which is now used in systemd-users. 2015-09-17 08:34:47 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
customizable_types svirt_sandbox_file_t should be in customizable_types 2014-04-11 15:09:33 -04:00
docker-selinux.tgz - Allow antivirus_t to bind to all unreserved ports. Clamd binds to random unassigned port (by default in range 1024-2048) 2015-11-20 10:09:52 +01:00
file_contexts.subs_dist Label genrator.late correctly 2014-09-21 07:36:03 -04:00
make-rhat-patches.sh Update make-rhat-patches.sh to avoid git-checkout for patches creation. 2015-10-23 11:06:11 +02:00
Makefile - Add sepgsql_contexts file 2011-01-18 10:28:56 +00:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
manpages_html.tgz Fix for Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed. 2015-08-04 00:25:37 +02:00
manpages_man.tgz Fix for Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed. 2015-08-04 00:25:37 +02:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-targeted-base.conf Activate kdbus.pp 2015-08-03 17:47:45 +02:00
modules-targeted-contrib.conf Add support for openfortivpn 2015-11-10 08:18:14 +01:00
modules-targeted.conf We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
permissivedomains.cil Add support for openfortivpn 2015-11-10 08:18:14 +01:00
policy-rawhide-base-cockpit.patch - Allow systemd-networkd to be running as dhcp client. 2014-10-17 10:12:44 +02:00
policy-rawhide-base.patch - Allow antivirus_t to bind to all unreserved ports. Clamd binds to random unassigned port (by default in range 1024-2048) 2015-11-20 10:09:52 +01:00
policy-rawhide-contrib.patch - Allow antivirus_t to bind to all unreserved ports. Clamd binds to random unassigned port (by default in range 1024-2048) 2015-11-20 10:09:52 +01:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec - Allow antivirus_t to bind to all unreserved ports. Clamd binds to random unassigned port (by default in range 1024-2048) 2015-11-20 10:09:52 +01:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
seusers - Fix cron jobs to run under the correct context 2006-09-21 23:05:49 +00:00
sources Fix config.tgz to include lxc_contexts and systemd_contexts 2013-11-14 11:05:22 -05:00
users-minimum - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00
users-mls - Move users file to selection by spec file. 2010-01-11 22:06:55 +00:00
users-targeted - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00