]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dan Walsh [Tue, 15 Nov 2011 14:17:37 +0000 (09:17 -0500)]
Add policy label for passwd.OLD
Dan Walsh [Fri, 11 Nov 2011 22:25:28 +0000 (17:25 -0500)]
Allow apmd to run pm-suspend and create the devicekit log files with the correct label
Dan Walsh [Fri, 11 Nov 2011 22:14:57 +0000 (17:14 -0500)]
Allow networkmanager to chat with virtd_t
Dan Walsh [Fri, 11 Nov 2011 22:09:54 +0000 (17:09 -0500)]
Allow init to run postfix aliases.db file and read /etc/aliases file
Dan Walsh [Fri, 11 Nov 2011 21:58:56 +0000 (16:58 -0500)]
Allow pulseaudio to read .esd_auth file
Dan Walsh [Fri, 11 Nov 2011 21:45:33 +0000 (16:45 -0500)]
Fix ldconfig to create file with the correct label
Dan Walsh [Fri, 11 Nov 2011 21:39:11 +0000 (16:39 -0500)]
Change all calls that use the use_nfs_home_dirs to use attributes for either userdom_home_reader_type or userdom_home_manager_type, then we don't have to cut and paste the same code all over the place
Dan Walsh [Fri, 11 Nov 2011 20:09:43 +0000 (15:09 -0500)]
fix copy paste errors
Dan Walsh [Fri, 11 Nov 2011 20:01:08 +0000 (15:01 -0500)]
Allow mock to create dirs as well as files
Dan Walsh [Fri, 11 Nov 2011 19:57:48 +0000 (14:57 -0500)]
Multiple fixes for blueman
Dan Walsh [Fri, 11 Nov 2011 19:57:22 +0000 (14:57 -0500)]
Allow pulseaudio_t to manage lnk_files in homedir
Dan Walsh [Fri, 11 Nov 2011 19:14:31 +0000 (14:14 -0500)]
Remove all patches to execmem, java, openoffice and mono
Dan Walsh [Fri, 11 Nov 2011 18:56:30 +0000 (13:56 -0500)]
We have to get rid of java_exec_t, mono_exec_t, execmem_exec_t to stop templates from working
Dan Walsh [Fri, 11 Nov 2011 17:10:06 +0000 (12:10 -0500)]
Allow fail2ban to manage /etc/deny.hosts
Dan Walsh [Fri, 11 Nov 2011 15:53:06 +0000 (10:53 -0500)]
Dontaudit access_check for all files from xdm_t, it runs gnome-shell
Dan Walsh [Fri, 11 Nov 2011 15:40:15 +0000 (10:40 -0500)]
Add new device label for /dev/ati/card.*
Dan Walsh [Fri, 11 Nov 2011 15:36:38 +0000 (10:36 -0500)]
Added getattr to dontaudit
Dan Walsh [Fri, 11 Nov 2011 15:29:13 +0000 (10:29 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 11 Nov 2011 15:29:03 +0000 (10:29 -0500)]
Allow keyring to read /sys/devices/system/cpu/online
Miroslav Grepl [Fri, 11 Nov 2011 15:12:08 +0000 (15:12 +0000)]
Puppet fixes
Miroslav Grepl [Fri, 11 Nov 2011 15:07:22 +0000 (15:07 +0000)]
REmove userdom_manage_home_role() pulseaudio_role()
Miroslav Grepl [Fri, 11 Nov 2011 15:01:24 +0000 (15:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 11 Nov 2011 14:08:44 +0000 (09:08 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 11 Nov 2011 13:54:55 +0000 (13:54 +0000)]
Puppet fixes
Miroslav Grepl [Fri, 11 Nov 2011 08:29:19 +0000 (08:29 +0000)]
Allow smbcontrol to signal themselves
Dan Walsh [Thu, 10 Nov 2011 23:56:54 +0000 (18:56 -0500)]
Move permissive blueman to permissivedomains.te
Dan Walsh [Thu, 10 Nov 2011 23:29:47 +0000 (18:29 -0500)]
Add blueman policy
Dan Walsh [Thu, 10 Nov 2011 23:29:25 +0000 (18:29 -0500)]
virt wants to dbus chat with init
Dan Walsh [Thu, 10 Nov 2011 23:28:58 +0000 (18:28 -0500)]
tmpreaper wants to read meminfo
Dan Walsh [Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)]
Allow smbcontrol_t to signal itself
dwalsh [Thu, 10 Nov 2011 19:49:14 +0000 (14:49 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
dwalsh [Thu, 10 Nov 2011 19:48:56 +0000 (14:48 -0500)]
add label for /var/spool/turboprint
Dan Walsh [Thu, 10 Nov 2011 16:49:00 +0000 (11:49 -0500)]
Allow piranha_web_t to read /dev/random
dwalsh [Thu, 10 Nov 2011 14:33:07 +0000 (09:33 -0500)]
Remove all f16 permissive domains from F17
dwalsh [Thu, 10 Nov 2011 14:27:27 +0000 (09:27 -0500)]
Remove execmem_exec_t, java_exec_t, mono_exec_t and allow confined users to use execmem, add deny_execmem boolean to turn off execmem for all users. Probably will only work in server non graphical environments since so much of the desktop now requies JIT and execmem
dwalsh [Thu, 10 Nov 2011 14:19:43 +0000 (09:19 -0500)]
I am moving to remove consoletype policy package altogether from the system. I want to see if anything breaks without this package. It has tended to be an SELinux AVC generator with little to no benefit
dwalsh [Thu, 10 Nov 2011 14:14:04 +0000 (09:14 -0500)]
Remove need for qemu.te file altogether by moving qemu_exec_t to virt.te
dwalsh [Thu, 10 Nov 2011 13:50:05 +0000 (08:50 -0500)]
Add a boolean to turn off all instances of ptrace in the policy
dwalsh [Thu, 10 Nov 2011 13:46:46 +0000 (08:46 -0500)]
More apache script domain to use attributes, to shrink the size of policy
dwalsh [Thu, 10 Nov 2011 13:39:06 +0000 (08:39 -0500)]
Add label to /etc/passwd and /etc/group files, to start to block containers from being able to read their contents.
dwalsh [Thu, 10 Nov 2011 13:24:04 +0000 (08:24 -0500)]
Icecast seems to need to read /dev/rand and /dev/urand
Miroslav Grepl [Thu, 10 Nov 2011 07:07:46 +0000 (07:07 +0000)]
Revert "Fix pulseaudio_role() and move usermanage_home_role() template to appropriate places"
This reverts commit
732e5bc35d39e7911eb7787f69ae326cc0472594 .
Miroslav Grepl [Thu, 10 Nov 2011 07:06:30 +0000 (07:06 +0000)]
Add TODO comment for puppet
Miroslav Grepl [Thu, 10 Nov 2011 07:01:58 +0000 (07:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 9 Nov 2011 22:58:50 +0000 (17:58 -0500)]
Add allow rules for puppet based on Orions AVCs in Rawhide
Dan Walsh [Wed, 9 Nov 2011 20:52:44 +0000 (15:52 -0500)]
logrotate needs to be able to send signals at all levels
Dan Walsh [Wed, 9 Nov 2011 18:33:09 +0000 (13:33 -0500)]
Allow crond to send dbus messages to init
Dan Walsh [Wed, 9 Nov 2011 17:58:27 +0000 (12:58 -0500)]
init needs to be able to create private tmp dirs for services
Dan Walsh [Wed, 9 Nov 2011 17:57:51 +0000 (12:57 -0500)]
Consolekit needs to read the environ field of logged in users
Miroslav Grepl [Wed, 9 Nov 2011 14:19:25 +0000 (14:19 +0000)]
Fix pulseaudio_role() and move usermanage_home_role() template to appropriate places
Dan Walsh [Wed, 9 Nov 2011 13:16:01 +0000 (08:16 -0500)]
Allow dhcpc_t to read chronyd keys files
Dan Walsh [Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)]
vhostmd needs to send itself signals and wants to read /dev/random
Miroslav Grepl [Wed, 9 Nov 2011 09:26:33 +0000 (09:26 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 9 Nov 2011 09:22:59 +0000 (09:22 +0000)]
Add vhostmd fixes
Dan Walsh [Tue, 8 Nov 2011 20:23:51 +0000 (15:23 -0500)]
Add 9990 as a new port for jboss_management
Dan Walsh [Tue, 8 Nov 2011 17:08:40 +0000 (12:08 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 8 Nov 2011 17:08:28 +0000 (12:08 -0500)]
Allow login programs to connect to the pki_ca_port
Dan Walsh [Tue, 8 Nov 2011 17:08:01 +0000 (12:08 -0500)]
Allow service_munin_plugin_t to create its own shm
Miroslav Grepl [Tue, 8 Nov 2011 16:54:26 +0000 (16:54 +0000)]
Allow user_mail_t to read mail home file
Miroslav Grepl [Tue, 8 Nov 2011 15:05:34 +0000 (15:05 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
dwalsh [Tue, 8 Nov 2011 14:44:24 +0000 (09:44 -0500)]
Add filetrans rules for homecontent in userdom, allow chrome_sandbox to create home_cert_t
Miroslav Grepl [Mon, 7 Nov 2011 19:46:32 +0000 (19:46 +0000)]
Fix typo in fstools policy
Miroslav Grepl [Mon, 7 Nov 2011 17:25:35 +0000 (17:25 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 7 Nov 2011 17:24:25 +0000 (17:24 +0000)]
Make faillog MLS trusted to make sudo_$1_t working
Miroslav Grepl [Mon, 7 Nov 2011 17:23:18 +0000 (17:23 +0000)]
Fix the latest MCS patch to restrict fifo_file only on open to make sandbox working
Dan Walsh [Mon, 7 Nov 2011 23:47:14 +0000 (18:47 -0500)]
Allow sandbox_web_client_t to read passwd_file_t
Dan Walsh [Mon, 7 Nov 2011 16:58:50 +0000 (11:58 -0500)]
Add .mailrc file context
Dan Walsh [Fri, 4 Nov 2011 20:39:32 +0000 (16:39 -0400)]
Remove execheap from openoffice domain
Dan Walsh [Fri, 4 Nov 2011 18:52:27 +0000 (14:52 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 4 Nov 2011 18:52:12 +0000 (14:52 -0400)]
Allow chrome_sandbox_nacl_t to read cpu_info
Miroslav Grepl [Fri, 4 Nov 2011 18:14:18 +0000 (18:14 +0000)]
Allow virtd to relabel generic usb which is need if USB device
Miroslav Grepl [Fri, 4 Nov 2011 17:38:17 +0000 (17:38 +0000)]
Allow fsadm to read all to read files and directories regardless of their MCS category set.
Miroslav Grepl [Fri, 4 Nov 2011 16:31:11 +0000 (16:31 +0000)]
Fixes for virt.if interfaces to consiger chr_file as image file type
Miroslav Grepl [Fri, 4 Nov 2011 15:02:17 +0000 (15:02 +0000)]
Also add MCS fixes for initrc
Miroslav Grepl [Fri, 4 Nov 2011 15:01:34 +0000 (15:01 +0000)]
init_t needs mcs fixes
Miroslav Grepl [Fri, 4 Nov 2011 14:33:12 +0000 (14:33 +0000)]
virtd_t needs to able to relabel chr_file
Miroslav Grepl [Fri, 4 Nov 2011 14:31:49 +0000 (14:31 +0000)]
Allow virtd_t to execute qemu-kvm
Dan Walsh [Fri, 4 Nov 2011 14:16:59 +0000 (10:16 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 4 Nov 2011 14:16:32 +0000 (10:16 -0400)]
init execs /lib/systemd/ksmctl which writes to the run fields in sysfs
Miroslav Grepl [Fri, 4 Nov 2011 13:44:14 +0000 (13:44 +0000)]
Changes for policy/mcs
Miroslav Grepl [Fri, 4 Nov 2011 12:24:21 +0000 (12:24 +0000)]
Fix thumb_role() interface
Miroslav Grepl [Fri, 4 Nov 2011 12:19:39 +0000 (12:19 +0000)]
Fix typo
Miroslav Grepl [Fri, 4 Nov 2011 11:42:46 +0000 (11:42 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 4 Nov 2011 11:42:18 +0000 (11:42 +0000)]
Allow systemd-tmpfile to delete /run/user/$USER/dconf
Miroslav Grepl [Fri, 4 Nov 2011 11:27:53 +0000 (11:27 +0000)]
Add dirsrvadmin_lock_t type
Dan Walsh [Thu, 3 Nov 2011 18:29:32 +0000 (14:29 -0400)]
Allow systemd_tmpfiles_t to delete all user content, if the user moves a file to /tmp, systemd_tmpfiles_t needs to be able to delete it. Also will fix the abiltiy to delete /run/user/ content
Dan Walsh [Thu, 3 Nov 2011 18:23:42 +0000 (14:23 -0400)]
Allow plymouthd_t to talk to sssd
Miroslav Grepl [Thu, 3 Nov 2011 15:31:09 +0000 (15:31 +0000)]
Fix context declaration in cloudform.fc
Dan Walsh [Thu, 3 Nov 2011 15:24:47 +0000 (11:24 -0400)]
megadev should be a fixed_disk, not a removable disk.
Dan Walsh [Thu, 3 Nov 2011 15:16:06 +0000 (11:16 -0400)]
use the correct interface
Dan Walsh [Thu, 3 Nov 2011 15:10:30 +0000 (11:10 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 3 Nov 2011 15:09:51 +0000 (11:09 -0400)]
We have seen mount execute the consolehelper executable
dwalsh [Thu, 3 Nov 2011 14:16:58 +0000 (10:16 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 3 Nov 2011 14:15:34 +0000 (10:15 -0400)]
Package-cleanup does uses the rpm libraries
Dan Walsh [Thu, 3 Nov 2011 13:25:53 +0000 (09:25 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 3 Nov 2011 13:24:04 +0000 (09:24 -0400)]
Allow quota to add quotadb files to mail_spool and mta_mquue
Miroslav Grepl [Thu, 3 Nov 2011 12:19:32 +0000 (12:19 +0000)]
Allow initrc_t to manage dirsrv pid files
dwalsh [Wed, 2 Nov 2011 16:40:39 +0000 (12:40 -0400)]
Updated cloudforms policy for latest AVC's
dwalsh [Wed, 2 Nov 2011 16:10:22 +0000 (12:10 -0400)]
MLS Overrides needed for a user running at a level to be able to use sudo and talk to sssd
dwalsh [Wed, 2 Nov 2011 16:09:30 +0000 (12:09 -0400)]
More AVCS from Tom London for thumb
projects / people / stevee / selinux-policy.git / log
