]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Tue, 11 Oct 2011 00:29:47 +0000 (00:29 +0000)]
Fix use_fusefs_home_dirs boolean in ssh.te
Miroslav Grepl [Tue, 11 Oct 2011 00:26:26 +0000 (00:26 +0000)]
Fix use_nfs_home_dirs boolean in dbus policy
Miroslav Grepl [Tue, 11 Oct 2011 00:21:48 +0000 (00:21 +0000)]
Fixes for bootloader policy
Miroslav Grepl [Tue, 11 Oct 2011 00:09:52 +0000 (00:09 +0000)]
$1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore
Miroslav Grepl [Mon, 10 Oct 2011 23:14:16 +0000 (23:14 +0000)]
Allow nsplugin to read /usr/share/config
Miroslav Grepl [Mon, 10 Oct 2011 23:10:48 +0000 (23:10 +0000)]
Allow sa-update to read spamd tmp file
Miroslav Grepl [Mon, 10 Oct 2011 17:20:10 +0000 (17:20 +0000)]
Allow sa-update to update rules
Miroslav Grepl [Mon, 10 Oct 2011 17:05:44 +0000 (17:05 +0000)]
Add use_fusefs_home_dirs for chroot ssh option
Miroslav Grepl [Mon, 10 Oct 2011 16:58:19 +0000 (16:58 +0000)]
Fixes for grub2
Miroslav Grepl [Mon, 10 Oct 2011 14:35:20 +0000 (14:35 +0000)]
Update systemd_exec_systemctl() interface
Miroslav Grepl [Mon, 10 Oct 2011 14:11:41 +0000 (14:11 +0000)]
Allow gpg to read the mail spool
Miroslav Grepl [Mon, 10 Oct 2011 13:06:15 +0000 (13:06 +0000)]
More fixes for sa-update running out of cron job
Miroslav Grepl [Mon, 10 Oct 2011 12:25:19 +0000 (12:25 +0000)]
Allow ipsec_mgmt_t to read hardware state information
Miroslav Grepl [Mon, 10 Oct 2011 12:21:18 +0000 (12:21 +0000)]
Allow pptp_t to connect to unreserved_port_t
Dan Walsh [Fri, 7 Oct 2011 17:04:31 +0000 (13:04 -0400)]
Dontaudit getattr on initctl in /dev from chfn
Dan Walsh [Fri, 7 Oct 2011 17:02:40 +0000 (13:02 -0400)]
Dontaudit getattr on kernel_core from chfn
Dan Walsh [Fri, 7 Oct 2011 16:58:37 +0000 (12:58 -0400)]
Add systemd_list_unit_dirs to systemd_exec_systemctl call
Dan Walsh [Fri, 7 Oct 2011 15:53:32 +0000 (11:53 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 7 Oct 2011 17:22:29 +0000 (17:22 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 7 Oct 2011 17:21:47 +0000 (17:21 +0000)]
Fixes for collectd policy
Dan Walsh [Fri, 7 Oct 2011 15:52:53 +0000 (11:52 -0400)]
Telepathy_mission is communicating with devicekit_power and networkmanager over dbus
Dan Walsh [Fri, 7 Oct 2011 14:56:41 +0000 (10:56 -0400)]
Eliminate avcs on rebooting machines when systemd tries to write and execute files in /run/initramfs
Dan Walsh [Fri, 7 Oct 2011 14:48:27 +0000 (10:48 -0400)]
CHange sysadm_t to create content as user_tmp_t under /tmp
Dan Walsh [Fri, 7 Oct 2011 14:46:44 +0000 (10:46 -0400)]
CHange sysadm_t to create content as user_tmp_t under /tmp
Dan Walsh [Fri, 7 Oct 2011 14:46:04 +0000 (10:46 -0400)]
CHange sysadm_t to create content as user_tmp_t under /tmp
Dan Walsh [Fri, 7 Oct 2011 14:39:10 +0000 (10:39 -0400)]
Allow nsplugin_t to connect to ephemeral ports
Miroslav Grepl [Fri, 7 Oct 2011 10:35:50 +0000 (10:35 +0000)]
pppd needs to use /dev/ttyUSB
Dan Walsh [Thu, 6 Oct 2011 17:22:11 +0000 (13:22 -0400)]
Allow virtd_lxc_t to exec execmem_exec_t programs
Dan Walsh [Thu, 6 Oct 2011 13:53:48 +0000 (09:53 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 6 Oct 2011 13:53:03 +0000 (09:53 -0400)]
Seems adobe has broken flash plugin again. :^(
Miroslav Grepl [Wed, 5 Oct 2011 23:52:10 +0000 (23:52 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 5 Oct 2011 23:40:03 +0000 (23:40 +0000)]
Allow virsh to read xenstored pid file
Miroslav Grepl [Wed, 5 Oct 2011 22:59:18 +0000 (22:59 +0000)]
Backport corenetwork fixes from upstream
Dan Walsh [Wed, 5 Oct 2011 21:12:17 +0000 (17:12 -0400)]
Move domain to use attributes, will save several hundred allow rules
Dan Walsh [Wed, 5 Oct 2011 21:11:16 +0000 (17:11 -0400)]
Revert "Move domain to use attributes, will save several hundred allow rules"
This reverts commit
f080a4ac74b250342ac0cc99c85a70a0bad927d5 .
Dan Walsh [Wed, 5 Oct 2011 21:10:39 +0000 (17:10 -0400)]
Move domain to use attributes, will save several hundred allow rules
Dominick Grift [Wed, 5 Oct 2011 15:08:10 +0000 (17:08 +0200)]
Do not audit attempts by thumb to search config_home_t dirs (~/.config)
telepathy: fix filetrans_pattern
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Wed, 5 Oct 2011 14:49:13 +0000 (16:49 +0200)]
label ~/.cache/telepathy/logger telepathy_logger_cache_home_t
allow all telepathy domains to create ~/.cache/telepathy dir with
telepathy_cache_home_t type
allow thumb to read generic data home files (mime.type)
do not audit attempts by thumb_t to send dbus messages to session bus
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Miroslav Grepl [Wed, 5 Oct 2011 12:21:26 +0000 (12:21 +0000)]
Allow nmbd to manage sock file in /var/run/nmbd
Miroslav Grepl [Wed, 5 Oct 2011 07:19:14 +0000 (07:19 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 5 Oct 2011 07:10:08 +0000 (07:10 +0000)]
ricci_modservice send syslog msgs
Dan Walsh [Tue, 4 Oct 2011 20:33:33 +0000 (16:33 -0400)]
I dont think we should have a gnomeclock_systemctl_t domain, I am giving the access to gnomeclock
Dan Walsh [Tue, 4 Oct 2011 20:11:49 +0000 (16:11 -0400)]
Stop transitioning from unconfined_t to ldconfig_t, but make sure /etc/ld.so.cache is labeled correctly
Dan Walsh [Tue, 4 Oct 2011 19:57:43 +0000 (15:57 -0400)]
Allow systemd_logind_t to manage /run/USER/dconf/user
Dan Walsh [Tue, 4 Oct 2011 15:23:59 +0000 (11:23 -0400)]
Bogus call to missing dbus interface
Miroslav Grepl [Tue, 4 Oct 2011 13:02:32 +0000 (13:02 +0000)]
Fix dev_dontaudit_write_mtrr() interface
Miroslav Grepl [Mon, 3 Oct 2011 21:04:39 +0000 (21:04 +0000)]
Allow logrotate setuid and setgid since logrotate is supposed to do it
Dan Walsh [Mon, 3 Oct 2011 18:53:22 +0000 (14:53 -0400)]
Add new nfsd ports
Dan Walsh [Mon, 3 Oct 2011 18:50:35 +0000 (14:50 -0400)]
Add new nfsd ports
Dan Walsh [Mon, 3 Oct 2011 16:11:43 +0000 (12:11 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 3 Oct 2011 16:11:27 +0000 (12:11 -0400)]
Added fix to allow confined apps to execmod on chrome
Dominick Grift [Mon, 3 Oct 2011 14:44:23 +0000 (16:44 +0200)]
thumb: fix/clean more merge issues
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Mon, 3 Oct 2011 14:41:37 +0000 (16:41 +0200)]
thumb_t no longer creates orcexec.* files in user home directories with
the new orc packages (orc-0.4.16-1). (it uses /tmp instead)
fix/clean some merge left overs
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dan Walsh [Mon, 3 Oct 2011 14:09:35 +0000 (10:09 -0400)]
Add labeling for additional vdsm directories
Dan Walsh [Mon, 3 Oct 2011 14:00:44 +0000 (10:00 -0400)]
Add labeling for additional vdsm directories
Miroslav Grepl [Mon, 3 Oct 2011 11:00:14 +0000 (11:00 +0000)]
Allow Exim and Dovecot SASL
Miroslav Grepl [Mon, 3 Oct 2011 10:55:10 +0000 (10:55 +0000)]
Add label for /var/run/nmbd
Miroslav Grepl [Mon, 3 Oct 2011 10:19:36 +0000 (10:19 +0000)]
Add fixes to make virsh and xen working together
Miroslav Grepl [Mon, 3 Oct 2011 08:47:22 +0000 (08:47 +0000)]
Colord executes ls
Conflicts:
policy/modules/services/colord.te
Miroslav Grepl [Mon, 3 Oct 2011 08:42:36 +0000 (08:42 +0000)]
/var/spool/cron is now labeled as user_cron_spool_t
Miroslav Grepl [Mon, 3 Oct 2011 08:35:04 +0000 (08:35 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Conflicts:
policy/modules/kernel/corenetwork.te.in
policy/modules/services/postfix.te
Dominick Grift [Sat, 1 Oct 2011 12:56:09 +0000 (14:56 +0200)]
Thumb: comment out some policy that needs reproducing (i could not
reproduce):
- does thumb really need to create files in user_tmp_t dirs?
- does thumb really need to read gconf home files?
- does thumb really creates dirs in user_home_dir_t dirs?
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 12:46:32 +0000 (14:46 +0200)]
corenetwork.te.in: portcon conflict
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 12:44:59 +0000 (14:44 +0200)]
postfix: these types do not exist
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 12:43:28 +0000 (14:43 +0200)]
ssh_role_template: the corecmd_spec_shell_domtrans does not support
attributes.
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 12:41:57 +0000 (14:41 +0200)]
sysadm: this is not the unconfineduser module
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 12:37:43 +0000 (14:37 +0200)]
thumb: if thumb cannot stream connect to session bus type then it will
not try to dbus chat to session bus type.
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 11:49:36 +0000 (13:49 +0200)]
gpg: fix userdom_use_user_terminals call for gpg_pinentry_t
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 10:41:49 +0000 (12:41 +0200)]
thumb: some commits crossed.
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dan Walsh [Sat, 1 Oct 2011 10:17:46 +0000 (06:17 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Conflicts:
policy/modules/apps/thumb.te
Dan Walsh [Sat, 1 Oct 2011 10:11:58 +0000 (06:11 -0400)]
Fix mislabeling that occurs if and admin runs pm-utils directly
Dominick Grift [Sat, 1 Oct 2011 09:35:04 +0000 (11:35 +0200)]
Merge branch 'pinentry'
Dominick Grift [Sat, 1 Oct 2011 09:33:12 +0000 (11:33 +0200)]
Thumb policy. I think we should split this module into separate modules.
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Sat, 1 Oct 2011 08:21:33 +0000 (10:21 +0200)]
gpg-pinentry needs to use user_devpts_t for the pin entry dialog to work
from a shell (example: openssh)
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dan Walsh [Fri, 30 Sep 2011 19:48:24 +0000 (15:48 -0400)]
Additional access for thumb_t
Dan Walsh [Fri, 30 Sep 2011 14:34:42 +0000 (10:34 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 30 Sep 2011 14:19:34 +0000 (10:19 -0400)]
Allow access to gnome content but do not allow thumbviewers access to the session bus
Dominick Grift [Thu, 29 Sep 2011 21:16:53 +0000 (23:16 +0200)]
telepathy mission control typo fixes
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Thu, 29 Sep 2011 21:11:10 +0000 (23:11 +0200)]
Clean up telepathy named filetrans home content.
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Thu, 29 Sep 2011 20:49:15 +0000 (22:49 +0200)]
Merge branch 'master' of ssh://domg472@git.fedorahosted.org/git/selinux-policy.git
Dominick Grift [Thu, 29 Sep 2011 20:48:57 +0000 (22:48 +0200)]
mc creates .local/share/telepathy, /mission-control(/.*)? but any tp
domain should be able to create .local/share/telepathy so thats a
generic telepathy data home type.
same for .cache/telepathy (generic telepathy cache type)
logger and gabble need to write to /run/user/.config/dconf/user
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dan Walsh [Thu, 29 Sep 2011 20:32:34 +0000 (16:32 -0400)]
Add telepathy file label named trans
Dan Walsh [Thu, 29 Sep 2011 19:49:22 +0000 (15:49 -0400)]
Fixes for lxc confined domains
Dan Walsh [Thu, 29 Sep 2011 19:27:24 +0000 (15:27 -0400)]
Java and thunderbird or firefox seem to be creating a hugetlbfs file in /anon_hugetable that staff roles need to read
Dan Walsh [Thu, 29 Sep 2011 19:26:27 +0000 (15:26 -0400)]
Revert change to allow telepathy to manage data_home and fix location of mission-critical content in the homedir
Dan Walsh [Thu, 29 Sep 2011 18:02:38 +0000 (14:02 -0400)]
allow userdomains to transition to ssh_t and ssh_t to read keyrings from the user domains
Dan Walsh [Thu, 29 Sep 2011 17:50:29 +0000 (13:50 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 29 Sep 2011 17:50:14 +0000 (13:50 -0400)]
telepath_mission manages data_home_t
Dan Walsh [Thu, 29 Sep 2011 17:44:09 +0000 (13:44 -0400)]
udev needs to read kernel modules
Dominick Grift [Thu, 29 Sep 2011 17:22:17 +0000 (19:22 +0200)]
Fix syntax error rhbz#742239
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Dominick Grift [Thu, 29 Sep 2011 17:19:38 +0000 (19:19 +0200)]
Merge branch 'modemmanager'
Miroslav Grepl [Thu, 29 Sep 2011 16:41:01 +0000 (16:41 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 29 Sep 2011 15:01:31 +0000 (15:01 +0000)]
Fix typo in postfix policy
Miroslav Grepl [Thu, 29 Sep 2011 14:43:20 +0000 (14:43 +0000)]
One more ephemeral fix
Miroslav Grepl [Thu, 29 Sep 2011 14:36:23 +0000 (14:36 +0000)]
One more ephmeral fix
Miroslav Grepl [Thu, 29 Sep 2011 14:34:03 +0000 (14:34 +0000)]
Fix ephemeral patch
Dan Walsh [Thu, 29 Sep 2011 14:31:24 +0000 (10:31 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 29 Sep 2011 14:30:17 +0000 (10:30 -0400)]
Stop complaining about leaked file descriptors during install
Miroslav Grepl [Thu, 29 Sep 2011 14:16:41 +0000 (14:16 +0000)]
- Add support for Clustered Samba commands
Miroslav Grepl [Thu, 29 Sep 2011 12:11:38 +0000 (12:11 +0000)]
bounc needs to manage either defer,bounce or trace