]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dan Walsh [Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)]
Make sure postfix content gets created with the correct label
Dan Walsh [Fri, 28 Oct 2011 20:36:35 +0000 (16:36 -0400)]
New name for imagfac.py
Dan Walsh [Fri, 28 Oct 2011 20:28:58 +0000 (16:28 -0400)]
Move named file trans rules from unconfined_t to all unconfined_domains
Dan Walsh [Fri, 28 Oct 2011 20:28:06 +0000 (16:28 -0400)]
matahari-serviced reads /etc/machine-id
Dan Walsh [Fri, 28 Oct 2011 20:02:50 +0000 (16:02 -0400)]
Allow plymouthd to read the process info on gdm
Dan Walsh [Fri, 28 Oct 2011 16:38:09 +0000 (12:38 -0400)]
Add policy for matahari-qmf-sysconfigd
Dan Walsh [Fri, 28 Oct 2011 16:36:29 +0000 (12:36 -0400)]
Add policy for matahari-qmf-sysconfigd
Dan Walsh [Fri, 28 Oct 2011 13:57:23 +0000 (09:57 -0400)]
use LDAP (OpenLDAP) with TLS (NSS) requires slapd_t be able to write to /var/cache/coolkey
Dan Walsh [Fri, 28 Oct 2011 13:41:31 +0000 (09:41 -0400)]
Handle all drupal versions
Dan Walsh [Fri, 28 Oct 2011 13:31:01 +0000 (09:31 -0400)]
Allow dovecot_auth to changes the sched algorythm
Dan Walsh [Fri, 28 Oct 2011 13:24:02 +0000 (09:24 -0400)]
additional access required for matahari_serviced_t
Dan Walsh [Fri, 28 Oct 2011 13:21:14 +0000 (09:21 -0400)]
Need to allow matahari_serviced_t to transition scripts and config all services
Dan Walsh [Thu, 27 Oct 2011 21:21:59 +0000 (17:21 -0400)]
Allow chrome_sandbox_t to search user homedirs
Dan Walsh [Thu, 27 Oct 2011 20:57:32 +0000 (16:57 -0400)]
Chome_sandbox needs to read chrome_sandbox_nacl_t /proc data
Dan Walsh [Thu, 27 Oct 2011 20:15:29 +0000 (16:15 -0400)]
Allow chrome to interact with passed in stream sockets
Dan Walsh [Thu, 27 Oct 2011 13:50:04 +0000 (09:50 -0400)]
Check in fixed for Chrome nacl support
Dan Walsh [Wed, 26 Oct 2011 14:16:32 +0000 (10:16 -0400)]
Begin removing qemu_t domain, we really no longer need this domain. Want to
Dan Walsh [Wed, 26 Oct 2011 13:23:02 +0000 (09:23 -0400)]
systemd_passwd needs dac_overide to communicate with users TTY's
Dan Walsh [Wed, 26 Oct 2011 13:22:31 +0000 (09:22 -0400)]
Allow svirt_lxc domains to send kill signals within their container
Dan Walsh [Tue, 25 Oct 2011 19:53:29 +0000 (15:53 -0400)]
Allow policykit to talk to the systemd via dbus
Dan Walsh [Tue, 25 Oct 2011 19:49:55 +0000 (15:49 -0400)]
Move chrome_sandbox_nacl_t to permissive domains
Dan Walsh [Tue, 25 Oct 2011 19:48:41 +0000 (15:48 -0400)]
Additional rules for chrome_sandbox_nacl
Dan Walsh [Tue, 25 Oct 2011 15:40:06 +0000 (11:40 -0400)]
Change bootstrap name to nacl
Dan Walsh [Tue, 25 Oct 2011 15:21:14 +0000 (11:21 -0400)]
Chrome still needs execmem
Dan Walsh [Tue, 25 Oct 2011 15:20:41 +0000 (11:20 -0400)]
Missing role for chrome_sandbox_bootstrap
Dan Walsh [Tue, 25 Oct 2011 14:42:31 +0000 (10:42 -0400)]
Add boolean to remove execmem and execstack from virtual machines
Dan Walsh [Tue, 25 Oct 2011 13:47:44 +0000 (09:47 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 25 Oct 2011 13:47:28 +0000 (09:47 -0400)]
Dontaudit xdm_t doing an access_check on etc_t directories
Miroslav Grepl [Mon, 24 Oct 2011 22:13:52 +0000 (22:13 +0000)]
Allow named to connect to dirsrv
Miroslav Grepl [Mon, 24 Oct 2011 22:01:22 +0000 (22:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 24 Oct 2011 20:41:24 +0000 (16:41 -0400)]
Apparently chrome does not need execmem any longer
Dan Walsh [Mon, 24 Oct 2011 20:27:32 +0000 (16:27 -0400)]
udev talks to its own sock_file in /var/run/udevl
Dan Walsh [Mon, 24 Oct 2011 15:54:22 +0000 (11:54 -0400)]
add ldapmap1_0 as a krb5_host_rcache_t file
Dan Walsh [Mon, 24 Oct 2011 15:31:13 +0000 (11:31 -0400)]
Google chrome developers asked me to add bootstrap policy for nacl stuff
Miroslav Grepl [Mon, 24 Oct 2011 13:11:13 +0000 (13:11 +0000)]
Fix abrt_manage_cache() interface
Miroslav Grepl [Mon, 24 Oct 2011 12:54:44 +0000 (12:54 +0000)]
Allow rhev_agentd_t to getattr on mountpoints
Dan Walsh [Mon, 24 Oct 2011 12:30:41 +0000 (08:30 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 24 Oct 2011 12:30:20 +0000 (08:30 -0400)]
Postfix_smtpd_t needs access to milters and cleanup seems to read/write postfix_smtpd_t unix_stream_sockets
Miroslav Grepl [Mon, 24 Oct 2011 09:08:17 +0000 (09:08 +0000)]
Fix typo
Miroslav Grepl [Mon, 24 Oct 2011 08:28:36 +0000 (08:28 +0000)]
Fixes for cloudform policies which need to connect to random ports
Dan Walsh [Fri, 21 Oct 2011 20:09:10 +0000 (16:09 -0400)]
I have no idea why these guys have this label but it is wrong.
Dan Walsh [Fri, 21 Oct 2011 18:07:09 +0000 (14:07 -0400)]
Make sure if an admin creates modules content it creates them with the correct label
Dan Walsh [Fri, 21 Oct 2011 18:06:42 +0000 (14:06 -0400)]
hal is trying to read mislabled modules.dep files, allow it until we figure out why they are mislabeled. hald is no longer in fedora so this needs to be back ported to RHEL6
Dan Walsh [Fri, 21 Oct 2011 15:19:58 +0000 (11:19 -0400)]
Add port 8953 as a dns port used by unbound
Dan Walsh [Fri, 21 Oct 2011 14:23:01 +0000 (10:23 -0400)]
I would rather remove the alsa home trans from the named_content, since we will want this transition for all unpriv_users
Revert "More fixes for alsa and confind users"
This reverts commit
11a508156f32c6bdf4e7d96963986fabf24f9e47 .
Dan Walsh [Fri, 21 Oct 2011 14:20:59 +0000 (10:20 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 21 Oct 2011 15:51:25 +0000 (15:51 +0000)]
More fixes for alsa and confind users
Miroslav Grepl [Fri, 21 Oct 2011 15:39:15 +0000 (15:39 +0000)]
Fix calling of alsa_filetrans_named_content()
Miroslav Grepl [Fri, 21 Oct 2011 15:34:50 +0000 (15:34 +0000)]
Fix sudo policy
Miroslav Grepl [Fri, 21 Oct 2011 15:31:56 +0000 (15:31 +0000)]
Fix typo
Miroslav Grepl [Fri, 21 Oct 2011 15:22:09 +0000 (15:22 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 21 Oct 2011 14:20:45 +0000 (10:20 -0400)]
Remove the hometrans rules from name_content, to prevent a conflict in unconfined_t
Dan Walsh [Fri, 21 Oct 2011 13:49:11 +0000 (09:49 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 21 Oct 2011 13:48:16 +0000 (09:48 -0400)]
varnishlog_log_t should be labeled as a logging_log_file
Dan Walsh [Thu, 20 Oct 2011 20:06:46 +0000 (16:06 -0400)]
Allow systemd_passwd_agent_t to talk to sock files in systemd_passswd_var_run_t
Dan Walsh [Thu, 20 Oct 2011 19:50:33 +0000 (15:50 -0400)]
Add chown to sudodomain, also move sudodomain out of interfaces into te file, to shrink policy
Dan Walsh [Thu, 20 Oct 2011 19:10:28 +0000 (15:10 -0400)]
Allow usermanage domains to getattr on all pty
Dan Walsh [Thu, 20 Oct 2011 18:18:45 +0000 (14:18 -0400)]
Stop transitioning from unconfined_t to alsa, but make sure unconfined_t running alsa commands labels correctly
Miroslav Grepl [Thu, 20 Oct 2011 17:59:42 +0000 (17:59 +0000)]
Fix duplicate declaration
Miroslav Grepl [Thu, 20 Oct 2011 17:46:24 +0000 (17:46 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 17:37:25 +0000 (17:37 +0000)]
Fix systemd_manage_passwd_run() interface
Miroslav Grepl [Thu, 20 Oct 2011 17:34:57 +0000 (17:34 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 17:30:34 +0000 (17:30 +0000)]
Add changes which relate with changed /run/systemd/ask-password-block/ labeling
Miroslav Grepl [Thu, 20 Oct 2011 17:30:34 +0000 (17:30 +0000)]
Add changes which relate with changed /run/systemd/ask-password-block/ labeling
Dan Walsh [Thu, 20 Oct 2011 15:50:39 +0000 (11:50 -0400)]
Should only be in F17
Revert "Remove ada domain"
This reverts commit
e904f39962f6e59d74594d0cb0ca706781dc7680 .
Dan Walsh [Thu, 20 Oct 2011 15:49:47 +0000 (11:49 -0400)]
Remove ada domain
Dan Walsh [Thu, 20 Oct 2011 15:39:13 +0000 (11:39 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 20 Oct 2011 15:38:58 +0000 (11:38 -0400)]
Remove the need for tetex domain
Dan Walsh [Thu, 20 Oct 2011 14:47:31 +0000 (10:47 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 15:51:30 +0000 (15:51 +0000)]
Allow sshd_t to getattr /root/.hushlogin
Miroslav Grepl [Thu, 20 Oct 2011 14:50:23 +0000 (14:50 +0000)]
Add support for ~/.fetchmailrc
Dan Walsh [Thu, 20 Oct 2011 14:47:17 +0000 (10:47 -0400)]
udevd has moved
Miroslav Grepl [Thu, 20 Oct 2011 14:11:17 +0000 (14:11 +0000)]
Add cloudform policies
Miroslav Grepl [Thu, 20 Oct 2011 14:08:10 +0000 (14:08 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 11:43:47 +0000 (11:43 +0000)]
Allow BOINC to read all domain state
Dan Walsh [Wed, 19 Oct 2011 18:10:27 +0000 (14:10 -0400)]
Allow confined domains to read their mail
Dan Walsh [Wed, 19 Oct 2011 18:05:44 +0000 (14:05 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 19 Oct 2011 18:05:30 +0000 (14:05 -0400)]
Bootloader access required by Tom London
Miroslav Grepl [Wed, 19 Oct 2011 17:18:51 +0000 (17:18 +0000)]
Add support for quota_nld
Miroslav Grepl [Wed, 19 Oct 2011 15:07:47 +0000 (15:07 +0000)]
Allow abrt setpgid
Miroslav Grepl [Wed, 19 Oct 2011 10:50:35 +0000 (10:50 +0000)]
Move nova permissive declarations to the proper module
Miroslav Grepl [Wed, 19 Oct 2011 10:28:54 +0000 (10:28 +0000)]
Add policies for nova-stack
Miroslav Grepl [Wed, 19 Oct 2011 09:36:12 +0000 (09:36 +0000)]
Add dnsmasq_exec() interface
Miroslav Grepl [Tue, 18 Oct 2011 23:17:36 +0000 (23:17 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 18 Oct 2011 22:55:31 +0000 (22:55 +0000)]
Add sudo_exec() interface
Miroslav Grepl [Tue, 18 Oct 2011 22:40:15 +0000 (22:40 +0000)]
Add label for /usr/bin/nova-compute
Miroslav Grepl [Tue, 18 Oct 2011 20:32:07 +0000 (20:32 +0000)]
Allow dirsrv_t to read netlink socket
Miroslav Grepl [Tue, 18 Oct 2011 20:21:25 +0000 (20:21 +0000)]
Add types for ports which are needed by novaopenstack
Dan Walsh [Tue, 18 Oct 2011 15:42:22 +0000 (11:42 -0400)]
Change systemd_device_t to systemd_passwd_var_run_t
Miroslav Grepl [Tue, 18 Oct 2011 11:46:08 +0000 (11:46 +0000)]
Allow system mail to connect to courier-authdaemon over an unix stream socket
Miroslav Grepl [Tue, 18 Oct 2011 11:48:38 +0000 (11:48 +0000)]
Add support for lnk files in the /var/lib/sssd directory
Miroslav Grepl [Tue, 18 Oct 2011 09:04:59 +0000 (09:04 +0000)]
Allow fail2ban domtrans to shorewall in the same way as with iptables
Dan Walsh [Mon, 17 Oct 2011 18:15:00 +0000 (14:15 -0400)]
Allow sshd to relbale tunnel sockets
Dan Walsh [Mon, 17 Oct 2011 18:04:17 +0000 (14:04 -0400)]
Allow setroubleshoot_fixit_t to read /dev/urand
Dan Walsh [Mon, 17 Oct 2011 16:37:28 +0000 (12:37 -0400)]
Take away transition rules for users executing ssh-keygen
Dan Walsh [Mon, 17 Oct 2011 15:28:58 +0000 (11:28 -0400)]
Allow init process to setrlimit on itself
Dan Walsh [Mon, 17 Oct 2011 15:25:33 +0000 (11:25 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 17 Oct 2011 15:25:19 +0000 (11:25 -0400)]
Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain
Miroslav Grepl [Mon, 17 Oct 2011 11:34:08 +0000 (11:34 +0000)]
fix label defintion for /root/.hushlogin
Miroslav Grepl [Mon, 17 Oct 2011 11:07:22 +0000 (11:07 +0000)]
Allow gpsd to use /dev/ttyUSB
projects / people / stevee / selinux-policy.git / log
