]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dominick Grift [Wed, 13 Jul 2011 09:41:48 +0000 (11:41 +0200)]
telepathy: move gkeyring dbus chat call for mc to local policy as it
Dominick Grift [Wed, 13 Jul 2011 09:39:25 +0000 (11:39 +0200)]
gnome: fix xml, does not expect a role prefix parameter
Dominick Grift [Wed, 13 Jul 2011 09:32:55 +0000 (11:32 +0200)]
telepathy: fix telepathy_role, allow telepathy_mission_control_t to dbus
Dominick Grift [Wed, 13 Jul 2011 09:23:50 +0000 (11:23 +0200)]
telepathy: make logger file transition in .local/share and .cache
Dan Walsh [Tue, 12 Jul 2011 19:16:30 +0000 (15:16 -0400)]
Allow logrotate_t to read symbolic links with the logrotate_var_lib_t label. One of our customers set this up
Dan Walsh [Tue, 12 Jul 2011 19:15:39 +0000 (15:15 -0400)]
Allow virtd_t to use ptys created by svirt domains, this is needed in order to do virsh console connect
Dan Walsh [Tue, 12 Jul 2011 19:13:37 +0000 (15:13 -0400)]
Revert "Allow logrotate_t to read symbolic links with the logrotate_var_lib_t label. One of our customers set this up"
This reverts commit
b61dc5a071e724100a59335602ead66d0d8ca2c5 .
Dan Walsh [Tue, 12 Jul 2011 18:34:16 +0000 (14:34 -0400)]
Allow logrotate_t to read symbolic links with the logrotate_var_lib_t label. One of our customers set this up
Miroslav Grepl [Tue, 12 Jul 2011 09:00:26 +0000 (09:00 +0000)]
Remove duplicate declaration in ABRT policy
Miroslav Grepl [Tue, 12 Jul 2011 08:35:03 +0000 (08:35 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 11 Jul 2011 22:19:30 +0000 (18:19 -0400)]
Dontaudit logrotate attempting to list mnt file systems
Dan Walsh [Mon, 11 Jul 2011 22:08:13 +0000 (18:08 -0400)]
A lot of users are running yum -y update while in /root which is causing ldconfig to list the contents, adding dontaudit
Dan Walsh [Mon, 11 Jul 2011 22:00:42 +0000 (18:00 -0400)]
Allow colord to interact with the users through the tmpfs file system
Dan Walsh [Mon, 11 Jul 2011 21:54:35 +0000 (17:54 -0400)]
Since we changed the label on deferred, we need to allow postfix_qmgr_t to be able to create maildrop_t files
Dan Walsh [Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)]
Add label for /var/log/mcelog
Miroslav Grepl [Mon, 11 Jul 2011 18:25:24 +0000 (18:25 +0000)]
Allow only spamc_t to connect to abrt over unix stream socket rather than all apps domains for now
Miroslav Grepl [Mon, 11 Jul 2011 16:30:20 +0000 (16:30 +0000)]
Allow amavis to read sysfs
Miroslav Grepl [Mon, 11 Jul 2011 16:15:09 +0000 (16:15 +0000)]
Allow asterisk to read /dev/random if it uses TLS
Miroslav Grepl [Mon, 11 Jul 2011 11:45:28 +0000 (11:45 +0000)]
Allow colord to read ini files which are labeled as bin_t
Miroslav Grepl [Mon, 11 Jul 2011 11:02:40 +0000 (11:02 +0000)]
Allow dirsrvadmin sys_resource and setrlimit to use ulimit
Dan Walsh [Thu, 7 Jul 2011 17:41:17 +0000 (13:41 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 7 Jul 2011 17:37:01 +0000 (13:37 -0400)]
Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first. Also lists /var and /var/spool directories
Dominick Grift [Wed, 6 Jul 2011 22:15:53 +0000 (00:15 +0200)]
Revert:
ea889ac720a4fddde6d8376cb5dc9336d14e867e
mozilla_plugin_tmp_t is userdom_user_tmp_content() and so callers have
full access to it.
Dominick Grift [Wed, 6 Jul 2011 21:37:06 +0000 (23:37 +0200)]
callers need to stream connect to mozilla plugin ( gecko media
Dan Walsh [Wed, 6 Jul 2011 21:00:12 +0000 (17:00 -0400)]
Remove labels for libexec abrt helpers
Dan Walsh [Wed, 6 Jul 2011 20:44:16 +0000 (16:44 -0400)]
Allow apps that transition to mozilla_plugin_t to use the fd
Dan Walsh [Wed, 6 Jul 2011 20:43:46 +0000 (16:43 -0400)]
Add openl2tpd to l2tpd policy
Dan Walsh [Wed, 6 Jul 2011 20:04:37 +0000 (16:04 -0400)]
qpidd is reading the sysfs file
Dan Walsh [Wed, 6 Jul 2011 20:04:08 +0000 (16:04 -0400)]
Abrt helper is reading the execuatbles that crash
Dan Walsh [Wed, 6 Jul 2011 20:03:44 +0000 (16:03 -0400)]
xauth seems to be creating unix_dgram_sockets and reading network state
Dan Walsh [Tue, 5 Jul 2011 20:21:21 +0000 (16:21 -0400)]
add l2tpd daemon policy
Dan Walsh [Tue, 5 Jul 2011 17:41:54 +0000 (13:41 -0400)]
Domains that execute killall like gdm, need to getattributes of executables
Dan Walsh [Tue, 5 Jul 2011 16:38:34 +0000 (12:38 -0400)]
Allow mail domains to read asterisk_tmp_t content
Dan Walsh [Tue, 5 Jul 2011 16:38:07 +0000 (12:38 -0400)]
Cleanup sandbox policy
Dan Walsh [Tue, 5 Jul 2011 15:33:38 +0000 (11:33 -0400)]
chrome_sandbox_t needs to write to inherited files in the homedir, if it is using nfs or cifs
Dan Walsh [Tue, 5 Jul 2011 15:19:33 +0000 (11:19 -0400)]
Allow sysadmin_t to transition to systemd_passwd to start and stop init scripts
Dan Walsh [Fri, 1 Jul 2011 11:40:11 +0000 (07:40 -0400)]
#711804 reveals that puppetmaster needs to search through sysfs_t
Dan Walsh [Fri, 1 Jul 2011 11:39:24 +0000 (07:39 -0400)]
abrt-dump-oops runs from init and needs to write to abrt_var_cache, so I am making it a helper app
Dan Walsh [Fri, 1 Jul 2011 11:38:38 +0000 (07:38 -0400)]
vpnc_t tries to access an init_t fd, but works without the access, so dontaudit it
Miroslav Grepl [Thu, 30 Jun 2011 17:18:51 +0000 (17:18 +0000)]
Fix virt_dontaudit_read_chr_dev() interface
Miroslav Grepl [Thu, 30 Jun 2011 16:55:53 +0000 (16:55 +0000)]
Add more interfaces for rhsmcertd policy
Dan Walsh [Thu, 30 Jun 2011 11:24:13 +0000 (07:24 -0400)]
Change usbmuxd_t to dontaudit attempts to read chr_file (usb) devices owned by an svirt guest
Dan Walsh [Thu, 30 Jun 2011 11:12:39 +0000 (07:12 -0400)]
Add mysld_safe_exec_t for libra domains to be able to start private mysql domains
Dan Walsh [Thu, 30 Jun 2011 11:08:42 +0000 (07:08 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 30 Jun 2011 11:08:20 +0000 (07:08 -0400)]
Sandbox starts dbus within some apps and this attempts to communicate with netlink_selinux_socket. I think we need to allow this access, as it stops an ugly line from appearing in the log file
Dan Walsh [Thu, 30 Jun 2011 11:07:24 +0000 (07:07 -0400)]
Revert "Sandbox starts dbus within some apps and this attempts to communicate with netlink_selinux_socket. I think we need to allow this access, as it stops an ugly line from appearing in the log file"
This reverts commit
5a709ffff74bb93b11744d0a3041120a4910f94c .
Dan Walsh [Thu, 30 Jun 2011 11:06:28 +0000 (07:06 -0400)]
Sandbox starts dbus within some apps and this attempts to communicate with netlink_selinux_socket. I think we need to allow this access, as it stops an ugly line from appearing in the log file
Miroslav Grepl [Tue, 28 Jun 2011 10:56:49 +0000 (10:56 +0000)]
Allow pppd to search /var/lock dir
Dan Walsh [Wed, 29 Jun 2011 17:04:06 +0000 (13:04 -0400)]
Allow usbmuxd_t to read chr_files owned by svirt_t
Miroslav Grepl [Wed, 29 Jun 2011 16:02:10 +0000 (16:02 +0000)]
Add rhsmcertd policy
Miroslav Grepl [Wed, 29 Jun 2011 15:16:10 +0000 (15:16 +0000)]
Allow colord to read /proc/stat
Miroslav Grepl [Wed, 29 Jun 2011 13:35:24 +0000 (13:35 +0000)]
Add support for corosync-notifyd
Miroslav Grepl [Wed, 29 Jun 2011 13:22:42 +0000 (13:22 +0000)]
Allow shutdown to send sigchld to rhev-agentd
Miroslav Grepl [Wed, 29 Jun 2011 11:20:39 +0000 (11:20 +0000)]
Fix file context issue in postfix.fc
Miroslav Grepl [Wed, 29 Jun 2011 11:01:22 +0000 (11:01 +0000)]
Allow confined users to dbus chat with telepathy domains
Miroslav Grepl [Wed, 29 Jun 2011 08:32:16 +0000 (08:32 +0000)]
Allow telepathy_gabble to read gnome home config
Miroslav Grepl [Tue, 28 Jun 2011 16:21:56 +0000 (16:21 +0000)]
Fix bud in bugzilla.if
Miroslav Grepl [Tue, 28 Jun 2011 15:46:38 +0000 (15:46 +0000)]
Remove duplicate context declaration for /usr/sbin/validate
Miroslav Grepl [Tue, 28 Jun 2011 15:37:52 +0000 (15:37 +0000)]
Remove others duplicate declarations
Miroslav Grepl [Tue, 28 Jun 2011 15:22:05 +0000 (15:22 +0000)]
Remove duplicate declaration from iptables.fc
Miroslav Grepl [Tue, 28 Jun 2011 15:12:09 +0000 (15:12 +0000)]
Add back upstream changes in userdomain.if
Miroslav Grepl [Tue, 28 Jun 2011 15:01:19 +0000 (15:01 +0000)]
Remove duplicate declaration from vnstat
Miroslav Grepl [Tue, 28 Jun 2011 14:55:27 +0000 (14:55 +0000)]
Add back telepathy_dbus_chat() interface
Miroslav Grepl [Tue, 28 Jun 2011 14:46:25 +0000 (14:46 +0000)]
Use files_list_lost_found() interface
Miroslav Grepl [Tue, 28 Jun 2011 14:41:14 +0000 (14:41 +0000)]
Add back application_getattr_socket() interface
Miroslav Grepl [Tue, 28 Jun 2011 14:35:32 +0000 (14:35 +0000)]
Remove duplicate declaration in rssh policy
Miroslav Grepl [Tue, 28 Jun 2011 14:30:45 +0000 (14:30 +0000)]
Use zarafa_domtrans_deliver interface instead of zarafa_deliver_domtrans
Miroslav Grepl [Tue, 28 Jun 2011 14:26:03 +0000 (14:26 +0000)]
Fix typo
Miroslav Grepl [Tue, 28 Jun 2011 14:22:24 +0000 (14:22 +0000)]
Use mozilla_exec_user_home_files()
Miroslav Grepl [Tue, 28 Jun 2011 14:18:01 +0000 (14:18 +0000)]
Use bugzilla_dontaudit_rw_stream_sockets(system_mail_t) which is correct
Miroslav Grepl [Tue, 28 Jun 2011 14:14:41 +0000 (14:14 +0000)]
Use the right interface
Miroslav Grepl [Tue, 28 Jun 2011 14:10:33 +0000 (14:10 +0000)]
Remove duplication declaration in mozilla policy
Miroslav Grepl [Tue, 28 Jun 2011 14:05:35 +0000 (14:05 +0000)]
Remove duplicate declaration from colord policy
Miroslav Grepl [Tue, 28 Jun 2011 14:03:00 +0000 (14:03 +0000)]
Add back interface(`zarafa_manage_lib_files() interface
Miroslav Grepl [Tue, 28 Jun 2011 13:59:45 +0000 (13:59 +0000)]
Add back passenger_manage_pid_content() interface
Miroslav Grepl [Tue, 28 Jun 2011 13:52:59 +0000 (13:52 +0000)]
Add back mediawiki interfaces
Miroslav Grepl [Tue, 28 Jun 2011 13:49:39 +0000 (13:49 +0000)]
Remove duplicate declaration from userdomain.if
Miroslav Grepl [Tue, 28 Jun 2011 13:46:30 +0000 (13:46 +0000)]
Add missing interfaces to userdomain.if
Miroslav Grepl [Tue, 28 Jun 2011 13:36:42 +0000 (13:36 +0000)]
Add old userdomain.if file
Miroslav Grepl [Tue, 28 Jun 2011 13:28:57 +0000 (13:28 +0000)]
Just for testing
Miroslav Grepl [Tue, 28 Jun 2011 13:03:17 +0000 (13:03 +0000)]
Remove duplicate declaration for rssh.if
Miroslav Grepl [Tue, 28 Jun 2011 13:01:02 +0000 (13:01 +0000)]
Remove duplicate declarations for iscsi.if, libraries.if and logging.if
Miroslav Grepl [Tue, 28 Jun 2011 12:53:16 +0000 (12:53 +0000)]
Remove duplicate declarations in ipsec.if
Miroslav Grepl [Tue, 28 Jun 2011 12:51:14 +0000 (12:51 +0000)]
Fix duplicate declaration in daemontools.if
Miroslav Grepl [Tue, 28 Jun 2011 12:49:58 +0000 (12:49 +0000)]
Fix duplicate declaration in authlogin.if
Miroslav Grepl [Tue, 28 Jun 2011 12:48:43 +0000 (12:48 +0000)]
Fix duplicate declaration in kernel.if
Miroslav Grepl [Tue, 28 Jun 2011 12:45:52 +0000 (12:45 +0000)]
Fix duplicate declarations in filesystem.if (caused by merge with upstream)
Miroslav Grepl [Tue, 28 Jun 2011 12:37:58 +0000 (12:37 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 28 Jun 2011 12:36:18 +0000 (12:36 +0000)]
Remove all duplicate declaration from domain.if, corenetwork.if, files.if
Miroslav Grepl [Tue, 28 Jun 2011 12:28:40 +0000 (12:28 +0000)]
Fix shorewall.if
Miroslav Grepl [Tue, 28 Jun 2011 12:07:40 +0000 (12:07 +0000)]
Fix for colord.if and others
Dan Walsh [Tue, 28 Jun 2011 10:30:24 +0000 (06:30 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 28 Jun 2011 10:28:26 +0000 (06:28 -0400)]
Allow systemd_tmpfiles_t to list file_t directories
Dan Walsh [Tue, 28 Jun 2011 10:26:41 +0000 (06:26 -0400)]
Allow systemd_tmpfiles_t to list file_t directories
Miroslav Grepl [Tue, 28 Jun 2011 09:41:36 +0000 (09:41 +0000)]
Fix more typos
Miroslav Grepl [Tue, 28 Jun 2011 08:50:51 +0000 (08:50 +0000)]
Fix in telepathy.if
Miroslav Grepl [Mon, 27 Jun 2011 18:44:05 +0000 (18:44 +0000)]
Fix ncftool.if
Miroslav Grepl [Mon, 27 Jun 2011 17:53:32 +0000 (17:53 +0000)]
qpidd policy was renamed to qpid by upstream
Miroslav Grepl [Mon, 27 Jun 2011 17:47:23 +0000 (17:47 +0000)]
Move mediawiki policy from apps to services
Miroslav Grepl [Mon, 27 Jun 2011 17:38:59 +0000 (17:38 +0000)]
Move passenger policy from services to admin layer
projects / people / stevee / selinux-policy.git / log
