]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dan Walsh [Fri, 2 Dec 2011 12:24:43 +0000 (07:24 -0500)]
Cleanup watchdog code for submission to upstream
Dan Walsh [Thu, 1 Dec 2011 21:43:42 +0000 (16:43 -0500)]
Stop using usertype
Dan Walsh [Thu, 1 Dec 2011 21:27:33 +0000 (16:27 -0500)]
Users that use X and spice need to use the virtio device
Dan Walsh [Thu, 1 Dec 2011 21:27:15 +0000 (16:27 -0500)]
add upstream gpg_exec interface
Dan Walsh [Thu, 1 Dec 2011 19:54:58 +0000 (14:54 -0500)]
Remove extra white space
Dan Walsh [Thu, 1 Dec 2011 19:54:33 +0000 (14:54 -0500)]
I believe the broken bluetooth code is no longer needed
Dan Walsh [Thu, 1 Dec 2011 19:53:48 +0000 (14:53 -0500)]
Upstream calls the gnomedomain rather then gnome_domain
Dan Walsh [Thu, 1 Dec 2011 17:03:15 +0000 (12:03 -0500)]
Allow mozilla_plugin_config_t to use inherited pty
Dan Walsh [Thu, 1 Dec 2011 15:53:56 +0000 (10:53 -0500)]
Fix procs_type interface
Dan Walsh [Wed, 30 Nov 2011 17:04:10 +0000 (12:04 -0500)]
Dovecot has a new fifo_file /var/run/dovecot/stats-mail
Dan Walsh [Wed, 30 Nov 2011 16:39:11 +0000 (11:39 -0500)]
Dovecot has a new fifo_file /var/run/stats-mail
Dan Walsh [Wed, 30 Nov 2011 00:55:15 +0000 (19:55 -0500)]
Puppet manages content, want to make sure it labels everything correctly
Dan Walsh [Tue, 29 Nov 2011 20:02:46 +0000 (15:02 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 29 Nov 2011 20:02:37 +0000 (15:02 -0500)]
squashfs supports extended attributes
Miroslav Grepl [Tue, 29 Nov 2011 15:54:37 +0000 (16:54 +0100)]
add snmp_read_snmp_var_lib_dirs() interface
Miroslav Grepl [Tue, 29 Nov 2011 11:40:00 +0000 (12:40 +0100)]
Fix devicekit_manage_pid_files() interface
Miroslav Grepl [Tue, 29 Nov 2011 10:34:51 +0000 (11:34 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 29 Nov 2011 03:24:02 +0000 (22:24 -0500)]
Allow all postfix domains to use the fifo_file
Dan Walsh [Tue, 29 Nov 2011 03:15:57 +0000 (22:15 -0500)]
The dbus daemon for fprintd reads the cmdline of the program it is chatting with
Dan Walsh [Tue, 29 Nov 2011 03:06:19 +0000 (22:06 -0500)]
Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t
Dan Walsh [Tue, 29 Nov 2011 02:57:47 +0000 (21:57 -0500)]
Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp
Dan Walsh [Tue, 29 Nov 2011 02:46:20 +0000 (21:46 -0500)]
Let firewallgui read the selinux config
Dan Walsh [Tue, 29 Nov 2011 02:30:06 +0000 (21:30 -0500)]
Allow squid to check the network state
Dan Walsh [Tue, 29 Nov 2011 02:09:43 +0000 (21:09 -0500)]
Allow mount to read modutils_dep_t, probably a leak but not worth blocking
Dan Walsh [Tue, 29 Nov 2011 02:05:36 +0000 (21:05 -0500)]
Allow ping domains to read zabbix_tmp_t files
Dan Walsh [Tue, 29 Nov 2011 02:04:01 +0000 (21:04 -0500)]
Forward port f16 zabbix fixes
Dan Walsh [Tue, 29 Nov 2011 01:45:02 +0000 (20:45 -0500)]
Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it
Dan Walsh [Mon, 28 Nov 2011 23:19:20 +0000 (18:19 -0500)]
Dontaudit colord getattr on file systems
Dan Walsh [Mon, 28 Nov 2011 21:50:47 +0000 (16:50 -0500)]
Change spamd_read_pid to spamd_read_pid_files
Dan Walsh [Mon, 28 Nov 2011 21:47:36 +0000 (16:47 -0500)]
Allow clamd to read spamd_var_run_t files
Miroslav Grepl [Mon, 28 Nov 2011 20:20:32 +0000 (21:20 +0100)]
merge fix
Miroslav Grepl [Mon, 28 Nov 2011 16:54:02 +0000 (17:54 +0100)]
Fix merge issue
Miroslav Grepl [Mon, 28 Nov 2011 16:38:14 +0000 (17:38 +0100)]
Disable cron_role for sysadm
Miroslav Grepl [Mon, 28 Nov 2011 14:39:48 +0000 (15:39 +0100)]
Allow mailman to read /dev/urandom
Miroslav Grepl [Mon, 28 Nov 2011 13:09:15 +0000 (14:09 +0100)]
Allow clamd to read spamd pid file
* needs to read /var/spool/MIMEDefang/*
Miroslav Grepl [Mon, 28 Nov 2011 11:32:10 +0000 (12:32 +0100)]
Allow mount to read /dev/urandom
Miroslav Grepl [Mon, 28 Nov 2011 10:57:36 +0000 (11:57 +0100)]
Allow httpd_collectd_script_t to search /var/lib
Miroslav Grepl [Thu, 24 Nov 2011 11:50:38 +0000 (12:50 +0100)]
Allow spamd to send mail
Miroslav Grepl [Thu, 24 Nov 2011 11:36:13 +0000 (12:36 +0100)]
Add ssh_home_t label for /var/lib/nocpulse/.ssh
Miroslav Grepl [Thu, 24 Nov 2011 11:27:13 +0000 (12:27 +0100)]
Allow puppetmaster to read network state
Miroslav Grepl [Thu, 24 Nov 2011 11:19:45 +0000 (12:19 +0100)]
Add colord_can_network_connect boolean
Conflicts:
policy/modules/services/colord.te
Miroslav Grepl [Thu, 24 Nov 2011 10:41:10 +0000 (11:41 +0100)]
Allow colord to execute shell
Add bin_t label for "/usr/lib/iscan/network"
Miroslav Grepl [Thu, 24 Nov 2011 09:54:00 +0000 (10:54 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 23 Nov 2011 20:05:20 +0000 (15:05 -0500)]
Allow cvs_t tries to read utmp file, dontaudit
Dan Walsh [Wed, 23 Nov 2011 20:02:39 +0000 (15:02 -0500)]
Namespace_init needs to execute shell
Dan Walsh [Wed, 23 Nov 2011 18:23:16 +0000 (13:23 -0500)]
winbind needs to be able to talk to ldap directly, not through sssd
Dan Walsh [Wed, 23 Nov 2011 17:57:40 +0000 (12:57 -0500)]
dnsmasq wants to read proc_net_t
Dan Walsh [Wed, 23 Nov 2011 17:57:10 +0000 (12:57 -0500)]
saslauthd_t needs to connect to zarafa_port_t
Miroslav Grepl [Wed, 23 Nov 2011 14:24:37 +0000 (15:24 +0100)]
Add full DNS support for FreeIPA
Miroslav Grepl [Mon, 21 Nov 2011 13:05:19 +0000 (14:05 +0100)]
Allow collectd-web to read collectd lib files
Miroslav Grepl [Mon, 21 Nov 2011 11:33:56 +0000 (12:33 +0100)]
Allow colord to get the attributes of tmpfs filesystem
Miroslav Grepl [Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)]
Add sanlock_use_nfs and sanlock_use_samba booleans
Miroslav Grepl [Mon, 21 Nov 2011 11:10:00 +0000 (12:10 +0100)]
Add bin_t label for /usr/lib/virtualbox/VBoxManage
Miroslav Grepl [Mon, 21 Nov 2011 10:27:54 +0000 (11:27 +0100)]
cloudfrom_exec_mongodb is interface
Dan Walsh [Fri, 18 Nov 2011 18:45:13 +0000 (13:45 -0500)]
Get rid of extra fuse rules covered by userdom_home_manager
Dan Walsh [Fri, 18 Nov 2011 18:44:39 +0000 (13:44 -0500)]
Mount needs to read process state when mounting gluster file systems
Dan Walsh [Fri, 18 Nov 2011 18:29:12 +0000 (13:29 -0500)]
Allow colord to read mislabeled icc file in the users homedir
Dan Walsh [Fri, 18 Nov 2011 16:54:23 +0000 (11:54 -0500)]
Fix typo
Dan Walsh [Fri, 18 Nov 2011 16:48:51 +0000 (11:48 -0500)]
Allow mcelog_t to create dir and file in /var/run and label it correctly
Dan Walsh [Fri, 18 Nov 2011 16:44:43 +0000 (11:44 -0500)]
Allow thumb_t to create thumb_tmp_t in user_tmp_t directories
Dan Walsh [Fri, 18 Nov 2011 16:23:10 +0000 (11:23 -0500)]
Add auth_home_t for content that needs to be written by login programs, .google_authenticator is the only one that I know of so far
Dan Walsh [Fri, 18 Nov 2011 15:00:23 +0000 (10:00 -0500)]
Allow daemons and system processes started by init to read/write the unix_stream_socket passed in from as stdin/stdout/stderr
Dan Walsh [Fri, 18 Nov 2011 14:28:35 +0000 (09:28 -0500)]
We missed an alias for chkpwd_t -> system_chkpwd_t
Dan Walsh [Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)]
Mount usinging the curlftpfs will require sys_nice and setsched
Dan Walsh [Thu, 17 Nov 2011 18:38:55 +0000 (13:38 -0500)]
Fix build errors
Dan Walsh [Thu, 17 Nov 2011 18:28:26 +0000 (13:28 -0500)]
Merge nsplugin into mozilla_plugin domain
Dan Walsh [Thu, 17 Nov 2011 17:57:40 +0000 (12:57 -0500)]
Allow mozilla_plugin and nsplugin to read audio_home_t
Dan Walsh [Thu, 17 Nov 2011 14:31:40 +0000 (09:31 -0500)]
Allow namespace_init_t to use the console, define system_map_t as a proc_type, so dontaudit in libra will work
Dan Walsh [Thu, 17 Nov 2011 14:30:06 +0000 (09:30 -0500)]
Add label for yaboot/addnote, fix some whitespace
Dan Walsh [Wed, 16 Nov 2011 21:23:06 +0000 (16:23 -0500)]
Allow kdumpgui to run bootloader and mount and create tmp files
Dan Walsh [Wed, 16 Nov 2011 21:06:55 +0000 (16:06 -0500)]
We need to treat port_t and unreserved_port_t as generic_port types
Dan Walsh [Wed, 16 Nov 2011 15:51:19 +0000 (10:51 -0500)]
Not ready for this change yet, reverting
Dan Walsh [Wed, 16 Nov 2011 15:49:01 +0000 (10:49 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Conflicts:
policy/modules/services/policykit.te
Miroslav Grepl [Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)]
Backport fixes from RHEL6 to make cronjobs working in MLS
Dan Walsh [Wed, 16 Nov 2011 15:46:25 +0000 (10:46 -0500)]
Seems like policykit and consolekit need sys_ptrace for now, not sure if kernel update will fix this problem
Miroslav Grepl [Wed, 16 Nov 2011 15:21:04 +0000 (16:21 +0100)]
Temporary fix devicekit_filetrans_named_content() interface
Miroslav Grepl [Wed, 16 Nov 2011 14:50:09 +0000 (15:50 +0100)]
auth_use_nsswitch() can no be used with attribute
Miroslav Grepl [Wed, 16 Nov 2011 14:48:07 +0000 (15:48 +0100)]
Revert "Add ftp support for mozilla plugins"
This reverts commit
c91eba2cf72ecd1dfc7bf67eaf01934d0a1bd520.
Miroslav Grepl [Tue, 15 Nov 2011 21:23:17 +0000 (22:23 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 15 Nov 2011 21:12:55 +0000 (22:12 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 15 Nov 2011 21:00:08 +0000 (22:00 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 15 Nov 2011 19:22:12 +0000 (14:22 -0500)]
Add ssh_dontaudit_search_home_dir
Dan Walsh [Tue, 15 Nov 2011 19:20:06 +0000 (14:20 -0500)]
Changes to allow namespace_init_t to work
Dan Walsh [Tue, 15 Nov 2011 18:34:20 +0000 (13:34 -0500)]
Add interface to allow exec of mongod, add port definition for mongod port, 27017
Dan Walsh [Tue, 15 Nov 2011 14:38:00 +0000 (09:38 -0500)]
Label .kde/share/apps/networkmanagement/certificates/ as home_cert_t
Dan Walsh [Tue, 15 Nov 2011 14:19:21 +0000 (09:19 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 15 Nov 2011 14:18:03 +0000 (09:18 -0500)]
Allow spamd and clamd to steam connect to each other
Dan Walsh [Tue, 15 Nov 2011 14:17:37 +0000 (09:17 -0500)]
Add policy label for passwd.OLD
Miroslav Grepl [Tue, 15 Nov 2011 11:03:21 +0000 (11:03 +0000)]
More fixes for postfix and postfix maildrop
Miroslav Grepl [Tue, 15 Nov 2011 10:51:27 +0000 (10:51 +0000)]
Add ftp support for mozilla plugins
Miroslav Grepl [Tue, 15 Nov 2011 10:33:28 +0000 (10:33 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
dwalsh [Mon, 14 Nov 2011 19:52:00 +0000 (14:52 -0500)]
Useradd now needs to manage policy since it calls libsemanage
Miroslav Grepl [Mon, 14 Nov 2011 18:59:10 +0000 (18:59 +0000)]
Other policykit fixes
Conflicts:
policy/modules/services/policykit.if
Miroslav Grepl [Mon, 14 Nov 2011 18:04:24 +0000 (18:04 +0000)]
Try to add devicekit_relabel_log_files() instead of filename trans for apmd since there is a conflict between apmd_var_log_t and devicekit_var_log_t
Miroslav Grepl [Mon, 14 Nov 2011 16:56:55 +0000 (16:56 +0000)]
Fix devicekit_manage_log_files() interface
Miroslav Grepl [Mon, 14 Nov 2011 16:51:53 +0000 (16:51 +0000)]
Fix devicekit_* filename trans interfaces
Miroslav Grepl [Mon, 14 Nov 2011 15:29:31 +0000 (15:29 +0000)]
Add policykit_domain attribute for policykit domains and call auth_use_nsswitch just for this attribute
Allow policykit_domain to read /sys
Miroslav Grepl [Mon, 14 Nov 2011 15:12:50 +0000 (15:12 +0000)]
Allow colord to execute ifconfig
Miroslav Grepl [Mon, 14 Nov 2011 14:45:28 +0000 (14:45 +0000)]
Allow accountsd to read /sys
Miroslav Grepl [Mon, 14 Nov 2011 14:25:26 +0000 (14:25 +0000)]
Allow accountsd to read /sys