]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Thu, 8 Dec 2011 17:03:29 +0000 (17:03 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 8 Dec 2011 17:01:46 +0000 (17:01 +0000)]
Allow ssh derived domain to execute ssh-keygen in the ssh_keygen_t domain
* needed for gridengine mpi jobs and for sge policy
Dan Walsh [Wed, 7 Dec 2011 20:08:24 +0000 (15:08 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 7 Dec 2011 20:08:10 +0000 (15:08 -0500)]
Add label for tumblerd
Miroslav Grepl [Wed, 7 Dec 2011 19:15:55 +0000 (20:15 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 7 Dec 2011 19:15:31 +0000 (20:15 +0100)]
Revert "Add files_add_entry_var_lib_dirs() interface"
This reverts commit
11a74daa7815a008605e37250877a9b74e5e475e.
Dan Walsh [Wed, 7 Dec 2011 17:12:03 +0000 (12:12 -0500)]
useradd needs to be able to manage default_context and selinux config files also
Dan Walsh [Wed, 7 Dec 2011 17:06:56 +0000 (12:06 -0500)]
useradd needs to be able to manage file_context files also
Dan Walsh [Wed, 7 Dec 2011 17:00:34 +0000 (12:00 -0500)]
Unconfined_t needs to transition to useradd_t and useradd_t needs to be able to manage selinux policy
Miroslav Grepl [Wed, 7 Dec 2011 14:47:57 +0000 (15:47 +0100)]
Add files_add_entry_var_lib_dirs() interface
Dan Walsh [Tue, 6 Dec 2011 21:59:50 +0000 (16:59 -0500)]
Finish /bin->/usr/bin merge
Dan Walsh [Tue, 6 Dec 2011 20:49:14 +0000 (15:49 -0500)]
Merge branches 'master' and 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 6 Dec 2011 22:46:03 +0000 (23:46 +0100)]
Remove duplicate declaration
Dan Walsh [Tue, 6 Dec 2011 20:48:58 +0000 (15:48 -0500)]
Allow mysqld_safe to delete the mysql_db_t sock_file
Miroslav Grepl [Tue, 6 Dec 2011 19:57:35 +0000 (20:57 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 6 Dec 2011 14:05:36 +0000 (15:05 +0100)]
Add type for rhev-agent log file
Miroslav Grepl [Tue, 6 Dec 2011 17:24:21 +0000 (18:24 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 7 Dec 2011 00:20:22 +0000 (19:20 -0500)]
Fedora is moving all files in /lib, /lib64, /sbin, /bin into /usr/lib, /usr/lib64, /usr/sbin and /usr/bin
This update will fix the labeling for all these files
Dan Walsh [Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)]
More fixes for the move from /lib, /bin, /sbin, to /usr directory
Dan Walsh [Tue, 6 Dec 2011 16:26:21 +0000 (11:26 -0500)]
Lets remove global label for logs directories under /var/www, if we have specific needs we should add label for those directories
Dan Walsh [Tue, 6 Dec 2011 16:16:23 +0000 (11:16 -0500)]
add more file trans rules for files labeled shadow_file_t
Miroslav Grepl [Tue, 6 Dec 2011 11:24:45 +0000 (12:24 +0100)]
Fix labeling for /dev/dmfm
Miroslav Grepl [Tue, 6 Dec 2011 11:25:45 +0000 (12:25 +0100)]
Allow abrt to getattr on blk files
Dan Walsh [Mon, 5 Dec 2011 21:02:06 +0000 (16:02 -0500)]
Allow user_mail_t to read /dev/random
Dan Walsh [Mon, 5 Dec 2011 20:41:03 +0000 (15:41 -0500)]
Label /etc/locale.conf correctly
Dan Walsh [Mon, 5 Dec 2011 18:48:24 +0000 (13:48 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 5 Dec 2011 18:48:04 +0000 (13:48 -0500)]
Allow systemd_logind_t to look at process info of apps that exchange dbus messages with it
Miroslav Grepl [Mon, 5 Dec 2011 14:35:21 +0000 (15:35 +0100)]
Allow postfix-smtpd to read MIMEDefang
Miroslav Grepl [Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)]
Allow mozilla_plugin_t to manage mozilla_home_t, needed by Flash
Miroslav Grepl [Mon, 5 Dec 2011 11:46:05 +0000 (12:46 +0100)]
Add label for /var/log/suphp.log
Miroslav Grepl [Mon, 5 Dec 2011 11:28:21 +0000 (12:28 +0100)]
More fixes for rhev_agentd_t consolehelper policy
* Allow dbus chat with unconfined, unconfined_dbusd_t
* Backport RHEL6 fixes
Miroslav Grepl [Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)]
Allow systemd-tmpfiles to change user identity in object contexts
Miroslav Grepl [Mon, 5 Dec 2011 11:01:08 +0000 (12:01 +0100)]
Allow systemd-tmpfiles to setattr for /run/user/gdm/dconf
Dan Walsh [Sat, 3 Dec 2011 16:21:46 +0000 (11:21 -0500)]
Allow swat_t to connect and read/write nmbd_t sock_file
Dan Walsh [Fri, 2 Dec 2011 19:36:39 +0000 (14:36 -0500)]
chromium-browser changed its name, label entire directory as bin_t
Dan Walsh [Fri, 2 Dec 2011 19:23:53 +0000 (14:23 -0500)]
telpathy_mission_control needs to manage gnome_home_config
Dan Walsh [Fri, 2 Dec 2011 19:23:26 +0000 (14:23 -0500)]
Allow namespace_init_t to relabelfrom and to any MCS label
Dan Walsh [Fri, 2 Dec 2011 19:07:37 +0000 (14:07 -0500)]
Allow initrc_t to set attributes on sendmail pid file
Dan Walsh [Fri, 2 Dec 2011 19:03:57 +0000 (14:03 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 2 Dec 2011 19:03:03 +0000 (14:03 -0500)]
Policy cleanup for upstream acceptance
Dan Walsh [Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)]
Allow confined users to use mozilla_plugin_rw_t
Miroslav Grepl [Fri, 2 Dec 2011 15:41:25 +0000 (16:41 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 2 Dec 2011 12:28:24 +0000 (07:28 -0500)]
Fixes needed to allow pam_securid.so to work
Dan Walsh [Fri, 2 Dec 2011 12:24:43 +0000 (07:24 -0500)]
Cleanup watchdog code for submission to upstream
Miroslav Grepl [Fri, 2 Dec 2011 10:59:19 +0000 (11:59 +0100)]
Allow gnomeclock to send system log msgs
Miroslav Grepl [Fri, 2 Dec 2011 10:50:31 +0000 (11:50 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 1 Dec 2011 21:43:42 +0000 (16:43 -0500)]
Stop using usertype
Dan Walsh [Thu, 1 Dec 2011 21:27:33 +0000 (16:27 -0500)]
Users that use X and spice need to use the virtio device
Dan Walsh [Thu, 1 Dec 2011 21:27:15 +0000 (16:27 -0500)]
add upstream gpg_exec interface
Dan Walsh [Thu, 1 Dec 2011 19:54:58 +0000 (14:54 -0500)]
Remove extra white space
Dan Walsh [Thu, 1 Dec 2011 19:54:33 +0000 (14:54 -0500)]
I believe the broken bluetooth code is no longer needed
Dan Walsh [Thu, 1 Dec 2011 19:53:48 +0000 (14:53 -0500)]
Upstream calls the gnomedomain rather then gnome_domain
Miroslav Grepl [Thu, 1 Dec 2011 19:09:34 +0000 (20:09 +0100)]
Use fs_use_xattr for squashfs
Miroslav Grepl [Thu, 1 Dec 2011 18:17:38 +0000 (19:17 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 1 Dec 2011 17:03:15 +0000 (12:03 -0500)]
Allow mozilla_plugin_config_t to use inherited pty
Dan Walsh [Thu, 1 Dec 2011 15:53:56 +0000 (10:53 -0500)]
Fix procs_type interface
Miroslav Grepl [Thu, 1 Dec 2011 10:37:25 +0000 (11:37 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 30 Nov 2011 17:04:10 +0000 (12:04 -0500)]
Dovecot has a new fifo_file /var/run/dovecot/stats-mail
Dan Walsh [Wed, 30 Nov 2011 16:39:11 +0000 (11:39 -0500)]
Dovecot has a new fifo_file /var/run/stats-mail
Miroslav Grepl [Wed, 30 Nov 2011 13:00:01 +0000 (14:00 +0100)]
Colord does not need to connect to network
Miroslav Grepl [Wed, 30 Nov 2011 12:59:03 +0000 (13:59 +0100)]
Allow system_cronjob to dbus chat with NetworkManager
Dan Walsh [Wed, 30 Nov 2011 00:55:15 +0000 (19:55 -0500)]
Puppet manages content, want to make sure it labels everything correctly
Dan Walsh [Tue, 29 Nov 2011 20:02:46 +0000 (15:02 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 29 Nov 2011 20:02:37 +0000 (15:02 -0500)]
squashfs supports extended attributes
Miroslav Grepl [Tue, 29 Nov 2011 15:54:37 +0000 (16:54 +0100)]
add snmp_read_snmp_var_lib_dirs() interface
Miroslav Grepl [Tue, 29 Nov 2011 11:40:00 +0000 (12:40 +0100)]
Fix devicekit_manage_pid_files() interface
Miroslav Grepl [Tue, 29 Nov 2011 10:34:51 +0000 (11:34 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 29 Nov 2011 03:24:02 +0000 (22:24 -0500)]
Allow all postfix domains to use the fifo_file
Dan Walsh [Tue, 29 Nov 2011 03:15:57 +0000 (22:15 -0500)]
The dbus daemon for fprintd reads the cmdline of the program it is chatting with
Dan Walsh [Tue, 29 Nov 2011 03:06:19 +0000 (22:06 -0500)]
Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t
Dan Walsh [Tue, 29 Nov 2011 02:57:47 +0000 (21:57 -0500)]
Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp
Dan Walsh [Tue, 29 Nov 2011 02:46:20 +0000 (21:46 -0500)]
Let firewallgui read the selinux config
Dan Walsh [Tue, 29 Nov 2011 02:30:06 +0000 (21:30 -0500)]
Allow squid to check the network state
Dan Walsh [Tue, 29 Nov 2011 02:09:43 +0000 (21:09 -0500)]
Allow mount to read modutils_dep_t, probably a leak but not worth blocking
Dan Walsh [Tue, 29 Nov 2011 02:05:36 +0000 (21:05 -0500)]
Allow ping domains to read zabbix_tmp_t files
Dan Walsh [Tue, 29 Nov 2011 02:04:01 +0000 (21:04 -0500)]
Forward port f16 zabbix fixes
Dan Walsh [Tue, 29 Nov 2011 01:45:02 +0000 (20:45 -0500)]
Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it
Dan Walsh [Mon, 28 Nov 2011 23:19:20 +0000 (18:19 -0500)]
Dontaudit colord getattr on file systems
Dan Walsh [Mon, 28 Nov 2011 21:50:47 +0000 (16:50 -0500)]
Change spamd_read_pid to spamd_read_pid_files
Dan Walsh [Mon, 28 Nov 2011 21:47:36 +0000 (16:47 -0500)]
Allow clamd to read spamd_var_run_t files
Miroslav Grepl [Mon, 28 Nov 2011 20:20:32 +0000 (21:20 +0100)]
merge fix
Miroslav Grepl [Mon, 28 Nov 2011 16:54:02 +0000 (17:54 +0100)]
Fix merge issue
Miroslav Grepl [Mon, 28 Nov 2011 16:38:14 +0000 (17:38 +0100)]
Disable cron_role for sysadm
Miroslav Grepl [Mon, 28 Nov 2011 14:39:48 +0000 (15:39 +0100)]
Allow mailman to read /dev/urandom
Miroslav Grepl [Mon, 28 Nov 2011 13:09:15 +0000 (14:09 +0100)]
Allow clamd to read spamd pid file
* needs to read /var/spool/MIMEDefang/*
Miroslav Grepl [Mon, 28 Nov 2011 11:32:10 +0000 (12:32 +0100)]
Allow mount to read /dev/urandom
Miroslav Grepl [Mon, 28 Nov 2011 10:57:36 +0000 (11:57 +0100)]
Allow httpd_collectd_script_t to search /var/lib
Miroslav Grepl [Thu, 24 Nov 2011 11:50:38 +0000 (12:50 +0100)]
Allow spamd to send mail
Miroslav Grepl [Thu, 24 Nov 2011 11:36:13 +0000 (12:36 +0100)]
Add ssh_home_t label for /var/lib/nocpulse/.ssh
Miroslav Grepl [Thu, 24 Nov 2011 11:27:13 +0000 (12:27 +0100)]
Allow puppetmaster to read network state
Miroslav Grepl [Thu, 24 Nov 2011 11:19:45 +0000 (12:19 +0100)]
Add colord_can_network_connect boolean
Conflicts:
policy/modules/services/colord.te
Miroslav Grepl [Thu, 24 Nov 2011 10:41:10 +0000 (11:41 +0100)]
Allow colord to execute shell
Add bin_t label for "/usr/lib/iscan/network"
Miroslav Grepl [Thu, 24 Nov 2011 09:54:00 +0000 (10:54 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 23 Nov 2011 20:05:20 +0000 (15:05 -0500)]
Allow cvs_t tries to read utmp file, dontaudit
Dan Walsh [Wed, 23 Nov 2011 20:02:39 +0000 (15:02 -0500)]
Namespace_init needs to execute shell
Dan Walsh [Wed, 23 Nov 2011 18:23:16 +0000 (13:23 -0500)]
winbind needs to be able to talk to ldap directly, not through sssd
Dan Walsh [Wed, 23 Nov 2011 17:57:40 +0000 (12:57 -0500)]
dnsmasq wants to read proc_net_t
Dan Walsh [Wed, 23 Nov 2011 17:57:10 +0000 (12:57 -0500)]
saslauthd_t needs to connect to zarafa_port_t
Miroslav Grepl [Wed, 23 Nov 2011 14:24:37 +0000 (15:24 +0100)]
Add full DNS support for FreeIPA
Miroslav Grepl [Mon, 21 Nov 2011 13:05:19 +0000 (14:05 +0100)]
Allow collectd-web to read collectd lib files