]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Wed, 3 Aug 2011 15:02:27 +0000 (15:02 +0000)]
Allow zarafa-indexer chown and read /dev/random
Miroslav Grepl [Wed, 3 Aug 2011 14:59:43 +0000 (14:59 +0000)]
Fixes for pegasus policy
Miroslav Grepl [Wed, 3 Aug 2011 14:50:44 +0000 (14:50 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 3 Aug 2011 14:49:32 +0000 (14:49 +0000)]
Fixes for sblim policy
Dan Walsh [Wed, 3 Aug 2011 14:17:46 +0000 (10:17 -0400)]
Fixes for Tom London Shutdown avc's
Dan Walsh [Wed, 3 Aug 2011 12:25:10 +0000 (08:25 -0400)]
Add port_type attribute to unreserved_port_tt
Miroslav Grepl [Tue, 2 Aug 2011 21:13:02 +0000 (21:13 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 2 Aug 2011 20:33:55 +0000 (16:33 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 2 Aug 2011 20:28:32 +0000 (16:28 -0400)]
abrt_dump_oops_t seems to listing inotify
Dan Walsh [Tue, 2 Aug 2011 20:28:05 +0000 (16:28 -0400)]
Remove /var/cfengine/output spec, not used
Dan Walsh [Tue, 2 Aug 2011 20:27:15 +0000 (16:27 -0400)]
Alow uuidd_t to use urandom device and to create udp sockets
Dan Walsh [Tue, 2 Aug 2011 20:11:42 +0000 (16:11 -0400)]
Add new policy for cfengine
Miroslav Grepl [Tue, 2 Aug 2011 19:32:11 +0000 (19:32 +0000)]
Use the proper nx_filetrans_named_content() interface
Miroslav Grepl [Tue, 2 Aug 2011 19:18:41 +0000 (19:18 +0000)]
Fix definition for unreserved_port_t
Miroslav Grepl [Tue, 2 Aug 2011 19:13:31 +0000 (19:13 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 2 Aug 2011 19:05:30 +0000 (15:05 -0400)]
allow dhcpc_t to send signal to systemd_passwd_agent, cleanup interfaces
Dan Walsh [Tue, 2 Aug 2011 18:43:16 +0000 (14:43 -0400)]
sulogin needs to read locale
Dan Walsh [Tue, 2 Aug 2011 18:39:24 +0000 (14:39 -0400)]
Add named filetrans rules for /dev/md[0-9]
Dan Walsh [Tue, 2 Aug 2011 18:23:39 +0000 (14:23 -0400)]
Allow user domains to append to the xdm_log_t
Dan Walsh [Tue, 2 Aug 2011 18:23:22 +0000 (14:23 -0400)]
Fix range on unreserved_port_t
Dan Walsh [Tue, 2 Aug 2011 13:41:42 +0000 (09:41 -0400)]
Fix label of .ssh directory under nx directories
Dan Walsh [Tue, 2 Aug 2011 13:39:55 +0000 (09:39 -0400)]
Fix type on pki_ca label
Miroslav Grepl [Tue, 2 Aug 2011 10:05:11 +0000 (10:05 +0000)]
Add abrt_domain attribute
Miroslav Grepl [Tue, 2 Aug 2011 09:48:45 +0000 (09:48 +0000)]
Allow corosync to manage cluster lib files
Miroslav Grepl [Tue, 2 Aug 2011 08:35:37 +0000 (08:35 +0000)]
Allow corosync to connect to the system DBUS
Miroslav Grepl [Mon, 1 Aug 2011 22:52:42 +0000 (22:52 +0000)]
Fix pki_ca port definition
Miroslav Grepl [Mon, 1 Aug 2011 22:38:30 +0000 (22:38 +0000)]
Fixes uuidd policy
Dan Walsh [Mon, 1 Aug 2011 20:28:35 +0000 (16:28 -0400)]
Add definition for pki_ca at port 9946 and define all ports > 1023 as unrserved_port_t
Dan Walsh [Mon, 1 Aug 2011 20:06:07 +0000 (16:06 -0400)]
Allow systemd-shutdown to execute files created in var_run_t directories and delete all files under /var/run
Dan Walsh [Mon, 1 Aug 2011 19:25:06 +0000 (15:25 -0400)]
Allow kernel_t to dyntrans to init_t
Dan Walsh [Mon, 1 Aug 2011 18:02:24 +0000 (14:02 -0400)]
uuid merged
Dan Walsh [Mon, 1 Aug 2011 17:57:37 +0000 (13:57 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 1 Aug 2011 17:57:00 +0000 (13:57 -0400)]
Add uuidd
Miroslav Grepl [Mon, 1 Aug 2011 17:14:04 +0000 (17:14 +0000)]
Add init_dyntrans interface
Miroslav Grepl [Mon, 1 Aug 2011 16:50:19 +0000 (16:50 +0000)]
Allow ctdbd to bind to ctdb port
Miroslav Grepl [Mon, 1 Aug 2011 15:03:11 +0000 (15:03 +0000)]
syslogd needs to read snmpd lib files because of rsyslog omsnmp module
Miroslav Grepl [Mon, 1 Aug 2011 14:14:12 +0000 (14:14 +0000)]
Allow sanlock to read /dev/urandom
Miroslav Grepl [Mon, 1 Aug 2011 14:04:32 +0000 (14:04 +0000)]
More ctdbd fixes
Miroslav Grepl [Mon, 1 Aug 2011 13:34:35 +0000 (13:34 +0000)]
Allow lldpad to send message to unpriv users over unix domain datagram socket
Miroslav Grepl [Mon, 1 Aug 2011 13:20:26 +0000 (13:20 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 1 Aug 2011 13:19:50 +0000 (13:19 +0000)]
Add policy for SBLIM Gatherer
Dominick Grift [Mon, 1 Aug 2011 10:17:17 +0000 (12:17 +0200)]
Merge branch 'bitlbee'
Miroslav Grepl [Mon, 1 Aug 2011 10:11:17 +0000 (10:11 +0000)]
Add initial policy for uuidd
Dominick Grift [Mon, 1 Aug 2011 10:05:38 +0000 (12:05 +0200)]
bitlbee need to bind tcp sockets to ircd ports
Miroslav Grepl [Fri, 29 Jul 2011 16:04:39 +0000 (16:04 +0000)]
Fix typo
Dan Walsh [Fri, 29 Jul 2011 13:53:16 +0000 (09:53 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 29 Jul 2011 13:34:10 +0000 (09:34 -0400)]
allow puppetmaster to relabel files in puppet_var_lib_t
Dan Walsh [Fri, 29 Jul 2011 11:55:51 +0000 (07:55 -0400)]
udev executing systemctl needs to read system_conf_t files
Dan Walsh [Fri, 29 Jul 2011 11:55:28 +0000 (07:55 -0400)]
systemd content in /run should be called pid files so systemd_tmpfiles_t can relabel it
Dan Walsh [Fri, 29 Jul 2011 11:54:44 +0000 (07:54 -0400)]
init now does a setexec and needs to talk to lvm_t pipes
Dan Walsh [Fri, 29 Jul 2011 11:54:28 +0000 (07:54 -0400)]
init now does a setexec and needs to talk to lvm_t pipes
Miroslav Grepl [Fri, 29 Jul 2011 10:51:33 +0000 (10:51 +0000)]
Since /run/user is now labeled as user_tmp_t, systemd-login needs to manage this type
Miroslav Grepl [Fri, 29 Jul 2011 07:56:32 +0000 (07:56 +0000)]
Fix typo
Dan Walsh [Fri, 29 Jul 2011 03:45:11 +0000 (23:45 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:44:55 +0000 (23:44 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Fri, 29 Jul 2011 03:44:46 +0000 (23:44 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:43:56 +0000 (23:43 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:43:07 +0000 (23:43 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:42:17 +0000 (23:42 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Fri, 29 Jul 2011 03:41:42 +0000 (23:41 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:40:52 +0000 (23:40 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:40:11 +0000 (23:40 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:39:05 +0000 (23:39 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:38:43 +0000 (23:38 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:37:59 +0000 (23:37 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:36:52 +0000 (23:36 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:35:21 +0000 (23:35 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Fri, 29 Jul 2011 03:34:58 +0000 (23:34 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:34:38 +0000 (23:34 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:33:51 +0000 (23:33 -0400)]
Use attributes instead of putting all rules in interfaces to save space
Dan Walsh [Fri, 29 Jul 2011 03:32:56 +0000 (23:32 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:32:45 +0000 (23:32 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files instead
Dan Walsh [Fri, 29 Jul 2011 03:32:21 +0000 (23:32 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:31:41 +0000 (23:31 -0400)]
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_security_files in stead
Dan Walsh [Fri, 29 Jul 2011 03:30:54 +0000 (23:30 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Fri, 29 Jul 2011 03:29:50 +0000 (23:29 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Fri, 29 Jul 2011 03:28:59 +0000 (23:28 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:28:28 +0000 (23:28 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Fri, 29 Jul 2011 03:27:54 +0000 (23:27 -0400)]
Remove dontaudit.*socket_class_set, moved to domain.te to save space on policy
Dan Walsh [Fri, 29 Jul 2011 03:27:15 +0000 (23:27 -0400)]
Remove nscd_socket_use and replace with auth_use_nsswitch
Dan Walsh [Thu, 28 Jul 2011 22:09:32 +0000 (18:09 -0400)]
Stop use port_type - port_t, causes an explosion in dontaudit rules, changing to using attributes saves 40,000 dontaudit rules
Dan Walsh [Thu, 28 Jul 2011 21:30:52 +0000 (17:30 -0400)]
Change auth_use_nsswitch, init_system_daemon and init_daemon_domain to use attributes, to shring policy size
Dan Walsh [Thu, 28 Jul 2011 15:09:11 +0000 (11:09 -0400)]
Allow user apps to append to inherited xdm_log_t, fix the xserver_xdm_append_log to only allow inherited logs
Dan Walsh [Wed, 27 Jul 2011 13:47:53 +0000 (09:47 -0400)]
Fix path for HOME_DIR/.local/bin
Dan Walsh [Wed, 27 Jul 2011 12:32:26 +0000 (08:32 -0400)]
setup dnsmasq labeling correctly from unconfined_t and virt
Miroslav Grepl [Wed, 27 Jul 2011 08:19:40 +0000 (08:19 +0000)]
Allow ctdbd to read public files
Miroslav Grepl [Tue, 26 Jul 2011 17:04:38 +0000 (17:04 +0000)]
Fix label for /usr/lib64/dirsrv/cgi-bin/ds_remove
Miroslav Grepl [Tue, 26 Jul 2011 17:02:12 +0000 (17:02 +0000)]
Allow dhcp sys_chroot capability
Miroslav Grepl [Tue, 26 Jul 2011 16:59:24 +0000 (16:59 +0000)]
Fix typo in dhcp
Miroslav Grepl [Tue, 26 Jul 2011 16:46:30 +0000 (16:46 +0000)]
Fix dnsmasq_filetrans_named_content typo in xml definition
Miroslav Grepl [Tue, 26 Jul 2011 15:37:18 +0000 (15:37 +0000)]
Fix fcoemon_dgram_send inteface
Miroslav Grepl [Tue, 26 Jul 2011 14:36:44 +0000 (14:36 +0000)]
Allow rcsmcertd to perform DNS name resolution
Miroslav Grepl [Tue, 26 Jul 2011 14:28:35 +0000 (14:28 +0000)]
Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts
Miroslav Grepl [Tue, 26 Jul 2011 13:13:41 +0000 (13:13 +0000)]
Some interfaces are just access interfaces, not template
Miroslav Grepl [Tue, 26 Jul 2011 10:23:38 +0000 (10:23 +0000)]
More fixes for .if policy files
Dan Walsh [Mon, 25 Jul 2011 20:27:00 +0000 (16:27 -0400)]
add interface to dontaudit writes to urand, needed by libra
Dan Walsh [Mon, 25 Jul 2011 20:26:38 +0000 (16:26 -0400)]
sandbox_xserver wants to read online within the sysfs file system
Dan Walsh [Mon, 25 Jul 2011 15:58:21 +0000 (11:58 -0400)]
Allow udev to send dgram packets to lvm
Dan Walsh [Mon, 25 Jul 2011 15:48:41 +0000 (11:48 -0400)]
Allow tmux to run as screen
Dan Walsh [Mon, 25 Jul 2011 15:28:30 +0000 (11:28 -0400)]
New policy for collectd
projects / people / stevee / selinux-policy.git / log
