]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dan Walsh [Wed, 21 Sep 2011 16:08:13 +0000 (12:08 -0400)] 
Add labels for svn and trac to httpd_t can read/write those directories
Dan Walsh [Wed, 21 Sep 2011 15:51:23 +0000 (11:51 -0400)]
Fix name of apache_exec_sys_script
Dan Walsh [Wed, 21 Sep 2011 15:48:27 +0000 (11:48 -0400)]
Add domain to allow confined libra types to execute apache scripts in their own domain
Miroslav Grepl [Wed, 21 Sep 2011 15:40:04 +0000 (15:40 +0000)] 
Fix execmem_execmod() interface
Dan Walsh [Wed, 21 Sep 2011 15:24:52 +0000 (11:24 -0400)]
Removing label from /dev/pts/ptmx
Dan Walsh [Wed, 21 Sep 2011 15:21:42 +0000 (11:21 -0400)]
Allow nfsd to bind to udp nfs port
Dan Walsh [Wed, 21 Sep 2011 15:18:04 +0000 (11:18 -0400)]
Allow mailman_mail_t to user roles
Miroslav Grepl [Wed, 21 Sep 2011 15:17:42 +0000 (15:17 +0000)]
Remove duplicate declaration in corenetwork.te.in
Miroslav Grepl [Wed, 21 Sep 2011 15:15:52 +0000 (15:15 +0000)]
Fix typo
Dan Walsh [Wed, 21 Sep 2011 14:46:16 +0000 (10:46 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 21 Sep 2011 14:45:54 +0000 (10:45 -0400)]
Label zif as rpm_exec_t
Miroslav Grepl [Wed, 21 Sep 2011 14:34:33 +0000 (14:34 +0000)]
Allow pwupdate to send mail
Dan Walsh [Wed, 21 Sep 2011 14:06:04 +0000 (10:06 -0400)]
Fixes to allow apps to use nfs homedirs
Dan Walsh [Wed, 21 Sep 2011 13:41:54 +0000 (09:41 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 21 Sep 2011 13:41:36 +0000 (09:41 -0400)]
Looks like systemd_logind is looking up user data
Miroslav Grepl [Wed, 21 Sep 2011 12:43:50 +0000 (12:43 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 20 Sep 2011 18:30:53 +0000 (14:30 -0400)]
nfsd is binding to the nfs port 2049
Dan Walsh [Tue, 20 Sep 2011 18:04:40 +0000 (14:04 -0400)]
Add additional gitweb file context labeling
Dan Walsh [Tue, 20 Sep 2011 17:39:05 +0000 (13:39 -0400)]
Allow logrotate to set its own keys
Miroslav Grepl [Tue, 20 Sep 2011 16:34:12 +0000 (16:34 +0000)]
Remove duplicate declaration of alsa_filetrans_named_content()
Miroslav Grepl [Tue, 20 Sep 2011 16:21:49 +0000 (16:21 +0000)]
Fix chronyd_systemctl() inteface
Miroslav Grepl [Tue, 20 Sep 2011 16:15:45 +0000 (16:15 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 20 Sep 2011 16:13:42 +0000 (16:13 +0000)]
Fixes for sblim policy
Dan Walsh [Tue, 20 Sep 2011 15:56:00 +0000 (11:56 -0400)]
Mistakenly used ssh_t rather then _t in ssh_server_template
Dan Walsh [Tue, 20 Sep 2011 15:50:32 +0000 (11:50 -0400)]
Allow abrt_t to create link files in /tmp
Dan Walsh [Tue, 20 Sep 2011 15:42:03 +0000 (11:42 -0400)]
cyrus can act as an nntp server
Dan Walsh [Tue, 20 Sep 2011 14:26:36 +0000 (10:26 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 20 Sep 2011 14:23:58 +0000 (10:23 -0400)]
Move 18001 port from http_port_t to jboss_management_port_t
Dan Walsh [Tue, 20 Sep 2011 13:46:35 +0000 (09:46 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 20 Sep 2011 13:46:23 +0000 (09:46 -0400)]
Allow pptp to send signals to kernel processes
Dan Walsh [Tue, 20 Sep 2011 13:46:04 +0000 (09:46 -0400)]
Remove bogus ' from kernel.te policy
Miroslav Grepl [Tue, 20 Sep 2011 13:38:31 +0000 (13:38 +0000)]
Allow snmpd to write /var/run/systemd/notify
Miroslav Grepl [Tue, 20 Sep 2011 13:27:50 +0000 (13:27 +0000)]
Allow pptp to send generic signal to kernel threads
Miroslav Grepl [Tue, 20 Sep 2011 13:03:17 +0000 (13:03 +0000)]
Interface fixes
allow ndc to read system state
Miroslav Grepl [Mon, 19 Sep 2011 18:49:09 +0000 (18:49 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 19 Sep 2011 16:11:23 +0000 (12:11 -0400)]
Asterisk is mistakenly generating a sys_module avc
Dan Walsh [Mon, 19 Sep 2011 16:05:56 +0000 (12:05 -0400)]
It seems that domains that execute systemctl to start or stop a service want to read the process state of the target domain
Dan Walsh [Mon, 19 Sep 2011 16:05:22 +0000 (12:05 -0400)]
exim_t wants to read usr_t files
Dan Walsh [Mon, 19 Sep 2011 16:05:00 +0000 (12:05 -0400)]
Move some interfaces out of userdomain.if to use attributes to shrink size of policy
Dan Walsh [Mon, 19 Sep 2011 16:04:07 +0000 (12:04 -0400)]
Fix spacing
Miroslav Grepl [Mon, 19 Sep 2011 12:25:06 +0000 (12:25 +0000)]
Fix interfaces which cotain bogus declarations and could cause policy issues
Miroslav Grepl [Mon, 19 Sep 2011 12:15:29 +0000 (12:15 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Conflicts:
policy/modules/system/systemd.if
Miroslav Grepl [Mon, 19 Sep 2011 11:42:01 +0000 (11:42 +0000)]
This is as a separate patch in Fedora git repo
Miroslav Grepl [Mon, 19 Sep 2011 11:22:07 +0000 (11:22 +0000)]
systemd needs to read lnk files of systemd unit files
Miroslav Grepl [Mon, 19 Sep 2011 11:21:11 +0000 (11:21 +0000)]
Make colord unconfined domain for now as workaround for #738803
Dan Walsh [Sun, 18 Sep 2011 13:31:43 +0000 (09:31 -0400)]
Allow clamscan to read all executables and with a boolean scan files in the users homedir
Dan Walsh [Sun, 18 Sep 2011 13:27:28 +0000 (09:27 -0400)]
FIx userdom filetrans rule to take all params
Dan Walsh [Fri, 16 Sep 2011 17:09:14 +0000 (13:09 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 16 Sep 2011 15:07:43 +0000 (11:07 -0400)]
Manageing unit files can also mean managing links to them
Miroslav Grepl [Fri, 16 Sep 2011 15:01:29 +0000 (15:01 +0000)]
Use the proper boolean in mock and userhelper policy
Miroslav Grepl [Fri, 16 Sep 2011 14:46:01 +0000 (14:46 +0000)]
Fix puppet_search_pid() interface
Miroslav Grepl [Fri, 16 Sep 2011 14:40:34 +0000 (14:40 +0000)]
fix bogus in corenetwork.te.in
Miroslav Grepl [Fri, 16 Sep 2011 14:33:35 +0000 (14:33 +0000)]
Allow sanlock to manage virt lib files
Miroslav Grepl [Fri, 16 Sep 2011 14:31:36 +0000 (14:31 +0000)]
MOck needs to read runtime files
Miroslav Grepl [Fri, 16 Sep 2011 14:30:45 +0000 (14:30 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 16 Sep 2011 14:30:21 +0000 (14:30 +0000)]
Add virt_use_sanlock booelan
Dan Walsh [Thu, 15 Sep 2011 22:18:38 +0000 (18:18 -0400)]
systemd writes unit files when domains ask it to
Dan Walsh [Thu, 15 Sep 2011 22:18:16 +0000 (18:18 -0400)]
ksmtuned is trying to resolve uids
Dan Walsh [Thu, 15 Sep 2011 22:17:42 +0000 (18:17 -0400)]
Make sure .gvfs is labeled user_home_t in the users home directory
Dan Walsh [Thu, 15 Sep 2011 18:58:19 +0000 (14:58 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 15 Sep 2011 18:57:27 +0000 (14:57 -0400)]
Sanlock sends kill signals and needs the kill capability
Dan Walsh [Thu, 15 Sep 2011 18:57:01 +0000 (14:57 -0400)]
Allow mockbuild to work on nfs homedirs
Miroslav Grepl [Thu, 15 Sep 2011 16:36:56 +0000 (16:36 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 15 Sep 2011 16:34:12 +0000 (16:34 +0000)]
Fix kerberos_manage_host_rcache() interface
Miroslav Grepl [Thu, 15 Sep 2011 16:02:24 +0000 (16:02 +0000)]
Allow exim to read system state
Miroslav Grepl [Thu, 15 Sep 2011 15:02:42 +0000 (15:02 +0000)]
Allow piranha pulse to bind COBRA mgmnt port
Miroslav Grepl [Thu, 15 Sep 2011 14:47:17 +0000 (14:47 +0000)]
Make puppet and passenger working together
Dan Walsh [Thu, 15 Sep 2011 14:24:13 +0000 (10:24 -0400)]
Allow domains that manage host rcache to create krn5_host_rcache files in directories with this name
Dan Walsh [Thu, 15 Sep 2011 14:20:42 +0000 (10:20 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 15 Sep 2011 14:20:17 +0000 (10:20 -0400)]
systemd_tmpfiles needs to be able to create /var/cache/man directory
Miroslav Grepl [Wed, 14 Sep 2011 15:58:24 +0000 (15:58 +0000)]
Add ssh_rw_dgram_sockets() interface
Miroslav Grepl [Wed, 14 Sep 2011 15:54:46 +0000 (15:54 +0000)]
Remove duplicate declaration from userdomain.if
Miroslav Grepl [Wed, 14 Sep 2011 15:31:11 +0000 (15:31 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 14 Sep 2011 15:30:24 +0000 (15:30 +0000)]
backport chroot_user_t policy from RHEL6 which is for chroot openssh mode
Miroslav Grepl [Wed, 14 Sep 2011 15:27:28 +0000 (15:27 +0000)]
Add userdom_dyntransition_unpriv_users() interface
Miroslav Grepl [Tue, 13 Sep 2011 22:12:15 +0000 (22:12 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 13 Sep 2011 21:12:54 +0000 (17:12 -0400)]
dhcpc sendto to init_t over a stream socket
Dan Walsh [Tue, 13 Sep 2011 20:56:39 +0000 (16:56 -0400)]
Allow dnmasq_t to read network manager files under /var/run
Dan Walsh [Tue, 13 Sep 2011 17:22:11 +0000 (13:22 -0400)]
Running NetworkManager as unconfined_t ends up labeling resolv.conf wrong, since it creates resolv.conf.tmp and then relabels it to resolv.conf
Miroslav Grepl [Tue, 13 Sep 2011 16:09:23 +0000 (16:09 +0000)]
Fix systemd_search_unit_dirs() interface
Miroslav Grepl [Tue, 13 Sep 2011 16:01:50 +0000 (16:01 +0000)]
fix typo in radius policy
Dan Walsh [Tue, 13 Sep 2011 15:03:55 +0000 (11:03 -0400)]
Allow systemd-tmpfiles to set the correct labels on /var/run, /tmp and other files, removes ugly messages in dmesg on boot
Dan Walsh [Tue, 13 Sep 2011 14:13:56 +0000 (10:13 -0400)]
We want any file type that is created in /tmp by a process running as initrc_t to be labeled initrc_tmp_t, if unconfined module is being used
Dan Walsh [Tue, 13 Sep 2011 13:24:37 +0000 (09:24 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 13 Sep 2011 13:51:27 +0000 (13:51 +0000)]
Allow collectd to get the attributes of all filesystems
Miroslav Grepl [Tue, 13 Sep 2011 13:47:47 +0000 (13:47 +0000)]
Allow collectd to read hardware state information
Dan Walsh [Tue, 13 Sep 2011 13:22:51 +0000 (09:22 -0400)]
Add loop_control_device_t, I have no idea which domains will need access to this.
Miroslav Grepl [Tue, 13 Sep 2011 07:21:55 +0000 (07:21 +0000)]
Allow mdadm to request kernel to load module
Miroslav Grepl [Tue, 13 Sep 2011 07:19:05 +0000 (07:19 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 12 Sep 2011 20:13:25 +0000 (16:13 -0400)]
Allow domains that start other domains via systemctl to search unit dirs
Dan Walsh [Mon, 12 Sep 2011 19:31:47 +0000 (15:31 -0400)]
systemd_tmpfiles, needs to list any file systems mounted on /tmp
Dan Walsh [Mon, 12 Sep 2011 19:31:26 +0000 (15:31 -0400)]
No one can explain why radius is listing the contents of /tmp, so we will dontaudit
Dan Walsh [Mon, 12 Sep 2011 19:30:35 +0000 (15:30 -0400)]
If I can manage etc_runtime files, I should be able to read the links
Dan Walsh [Mon, 12 Sep 2011 19:00:59 +0000 (15:00 -0400)]
Dontaudit hostname writing to mock library chr_files
Miroslav Grepl [Mon, 12 Sep 2011 16:04:42 +0000 (16:04 +0000)]
Fix bogus line in spamd policy
Dan Walsh [Mon, 12 Sep 2011 14:17:00 +0000 (10:17 -0400)]
Have gdm_t setup labeling correctly in users home dir
Dan Walsh [Mon, 12 Sep 2011 14:14:27 +0000 (10:14 -0400)]
Label content unde /var/run/user/NAME/dconf as config_home_t
Dan Walsh [Mon, 12 Sep 2011 13:31:19 +0000 (09:31 -0400)]
Allow unconfined domains to setenforce
Miroslav Grepl [Mon, 12 Sep 2011 13:32:25 +0000 (13:32 +0000)]
Allow sa-update to execute shell
Miroslav Grepl [Mon, 12 Sep 2011 13:27:39 +0000 (13:27 +0000)]
Make ssh-keygen working with fips_enabled
projects / people / stevee / selinux-policy.git / log
