]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Mon, 12 Sep 2011 07:55:08 +0000 (07:55 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Sun, 11 Sep 2011 12:50:46 +0000 (08:50 -0400)]
Dontaudit certain confined domains from talking to the abrt system (libra_t)
Dan Walsh [Sun, 11 Sep 2011 12:50:18 +0000 (08:50 -0400)]
Make mock work for staff_t user
Dan Walsh [Sun, 11 Sep 2011 12:50:03 +0000 (08:50 -0400)]
Make mock work for staff_t user
Dan Walsh [Fri, 9 Sep 2011 15:23:11 +0000 (11:23 -0400)]
Tighten security on mock_t
Dan Walsh [Fri, 9 Sep 2011 12:18:40 +0000 (08:18 -0400)]
Cleanup filetrans_named_content handling of files for sysnet
Miroslav Grepl [Fri, 9 Sep 2011 07:48:40 +0000 (07:48 +0000)]
Allow crond fowner capability to make it working without unconfined module
Dan Walsh [Thu, 8 Sep 2011 18:59:21 +0000 (14:59 -0400)]
removing unconfined_notrans_t no longer necessary
Dan Walsh [Thu, 8 Sep 2011 18:55:59 +0000 (14:55 -0400)]
Remove unconfined_mount_t and leave mount command running as unconfined_t. or transition to mount_t, unconfined_mount_t was just to make sure /etc/mtab got labeled correctly but this is now a link file and any other changes should be handled by filename_trans rules
Dan Walsh [Thu, 8 Sep 2011 18:43:42 +0000 (14:43 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 8 Sep 2011 18:43:13 +0000 (14:43 -0400)]
Clean up handling of secure_mode_insmod and secure_mode_policyload
Miroslav Grepl [Thu, 8 Sep 2011 14:50:16 +0000 (14:50 +0000)]
Fix systemd_read_unit_files() interface to make system working
Miroslav Grepl [Thu, 8 Sep 2011 14:26:36 +0000 (14:26 +0000)]
Fix bogus in sblim_read_pid_files() interface
Miroslav Grepl [Thu, 8 Sep 2011 13:38:15 +0000 (13:38 +0000)]
Allow systat to execute shell
Miroslav Grepl [Wed, 7 Sep 2011 14:40:17 +0000 (14:40 +0000)]
smbcontrol needs to use console when root is logged in via console
Dan Walsh [Tue, 6 Sep 2011 15:53:52 +0000 (11:53 -0400)]
For some reason chfn tries to stat all devices, dontaudit this
Dan Walsh [Tue, 6 Sep 2011 15:44:32 +0000 (11:44 -0400)]
On resume, devicekit_power is resetting X using xmodutil, so it needs to talk to the Xserver
Dan Walsh [Tue, 6 Sep 2011 15:34:20 +0000 (11:34 -0400)]
Allow saslauthd to be able to manipulate afs kernel subsystem at login
Dan Walsh [Tue, 6 Sep 2011 15:30:58 +0000 (11:30 -0400)]
allow xdm_t to execute content labeled xdm_tmp_t, needed for xdm to be able to run gnome-shell
Dan Walsh [Tue, 6 Sep 2011 15:18:43 +0000 (11:18 -0400)]
/etc/passwd.adjunct and /etc/passwd.adjunct.old need to be labeled shadow_t
Dan Walsh [Tue, 6 Sep 2011 14:55:06 +0000 (10:55 -0400)]
certmaster wants to read /dev/urand
Dan Walsh [Tue, 6 Sep 2011 14:48:22 +0000 (10:48 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 6 Sep 2011 14:57:07 +0000 (14:57 +0000)]
Allow glance_registry to create tmp files
Dan Walsh [Tue, 6 Sep 2011 14:48:07 +0000 (10:48 -0400)]
Allow sssd to manipulate the network route table to watch for the network coming and going
Miroslav Grepl [Tue, 6 Sep 2011 12:51:51 +0000 (12:51 +0000)]
Add exim_exec_t label for /usr/sbin/exim_tidydb
Miroslav Grepl [Mon, 5 Sep 2011 14:51:57 +0000 (14:51 +0000)]
Fix other typo in systemd policy
Miroslav Grepl [Mon, 5 Sep 2011 14:48:04 +0000 (14:48 +0000)]
Call init_dontaudit_rw_stream_socket() interface in mta policy
Miroslav Grepl [Mon, 5 Sep 2011 14:35:47 +0000 (14:35 +0000)]
Fix typo in corosync policy
Miroslav Grepl [Mon, 5 Sep 2011 14:23:42 +0000 (14:23 +0000)]
ssshd need to search /var/cache/krb5rcache directory
Miroslav Grepl [Mon, 5 Sep 2011 13:55:08 +0000 (13:55 +0000)]
Fix for systemd policy
Miroslav Grepl [Mon, 5 Sep 2011 12:30:31 +0000 (12:30 +0000)]
Allow corosync to relabel own tmp files
Miroslav Grepl [Mon, 5 Sep 2011 07:41:30 +0000 (07:41 +0000)]
Allow zarafa domains to send system log messages
Dan Walsh [Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)]
Allow ssh to do tunneling
Dan Walsh [Fri, 2 Sep 2011 12:30:47 +0000 (08:30 -0400)]
Add tcp port 8123 as an apache cache port. google search shows this port described with the following:
Dan Walsh [Thu, 1 Sep 2011 20:05:31 +0000 (16:05 -0400)]
Allow initrc scripts to sendto init_t unix_stream_socket
Dan Walsh [Thu, 1 Sep 2011 19:56:37 +0000 (15:56 -0400)]
Changes to make sure dmsmasq and virt directories are labeled correctly.
Dan Walsh [Thu, 1 Sep 2011 19:56:07 +0000 (15:56 -0400)]
Changes needed to allow sysadm_t to manage systemd unit files
Dan Walsh [Thu, 1 Sep 2011 18:20:46 +0000 (14:20 -0400)]
init is passing file descriptors to dbus and on to system daemons
Dan Walsh [Thu, 1 Sep 2011 18:10:40 +0000 (14:10 -0400)]
Allow sulogin additional access Reported by dgrift and Jeremy Miller
Dan Walsh [Thu, 1 Sep 2011 17:10:27 +0000 (13:10 -0400)]
Steve Grubb believes that wireshark does not need this access
Dan Walsh [Thu, 1 Sep 2011 13:58:32 +0000 (09:58 -0400)]
Fix /var/run/initramfs to stop restorecon from looking at it
Dan Walsh [Wed, 31 Aug 2011 14:40:45 +0000 (10:40 -0400)]
pki needs another port
Dan Walsh [Wed, 31 Aug 2011 13:52:09 +0000 (09:52 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 31 Aug 2011 14:55:23 +0000 (14:55 +0000)]
Add more labels for cluster scripts
Dan Walsh [Wed, 31 Aug 2011 13:51:52 +0000 (09:51 -0400)]
Allow apps that manage cgroup_files to manage cgroup link files
Dan Walsh [Wed, 31 Aug 2011 13:28:34 +0000 (09:28 -0400)]
Fix label on nfs-utils scripts directories
Miroslav Grepl [Wed, 31 Aug 2011 13:18:25 +0000 (13:18 +0000)]
Fixes for cluster
Miroslav Grepl [Wed, 31 Aug 2011 12:47:19 +0000 (12:47 +0000)]
Allow gatherd to read /dev/rand and /dev/urand
Dan Walsh [Tue, 30 Aug 2011 19:38:10 +0000 (15:38 -0400)]
abrt leaks fifo files
Dan Walsh [Tue, 30 Aug 2011 15:46:34 +0000 (11:46 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 30 Aug 2011 16:06:02 +0000 (16:06 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 30 Aug 2011 16:01:48 +0000 (16:01 +0000)]
Allow mdadm setsched
Miroslav Grepl [Tue, 30 Aug 2011 15:58:13 +0000 (15:58 +0000)]
Fix typo in policy/constraints
Miroslav Grepl [Tue, 30 Aug 2011 15:54:49 +0000 (15:54 +0000)]
Fix typo in policy/constraints
Miroslav Grepl [Tue, 30 Aug 2011 15:47:18 +0000 (15:47 +0000)]
Make gpg-agent working with confined users
Dan Walsh [Tue, 30 Aug 2011 15:46:14 +0000 (11:46 -0400)]
dontaudit gpsd trying to sys_ptrace and dac capabilties, it does not really need them
Dan Walsh [Tue, 30 Aug 2011 14:02:43 +0000 (10:02 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 30 Aug 2011 13:49:30 +0000 (09:49 -0400)]
Allow libvirt to relabel its tun_socket
Dan Walsh [Tue, 30 Aug 2011 09:45:55 +0000 (05:45 -0400)]
/var/run/initramfs should not be relabeled with a restorecon run
Dan Walsh [Tue, 30 Aug 2011 01:06:49 +0000 (21:06 -0400)]
label /usr/sbin/raid-check as mdadm_exec_t and allow cron to transition to this domain
Dan Walsh [Tue, 30 Aug 2011 00:54:42 +0000 (20:54 -0400)]
Fixes needed for systemd to boot a machine without an initrd
Dan Walsh [Tue, 30 Aug 2011 00:54:13 +0000 (20:54 -0400)]
memcache can be setup to override sys_resource
Dan Walsh [Mon, 29 Aug 2011 17:55:56 +0000 (13:55 -0400)]
Allow httpd_t to read tetex data
Dan Walsh [Mon, 29 Aug 2011 17:50:32 +0000 (13:50 -0400)]
Allow systemd_tmpfiles to delete kernel modules left in /tmp directory.
Dan Walsh [Mon, 29 Aug 2011 17:46:39 +0000 (13:46 -0400)]
move permissive domains to permissivedomains.te
Dan Walsh [Mon, 29 Aug 2011 17:33:11 +0000 (13:33 -0400)]
Add policy for openstack-glance
Dan Walsh [Mon, 29 Aug 2011 16:24:05 +0000 (12:24 -0400)]
Fix dyntrans rules to allow sshd to become staff_t when running sftp internal shell
Dan Walsh [Mon, 29 Aug 2011 16:23:20 +0000 (12:23 -0400)]
virtsh needs to read /dev/random when shutting down virtual machines
Miroslav Grepl [Mon, 29 Aug 2011 10:58:35 +0000 (10:58 +0000)]
Allow Postfix to deliver to Dovecot LMTP socket
Dan Walsh [Fri, 26 Aug 2011 21:53:49 +0000 (17:53 -0400)]
Ignore bogus sys_module for lldpad
Dan Walsh [Fri, 26 Aug 2011 21:40:38 +0000 (17:40 -0400)]
Allow chrony and gpsd to send dgrams, gpsd needs to write to the real time clock and to list proc
Dan Walsh [Fri, 26 Aug 2011 21:33:27 +0000 (17:33 -0400)]
systemd_logind_t sets the attributes on usb devices
Dan Walsh [Fri, 26 Aug 2011 20:46:50 +0000 (16:46 -0400)]
Allow hddtemp_t to read etc_t files
Dan Walsh [Fri, 26 Aug 2011 18:49:14 +0000 (14:49 -0400)]
Allow pegasis to send kill signals to other UIDs
Dan Walsh [Fri, 26 Aug 2011 17:57:30 +0000 (13:57 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 26 Aug 2011 18:17:26 +0000 (18:17 +0000)]
Fix permissivedomains.if
Miroslav Grepl [Fri, 26 Aug 2011 18:08:53 +0000 (18:08 +0000)]
Allow amanda setsched
Dan Walsh [Fri, 26 Aug 2011 17:56:10 +0000 (13:56 -0400)]
Allow amanda to create amanda_data_t lnk_files and to setsched on its own process
Dan Walsh [Fri, 26 Aug 2011 15:38:19 +0000 (11:38 -0400)]
Move all permissive domains calls to permissivedomain.te
Dan Walsh [Fri, 26 Aug 2011 15:17:43 +0000 (11:17 -0400)]
Turn back on unconfined_domains for final release, but eliminate unconfined_domain, where we don't need it.
Dan Walsh [Fri, 26 Aug 2011 15:05:02 +0000 (11:05 -0400)]
Turn off permissive domains that were in F15 for release and turn back on unconfined domains that were made permissive
Dan Walsh [Fri, 26 Aug 2011 14:53:32 +0000 (10:53 -0400)]
zarafa_deliver_t needs to read random data
Dan Walsh [Fri, 26 Aug 2011 14:50:31 +0000 (10:50 -0400)]
Policy from Qdi Fairbank for qmail
Dan Walsh [Fri, 26 Aug 2011 14:50:09 +0000 (10:50 -0400)]
Policy from Qdi Fairbank for qmail
Miroslav Grepl [Thu, 25 Aug 2011 10:44:56 +0000 (10:44 +0000)]
Make mutt working with confined users
Miroslav Grepl [Thu, 25 Aug 2011 10:39:13 +0000 (10:39 +0000)]
Make openvpn working with sysadm SELinux user
Dan Walsh [Wed, 24 Aug 2011 17:13:47 +0000 (13:13 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 24 Aug 2011 17:13:31 +0000 (13:13 -0400)]
Fix path to chronyd unit files.
Dan Walsh [Wed, 24 Aug 2011 17:12:52 +0000 (13:12 -0400)]
Add port 9123 to jboss_management, it seems to be used by jboss
Miroslav Grepl [Wed, 24 Aug 2011 09:23:15 +0000 (09:23 +0000)]
Replace files_var_log_filetrans() in authlogin.if
Miroslav Grepl [Wed, 24 Aug 2011 08:30:56 +0000 (08:30 +0000)]
Fix name of chronyd_systemctl() interface
Dan Walsh [Wed, 24 Aug 2011 03:15:51 +0000 (23:15 -0400)]
Allow insmod_t to use fds leaked from devicekit
Dan Walsh [Wed, 24 Aug 2011 03:09:03 +0000 (23:09 -0400)]
dontaudit getattr between insmod_t and init_t unix_stream_sockets
Dan Walsh [Wed, 24 Aug 2011 02:35:37 +0000 (22:35 -0400)]
Change sysctl unit file interfaces to use systemctl
Dan Walsh [Wed, 24 Aug 2011 02:35:08 +0000 (22:35 -0400)]
Add support for chronyd unit file
Dan Walsh [Wed, 24 Aug 2011 02:34:05 +0000 (22:34 -0400)]
Allow mozilla_plugin to read gnome_usr_config
Dan Walsh [Tue, 23 Aug 2011 21:08:44 +0000 (17:08 -0400)]
Add policy for new gpsd
Dan Walsh [Tue, 23 Aug 2011 19:13:06 +0000 (15:13 -0400)]
Allow cups to create kerberos rhost cache files
Dan Walsh [Tue, 23 Aug 2011 17:20:35 +0000 (13:20 -0400)]
Add authlogin_filetrans_named_content, to unconfined_t to make sure shadow and other log files get labeled correctly
Dan Walsh [Tue, 23 Aug 2011 12:59:52 +0000 (08:59 -0400)]
Commands that run shutdown now need to connect to the init program
projects / people / stevee / selinux-policy.git / log
