]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Stefan Schantl [Sun, 1 Jan 2012 14:12:02 +0000 (15:12 +0100)] 
Initial Import from Fedora.
Dan Walsh [Thu, 29 Dec 2011 18:07:11 +0000 (13:07 -0500)] 
Allow smbd_t to connecto nmbd_t
Dan Walsh [Thu, 29 Dec 2011 17:39:29 +0000 (12:39 -0500)]
Shouldn't boinc_t be in the boinc_domain, also does boinc need to kill processes running as a different UID?
Dan Walsh [Wed, 28 Dec 2011 13:48:42 +0000 (08:48 -0500)]
Updated policy for zoneminder
Dan Walsh [Wed, 28 Dec 2011 13:43:19 +0000 (08:43 -0500)]
Updated policy for zoneminder
Miroslav Grepl [Fri, 23 Dec 2011 00:39:27 +0000 (00:39 +0000)] 
More fixes for zoneminder policy
* TODO: needs to be more tested on F16 system (CGI)
* TODO: will need fixes for apache (httpd_use_zoneminder boolean)
Miroslav Grepl [Fri, 23 Dec 2011 00:27:01 +0000 (00:27 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 22 Dec 2011 19:24:51 +0000 (19:24 +0000)]
Add initial policy for zoneminder
Dan Walsh [Thu, 22 Dec 2011 19:06:26 +0000 (19:06 +0000)]
Allow seunshare to unmount file systems
Dan Walsh [Wed, 21 Dec 2011 16:30:48 +0000 (16:30 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 21 Dec 2011 16:30:36 +0000 (16:30 +0000)]
Puppetmaster needs to connect to ntop port, Needs back port to RHEL6
Dan Walsh [Wed, 21 Dec 2011 16:29:15 +0000 (16:29 +0000)]
Noticed on my RHEL6 box that rhsmcertd needed these access
Miroslav Grepl [Wed, 21 Dec 2011 13:05:52 +0000 (13:05 +0000)]
Boinc_clien needs to read/write nvidia dev
Miroslav Grepl [Tue, 20 Dec 2011 21:10:54 +0000 (21:10 +0000)]
Fix typo
Miroslav Grepl [Tue, 20 Dec 2011 20:23:37 +0000 (20:23 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 20 Dec 2011 20:23:37 +0000 (20:23 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 20 Dec 2011 17:18:03 +0000 (17:18 +0000)]
default trans rules for Rawhide policy
Dan Walsh [Tue, 20 Dec 2011 17:13:30 +0000 (17:13 +0000)]
Make sure sound_devices controlC* are labeled correctly on creation
Dan Walsh [Tue, 20 Dec 2011 17:05:25 +0000 (17:05 +0000)]
device_t should be a device node, so that any app that uses a _add_devices interface can do that access to devices that we did not know about
Dan Walsh [Tue, 20 Dec 2011 16:54:35 +0000 (16:54 +0000)]
sssd now needs sys_admin
Dan Walsh [Tue, 20 Dec 2011 16:27:43 +0000 (16:27 +0000)]
Allow snmp to read all proc_type
Miroslav Grepl [Tue, 20 Dec 2011 15:46:03 +0000 (15:46 +0000)]
Allow to setup users homedir with quota.group
Dan Walsh [Mon, 19 Dec 2011 16:46:13 +0000 (11:46 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 19 Dec 2011 16:45:59 +0000 (11:45 -0500)]
separate out the nsplugin typealiases in mozilla.te
Miroslav Grepl [Mon, 19 Dec 2011 09:19:50 +0000 (09:19 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Conflicts:
policy/modules/system/iscsi.fc
Miroslav Grepl [Thu, 15 Dec 2011 17:38:21 +0000 (17:38 +0000)]
Add httpd_can_connect_ldap() interface
Dan Walsh [Thu, 15 Dec 2011 17:06:34 +0000 (12:06 -0500)]
apcupsd_t needs to use seriel ports connected to usb devices
Dan Walsh [Thu, 15 Dec 2011 16:14:39 +0000 (11:14 -0500)]
Kde puts procmail mail directory under ~/.local/share
Dan Walsh [Wed, 14 Dec 2011 15:15:53 +0000 (10:15 -0500)]
Add new labels for content under /sys/
Dan Walsh [Wed, 14 Dec 2011 15:15:26 +0000 (10:15 -0500)]
brcm_iscsiuio has changed its name
Dan Walsh [Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)]
nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit for now
Miroslav Grepl [Wed, 14 Dec 2011 13:16:59 +0000 (13:16 +0000)]
Add labeling for /sbin/iscsiuio
Miroslav Grepl [Wed, 14 Dec 2011 10:37:59 +0000 (10:37 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 13 Dec 2011 19:57:46 +0000 (14:57 -0500)]
Add label for /var/lib/iscan/interpreter
Dan Walsh [Tue, 13 Dec 2011 19:39:56 +0000 (14:39 -0500)]
Dont audit writes to leaked file descriptors or redirected output for nacl
Dan Walsh [Tue, 13 Dec 2011 18:58:14 +0000 (13:58 -0500)]
NetworkManager needs to write to /sys/class/net/ib*/mode
Dan Walsh [Tue, 13 Dec 2011 18:10:54 +0000 (13:10 -0500)]
Seems chromium needs sys_ptrace for now, hopefully when we have the fixed kernel this will go away
Miroslav Grepl [Tue, 13 Dec 2011 15:25:30 +0000 (15:25 +0000)]
Allow all jabberd domain to read system state
Miroslav Grepl [Tue, 13 Dec 2011 12:22:53 +0000 (12:22 +0000)]
Comment mozilla filetrans interface in mozilla.if to make new build
Miroslav Grepl [Tue, 13 Dec 2011 10:29:44 +0000 (10:29 +0000)]
Allow abrt to request the kernel to load a module
Dan Walsh [Mon, 12 Dec 2011 18:31:23 +0000 (13:31 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 12 Dec 2011 18:31:04 +0000 (13:31 -0500)]
Make sure mozilla content is labeled correctly
Miroslav Grepl [Mon, 12 Dec 2011 16:52:57 +0000 (16:52 +0000)]
Allow tgtd to read system state
Miroslav Grepl [Mon, 12 Dec 2011 14:26:05 +0000 (14:26 +0000)]
More fixes for boinc
* allow to resolve dns name
* re-write boinc policy to use boinc_domain attribute
Miroslav Grepl [Fri, 9 Dec 2011 15:05:00 +0000 (15:05 +0000)]
Allow munin services plugins to use NSCD services
Miroslav Grepl [Thu, 8 Dec 2011 18:12:10 +0000 (18:12 +0000)]
Allow mozilla_plugin_t to manage mozilla_home_t
Miroslav Grepl [Thu, 8 Dec 2011 17:03:29 +0000 (17:03 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 8 Dec 2011 17:01:46 +0000 (17:01 +0000)]
Allow ssh derived domain to execute ssh-keygen in the ssh_keygen_t domain
* needed for gridengine mpi jobs and for sge policy
Dan Walsh [Wed, 7 Dec 2011 20:08:24 +0000 (15:08 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 7 Dec 2011 20:08:10 +0000 (15:08 -0500)]
Add label for tumblerd
Miroslav Grepl [Wed, 7 Dec 2011 19:15:55 +0000 (20:15 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 7 Dec 2011 19:15:31 +0000 (20:15 +0100)]
Revert "Add files_add_entry_var_lib_dirs() interface"
This reverts commit
11a74daa7815a008605e37250877a9b74e5e475e.
Dan Walsh [Wed, 7 Dec 2011 17:12:03 +0000 (12:12 -0500)]
useradd needs to be able to manage default_context and selinux config files also
Dan Walsh [Wed, 7 Dec 2011 17:06:56 +0000 (12:06 -0500)]
useradd needs to be able to manage file_context files also
Dan Walsh [Wed, 7 Dec 2011 17:00:34 +0000 (12:00 -0500)]
Unconfined_t needs to transition to useradd_t and useradd_t needs to be able to manage selinux policy
Miroslav Grepl [Wed, 7 Dec 2011 14:47:57 +0000 (15:47 +0100)]
Add files_add_entry_var_lib_dirs() interface
Dan Walsh [Tue, 6 Dec 2011 21:59:50 +0000 (16:59 -0500)]
Finish /bin->/usr/bin merge
Dan Walsh [Tue, 6 Dec 2011 20:49:14 +0000 (15:49 -0500)]
Merge branches 'master' and 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 6 Dec 2011 22:46:03 +0000 (23:46 +0100)]
Remove duplicate declaration
Dan Walsh [Tue, 6 Dec 2011 20:48:58 +0000 (15:48 -0500)]
Allow mysqld_safe to delete the mysql_db_t sock_file
Miroslav Grepl [Tue, 6 Dec 2011 19:57:35 +0000 (20:57 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 6 Dec 2011 14:05:36 +0000 (15:05 +0100)]
Add type for rhev-agent log file
Miroslav Grepl [Tue, 6 Dec 2011 17:24:21 +0000 (18:24 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 7 Dec 2011 00:20:22 +0000 (19:20 -0500)]
Fedora is moving all files in /lib, /lib64, /sbin, /bin into /usr/lib, /usr/lib64, /usr/sbin and /usr/bin
This update will fix the labeling for all these files
Dan Walsh [Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)]
More fixes for the move from /lib, /bin, /sbin, to /usr directory
Dan Walsh [Tue, 6 Dec 2011 16:26:21 +0000 (11:26 -0500)]
Lets remove global label for logs directories under /var/www, if we have specific needs we should add label for those directories
Dan Walsh [Tue, 6 Dec 2011 16:16:23 +0000 (11:16 -0500)]
add more file trans rules for files labeled shadow_file_t
Miroslav Grepl [Tue, 6 Dec 2011 11:24:45 +0000 (12:24 +0100)]
Fix labeling for /dev/dmfm
Miroslav Grepl [Tue, 6 Dec 2011 11:25:45 +0000 (12:25 +0100)]
Allow abrt to getattr on blk files
Dan Walsh [Mon, 5 Dec 2011 21:02:06 +0000 (16:02 -0500)]
Allow user_mail_t to read /dev/random
Dan Walsh [Mon, 5 Dec 2011 20:41:03 +0000 (15:41 -0500)]
Label /etc/locale.conf correctly
Dan Walsh [Mon, 5 Dec 2011 18:48:24 +0000 (13:48 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 5 Dec 2011 18:48:04 +0000 (13:48 -0500)]
Allow systemd_logind_t to look at process info of apps that exchange dbus messages with it
Miroslav Grepl [Mon, 5 Dec 2011 14:35:21 +0000 (15:35 +0100)]
Allow postfix-smtpd to read MIMEDefang
Miroslav Grepl [Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)]
Allow mozilla_plugin_t to manage mozilla_home_t, needed by Flash
Miroslav Grepl [Mon, 5 Dec 2011 11:46:05 +0000 (12:46 +0100)]
Add label for /var/log/suphp.log
Miroslav Grepl [Mon, 5 Dec 2011 11:28:21 +0000 (12:28 +0100)]
More fixes for rhev_agentd_t consolehelper policy
* Allow dbus chat with unconfined, unconfined_dbusd_t
* Backport RHEL6 fixes
Miroslav Grepl [Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)]
Allow systemd-tmpfiles to change user identity in object contexts
Miroslav Grepl [Mon, 5 Dec 2011 11:01:08 +0000 (12:01 +0100)]
Allow systemd-tmpfiles to setattr for /run/user/gdm/dconf
Dan Walsh [Sat, 3 Dec 2011 16:21:46 +0000 (11:21 -0500)]
Allow swat_t to connect and read/write nmbd_t sock_file
Dan Walsh [Fri, 2 Dec 2011 19:36:39 +0000 (14:36 -0500)]
chromium-browser changed its name, label entire directory as bin_t
Dan Walsh [Fri, 2 Dec 2011 19:23:53 +0000 (14:23 -0500)]
telpathy_mission_control needs to manage gnome_home_config
Dan Walsh [Fri, 2 Dec 2011 19:23:26 +0000 (14:23 -0500)]
Allow namespace_init_t to relabelfrom and to any MCS label
Dan Walsh [Fri, 2 Dec 2011 19:07:37 +0000 (14:07 -0500)]
Allow initrc_t to set attributes on sendmail pid file
Dan Walsh [Fri, 2 Dec 2011 19:03:57 +0000 (14:03 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 2 Dec 2011 19:03:03 +0000 (14:03 -0500)]
Policy cleanup for upstream acceptance
Dan Walsh [Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)]
Allow confined users to use mozilla_plugin_rw_t
Miroslav Grepl [Fri, 2 Dec 2011 15:41:25 +0000 (16:41 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 2 Dec 2011 12:28:24 +0000 (07:28 -0500)]
Fixes needed to allow pam_securid.so to work
Dan Walsh [Fri, 2 Dec 2011 12:24:43 +0000 (07:24 -0500)]
Cleanup watchdog code for submission to upstream
Miroslav Grepl [Fri, 2 Dec 2011 10:59:19 +0000 (11:59 +0100)]
Allow gnomeclock to send system log msgs
Miroslav Grepl [Fri, 2 Dec 2011 10:50:31 +0000 (11:50 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 1 Dec 2011 21:43:42 +0000 (16:43 -0500)]
Stop using usertype
Dan Walsh [Thu, 1 Dec 2011 21:27:33 +0000 (16:27 -0500)]
Users that use X and spice need to use the virtio device
Dan Walsh [Thu, 1 Dec 2011 21:27:15 +0000 (16:27 -0500)]
add upstream gpg_exec interface
Dan Walsh [Thu, 1 Dec 2011 19:54:58 +0000 (14:54 -0500)]
Remove extra white space
Dan Walsh [Thu, 1 Dec 2011 19:54:33 +0000 (14:54 -0500)]
I believe the broken bluetooth code is no longer needed
Dan Walsh [Thu, 1 Dec 2011 19:53:48 +0000 (14:53 -0500)]
Upstream calls the gnomedomain rather then gnome_domain
Miroslav Grepl [Thu, 1 Dec 2011 19:09:34 +0000 (20:09 +0100)]
Use fs_use_xattr for squashfs
Miroslav Grepl [Thu, 1 Dec 2011 18:17:38 +0000 (19:17 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
projects / people / stevee / selinux-policy.git / log
