git.ipfire.org Git - people/stevee/selinux-policy.git/log

]> git.ipfire.org Git - people/stevee/selinux-policy.git/log

projects / people / stevee / selinux-policy.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:48:34 +0000 (09:48 +0200)]

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

XML summary fixes.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 11:28:50 +0000 (13:28 +0200)]

The ps_process_pattern includes permission to get attributes of target domain.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:49:15 +0000 (09:49 +0200)]

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:45:02 +0000 (09:45 +0200)]

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

This is a role capability.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:30:55 +0000 (09:30 +0200)]

Tunable and optional policy goes below.

Tunable and optional policy goes below.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 06:32:11 +0000 (08:32 +0200)]

Use entry_file as entry_point to domain transition.

Squash with e9f4178aa052c15ac7919a06e0c226b846ef7c7b
Duplicate TE rule.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:25:55 +0000 (09:25 +0200)]

Move system type alias statements to system declarations.

Squash me with 81a5e7c5394ee93d99df472199737cd61f3c24eb
Without this build fails because at the point httpd_var_run_t is not yet declared.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 10:47:26 +0000 (12:47 +0200)]

Add file context specification for HOME_DIR/\.gitaliases. May not be required but cannot hurt either.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 10:36:31 +0000 (12:36 +0200)]

Use can_exec.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:43:44 +0000 (09:43 +0200)]

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 10:23:18 +0000 (12:23 +0200)]

This is not a role capability.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 08:16:23 +0000 (10:16 +0200)]

Allow users to ptrace and send any signal to their bluetooth helper agent.

Allow users to prtrace and send any signal to their cron job.

Allow users to prtrace and send any signal to their cron job.

Allow users to prtrace and send any signal to their cron job.

Allow users to ps, ptrace and send any signal to their session bus.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 09:37:42 +0000 (11:37 +0200)]

Class is supposed to be fifo_file according to summary.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 08:24:20 +0000 (10:24 +0200)]

Use domtrans_pattern.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:59:46 +0000 (09:59 +0200)]

Use stream connect pattern.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 07:21:55 +0000 (09:21 +0200)]

Clean up (network) connect DB.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 06:56:33 +0000 (08:56 +0200)]

Boolean declarations go above.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 06:54:12 +0000 (08:54 +0200)]

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 06:42:09 +0000 (08:42 +0200)]

This is a leftover from refpolicy implementation of this functionality.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 06:40:04 +0000 (08:40 +0200)]

No need for httpd_builtin_scripting to be set for httpd_t to be allowed to read files.

commit | commitdiff | tree

Dominick Grift [Fri, 17 Sep 2010 06:37:29 +0000 (08:37 +0200)]

Change this functionality to our implementation of this functionality.

commit | commitdiff | tree

Dan Walsh [Thu, 16 Sep 2010 21:48:39 +0000 (17:48 -0400)]

Remove accedentlay added ~ files

commit | commitdiff | tree

Dan Walsh [Thu, 16 Sep 2010 21:46:06 +0000 (17:46 -0400)]

Add vnstat policy
allow logrotate to mail syslog files
Allow chrom-sandbox to search nfs_t
Allow libvirt to send audit messages
Dontaudit leaked console to xauth

commit | commitdiff | tree

Miroslav Grepl [Thu, 16 Sep 2010 11:44:53 +0000 (13:44 +0200)]

Fixes for cluster policy

commit | commitdiff | tree

Dan Walsh [Thu, 16 Sep 2010 11:05:26 +0000 (07:05 -0400)]

Merge upstream

commit | commitdiff | tree

Dan Walsh [Thu, 16 Sep 2010 10:38:13 +0000 (06:38 -0400)]

Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 19:59:34 +0000 (21:59 +0200)]

This is a role capability.

This is a role capability.

This is a role capability.

Signed-off-by: Dominick Grift <domg472@gmail.com>
This is a role capability.

This is a role capability.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 09:44:20 +0000 (11:44 +0200)]

Whitespace, newline and tab fixes.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 09:41:09 +0000 (11:41 +0200)]

Requires system_r role.

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 20:19:38 +0000 (22:19 +0200)]

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 07:31:27 +0000 (09:31 +0200)]

Use ps_process_pattern to read state.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Use ps_process_pattern to read state.

Use ps_process_pattern to read state.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 06:40:52 +0000 (08:40 +0200)]

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

Signed-off-by: Dominick Grift <domg472@gmail.com>
The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 06:24:26 +0000 (08:24 +0200)]

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 20:09:15 +0000 (22:09 +0200)]

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Use permission sets where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 09:24:30 +0000 (11:24 +0200)]

Redundant: mta_sendmail_domtrans calls domtrans_pattern which already includes these permissions.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 06:25:20 +0000 (08:25 +0200)]

XML summary ffixes.

XML summary fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>
XML summary fixes.

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 19:37:38 +0000 (21:37 +0200)]

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 09:05:31 +0000 (11:05 +0200)]

Allow users to ptrace and send any kind of signal to spamassassin agents.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 09:00:39 +0000 (11:00 +0200)]

This type is not required here.

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 19:39:31 +0000 (21:39 +0200)]

This is not a role capability.

This is not a role capability.

Signed-off-by: Dominick Grift <domg472@gmail.com>
This is not a role capability.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 08:45:36 +0000 (10:45 +0200)]

Use relabel permission sets where possible.

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 08:01:16 +0000 (10:01 +0200)]

Redundant: This is included with userdom_read_user_home_content_files.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 07:59:06 +0000 (09:59 +0200)]

Allow users to ptrace and send any kind of signal to their ssh agent instead of only a generic signal.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 07:50:08 +0000 (09:50 +0200)]

Redundant: This is included with userdom_search_user_home_content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 07:42:26 +0000 (09:42 +0200)]

Redundant: domtrans_pattern includes these.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 07:36:06 +0000 (09:36 +0200)]

Do not audit interface should not provide permission to read parent directories.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Thu, 16 Sep 2010 06:51:01 +0000 (08:51 +0200)]

Use domtrans_pattern because it include permission the sigchld target domain and other required access to domain transition.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 19:36:17 +0000 (21:36 +0200)]

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 19:48:12 +0000 (21:48 +0200)]

Tunable, optional, if(n)def block go below.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 19:30:35 +0000 (21:30 +0200)]

Use stream_connect_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dan Walsh [Wed, 15 Sep 2010 20:06:43 +0000 (16:06 -0400)]

Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 12:57:02 +0000 (14:57 +0200)]

Use relabel permission sets where possible.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 12:16:05 +0000 (14:16 +0200)]

Add missing admin_patterns to rpcbind_admin.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 11:30:49 +0000 (13:30 +0200)]

Use stream connect pattern.

Use stream_connect_pattern.

Use stream_connect_pattern.

Use stream_connect_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:17:37 +0000 (10:17 +0200)]

Use ps_process_pattern to read state.

Use ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 11:54:26 +0000 (13:54 +0200)]

Reduntant: Is already included with userdom_search_user_home_dirs.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 11:37:04 +0000 (13:37 +0200)]

Access to get attributes of target pppd_t domain is included with ps_process_pattern.

Access to get attributes of target privoxy_t domain is included with ps_process_pattern.

Access to get attributes of target radiusd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:20:36 +0000 (10:20 +0200)]

Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.

Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.

Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 11:05:32 +0000 (13:05 +0200)]

Allow pads_admin to search parent directories to be able to interact with pads content.

Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.

Allow postgresql admin to search parent directories to be able to manage postgresql content.

Allow prelude_admin to search parent directories to be able to manage prelude content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:17:22 +0000 (12:17 +0200)]

XML summary fix.

XML summary fix.

XML summary fix.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:23:24 +0000 (10:23 +0200)]

Access to get attributes of target accountsd_t domain is included with ps_process_pattern.

Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.

Access to get attributes of target asterisk_t domain is included with ps_process_pattern.

Permission to get attributes of target automount_t domain is included with ps_process_pattern.

Access to get attributes of target ntpd_t domain is included with ps_process_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:56:18 +0000 (12:56 +0200)]

Use admin_pattern. Allow nslcd_admin to search parent directories to be able to interact with nslcd content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:50:18 +0000 (12:50 +0200)]

Source is required to search generic pid directories to be able to interact with mysql sockets in var_run.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:31:03 +0000 (12:31 +0200)]

Use the stream_connect_pattern.

Use stream_connect_pattern.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:44:59 +0000 (12:44 +0200)]

Allow mpd_admin to manage mpd tmpfs content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:43:19 +0000 (12:43 +0200)]

Source is required to search generic tmpfs directories to be able to interact with mpd tmpfs content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:40:34 +0000 (12:40 +0200)]

Redundant: mpd_search_lib already includes files_search_var_lib.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:35:55 +0000 (12:35 +0200)]

Memcached_admin is required to search generic pid directories to be able to manage memcached pid content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:23:05 +0000 (12:23 +0200)]

Allow icecast_admin to ptrace and signal the icecast_t domain.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:20:40 +0000 (12:20 +0200)]

This is redundant since base user can search generic proc directories and included ps_process_pattern call permits all else.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:25:11 +0000 (10:25 +0200)]

Permission to search proc_t directories is required to be able to read abrt state.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Permission to search generic proc directories is required to read hald_t state.

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 10:10:14 +0000 (12:10 +0200)]

Permit fetchmail_admin to ptrace and signal the fetchmail_t domain.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 09:08:39 +0000 (11:08 +0200)]

Replace some type statements by comma delimiters.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 09:04:10 +0000 (11:04 +0200)]

Permission to get attributes of target devicekit_t, devicekit_disk_t and devicekit_power_t domains are included with ps_process_patterns.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:58:27 +0000 (10:58 +0200)]

Type system_cronjob_var_run_t is not required here.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:57:45 +0000 (10:57 +0200)]

Types crontab_exec_t, cron_spool_t and user_cron_spool_t are required here.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:51:47 +0000 (10:51 +0200)]

Permission to search generic pid directories is included with files_pid_filetrans.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:35:12 +0000 (10:35 +0200)]

Use ps_process_pattern to read state. Permission to seach proc_t directories is required to read automount state.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 08:13:16 +0000 (10:13 +0200)]

Type xenstored_var_run_t is required here.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dominick Grift [Wed, 15 Sep 2010 07:53:54 +0000 (09:53 +0200)]

Type print_spool_t is not required here.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Dan Walsh [Wed, 15 Sep 2010 15:31:20 +0000 (11:31 -0400)]

Add the ability to send audit messages to confined admin policies
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS

commit | commitdiff | tree

Miroslav Grepl [Wed, 15 Sep 2010 14:50:07 +0000 (16:50 +0200)]

Allow iscsid to manage tgtd semaphores

commit | commitdiff | tree

Chris PeBenito [Wed, 15 Sep 2010 14:42:34 +0000 (10:42 -0400)]

Module version bump for c17ad38 5271920 2a2b6a7 01c4413 c4fbfae a831710
67effb0 483be01 c6c63f6 b0d8d59 5b082e4 b8097d6 689d954 5afc3d3 f3c5e77
a59e50c cf87233 17759c7 dc1db54 e9bf16d 4f95198 bf40792 622c63b c20842c
dc7cc4d 792d448

commit | commitdiff | tree

Jeremy Solt [Wed, 1 Sep 2010 15:26:27 +0000 (11:26 -0400)]

radvd patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Thu, 2 Sep 2010 19:42:51 +0000 (15:42 -0400)]

snort patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Thu, 2 Sep 2010 19:48:08 +0000 (15:48 -0400)]

stunnel patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Thu, 2 Sep 2010 20:02:44 +0000 (16:02 -0400)]

zabbix patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Thu, 2 Sep 2010 20:10:27 +0000 (16:10 -0400)]

zebra patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Fri, 27 Aug 2010 17:18:57 +0000 (13:18 -0400)]

awstats patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Mon, 30 Aug 2010 14:27:12 +0000 (10:27 -0400)]

certmaster patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Wed, 1 Sep 2010 14:46:57 +0000 (10:46 -0400)]

pcscd patch from Dan Walsh

Edit: removed the dev_list_sysfs call, dev_read_sysfs takes care of it

commit | commitdiff | tree

Jeremy Solt [Wed, 1 Sep 2010 15:06:38 +0000 (11:06 -0400)]

postgresql patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Wed, 1 Sep 2010 15:11:01 +0000 (11:11 -0400)]

postgrey patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Wed, 1 Sep 2010 15:15:25 +0000 (11:15 -0400)]

prelude patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Fri, 27 Aug 2010 15:22:12 +0000 (11:22 -0400)]

certwatch patch from Dan Walsh

Not including userdom_dontaudit_list_admin_dir - still no admin_home_t in refpolicy

commit | commitdiff | tree

Jeremy Solt [Fri, 27 Aug 2010 15:42:31 +0000 (11:42 -0400)]

firstboot patch from Dan Walsh

Not including gnome_admin_home_gconf_filetrans - no admin_home_t in refpolicy

commit | commitdiff | tree

Jeremy Solt [Fri, 27 Aug 2010 16:52:17 +0000 (12:52 -0400)]

smoltclient patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Mon, 30 Aug 2010 13:50:15 +0000 (09:50 -0400)]

amavis patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Mon, 30 Aug 2010 14:05:12 +0000 (10:05 -0400)]

arpwatch patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Mon, 30 Aug 2010 14:21:56 +0000 (10:21 -0400)]

canna patch from Dan Walsh

The IPFire selinux policy.