]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dan Walsh [Tue, 23 Aug 2011 12:51:54 +0000 (08:51 -0400)]
Wicd daemon needs to be bin_t
Miroslav Grepl [Tue, 23 Aug 2011 10:38:43 +0000 (10:38 +0000)]
Remove duplicate matahari declaration from qpidd.fc
Miroslav Grepl [Tue, 23 Aug 2011 10:34:23 +0000 (10:34 +0000)]
Fix typos in mailman policy
Miroslav Grepl [Tue, 23 Aug 2011 10:31:58 +0000 (10:31 +0000)]
Fix systemd_passwd_agent_dev_template() interface
Miroslav Grepl [Tue, 23 Aug 2011 10:22:58 +0000 (10:22 +0000)]
Fix definition of init_dontaudit_stream_connect()
Miroslav Grepl [Tue, 23 Aug 2011 10:18:34 +0000 (10:18 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 22 Aug 2011 18:43:04 +0000 (14:43 -0400)]
Add labels for /var/run/pcscd
Dan Walsh [Mon, 22 Aug 2011 18:32:07 +0000 (14:32 -0400)]
Allow initrc_t to manage mailman content
Dan Walsh [Mon, 22 Aug 2011 18:15:34 +0000 (14:15 -0400)]
Add policy for sa-update being run out of cron jobs
Dan Walsh [Mon, 22 Aug 2011 16:11:12 +0000 (12:11 -0400)]
Add interface to dontaudit searching of pidfile dirs, libra code executes lsof which generates lots of AVC's for searching directories under /var/run
Dan Walsh [Mon, 22 Aug 2011 16:10:22 +0000 (12:10 -0400)]
Add create perms to postgresql_manage_db
Dan Walsh [Mon, 22 Aug 2011 14:16:39 +0000 (10:16 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 22 Aug 2011 14:16:14 +0000 (10:16 -0400)]
ntpd using a gps has to be able to read/write generic tty_device_t
Dan Walsh [Mon, 22 Aug 2011 14:11:14 +0000 (10:11 -0400)]
If you disable unconfined and unconfineduser, rpm needs more privs to manage /dev
Miroslav Grepl [Mon, 22 Aug 2011 13:14:41 +0000 (13:14 +0000)]
Remove qemu_domtrans_unconfined() interface
Miroslav Grepl [Mon, 22 Aug 2011 13:12:20 +0000 (13:12 +0000)]
Allow qpidd to read usr files
Miroslav Grepl [Mon, 22 Aug 2011 13:05:12 +0000 (13:05 +0000)]
Make passenger working together with puppet
Miroslav Grepl [Mon, 22 Aug 2011 09:23:02 +0000 (09:23 +0000)]
Add init_dontaudit_rw_stream_socket interface
Miroslav Grepl [Mon, 22 Aug 2011 08:03:54 +0000 (08:03 +0000)]
Fixes for wordpress
Dan Walsh [Sat, 20 Aug 2011 10:53:00 +0000 (06:53 -0400)]
Add rules to delete usr_t and apache content to systemd_tmpfiles_t
Dan Walsh [Sat, 20 Aug 2011 10:52:32 +0000 (06:52 -0400)]
Add interface to ignore attempts to read utmp file
Dan Walsh [Thu, 18 Aug 2011 10:22:35 +0000 (06:22 -0400)]
Change userdomains that transition to mozilla_plugin to use usertype since firefox is now running as staff_execmem_t
Dan Walsh [Thu, 18 Aug 2011 10:21:51 +0000 (06:21 -0400)]
Jboss apps listen on port 18001
Dan Walsh [Thu, 18 Aug 2011 10:21:10 +0000 (06:21 -0400)]
dconf directory is moving to /run/user/dwalsh/ so needs to be transitioned to config_home_t
Dan Walsh [Thu, 18 Aug 2011 10:20:56 +0000 (06:20 -0400)]
dconf directory is moving to /run/user/dwalsh/ so needs to be transitioned to config_home_t
Dan Walsh [Tue, 16 Aug 2011 12:41:30 +0000 (08:41 -0400)]
cron jobs that start init scripts end up needing initrc_t needing to read the cron fifo_file
Dan Walsh [Tue, 16 Aug 2011 12:40:53 +0000 (08:40 -0400)]
Allow matahari_serviced to start and stop init services
Dan Walsh [Tue, 16 Aug 2011 12:40:17 +0000 (08:40 -0400)]
Fixes to allow puppet to run within apache
Dan Walsh [Tue, 16 Aug 2011 12:38:59 +0000 (08:38 -0400)]
Allow keyring domains to getattr on tmpfs_t filesystem
Dan Walsh [Tue, 16 Aug 2011 12:38:28 +0000 (08:38 -0400)]
shorewall is attemtping to tranlsate UIDs
Dan Walsh [Mon, 15 Aug 2011 11:34:41 +0000 (07:34 -0400)]
colord seems to ask for sys_admin capability but works fine without it. Also wants to read the network state
Dan Walsh [Mon, 15 Aug 2011 11:34:01 +0000 (07:34 -0400)]
NetworkManager apps can be configured to send ping messages
Dan Walsh [Mon, 15 Aug 2011 11:18:53 +0000 (07:18 -0400)]
Allow chrome_sandbox_t to execmod on the chrome executable
Dan Walsh [Fri, 12 Aug 2011 12:00:13 +0000 (08:00 -0400)]
allow apache to ask the system at boot up for passwords to unlock certificates
Dan Walsh [Fri, 12 Aug 2011 11:59:21 +0000 (07:59 -0400)]
allow procmail to execute all user apps, since they can be added to init local init script
Dan Walsh [Fri, 12 Aug 2011 10:36:41 +0000 (06:36 -0400)]
Add new var_auth label for pam_shield
Dan Walsh [Fri, 12 Aug 2011 10:36:22 +0000 (06:36 -0400)]
Remove regex that includes (64)?
Dan Walsh [Fri, 12 Aug 2011 10:36:05 +0000 (06:36 -0400)]
Remove regex that includes (64)?
Dan Walsh [Thu, 11 Aug 2011 19:04:43 +0000 (15:04 -0400)]
matahari /var/lib directory needs to be treates as qpid
Dan Walsh [Thu, 11 Aug 2011 19:04:17 +0000 (15:04 -0400)]
Switch allow rules from mozilla_run to mozilla_domtrans
Dan Walsh [Thu, 11 Aug 2011 18:59:19 +0000 (14:59 -0400)]
prelink needs to relabel content in the users homedir
Dan Walsh [Thu, 11 Aug 2011 15:48:33 +0000 (11:48 -0400)]
Label backup files of /etc/mtab as etc_runtime_t
Dan Walsh [Thu, 11 Aug 2011 15:43:34 +0000 (11:43 -0400)]
Allow udev to execute third party executables that get installed into random locations on /usr, label virtualbox .sh files as bin_t
Dan Walsh [Thu, 11 Aug 2011 15:39:02 +0000 (11:39 -0400)]
Allow gnomeclock to send signals about ntpd to systemd
Dan Walsh [Thu, 11 Aug 2011 15:34:59 +0000 (11:34 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 11 Aug 2011 15:34:49 +0000 (11:34 -0400)]
Allow admins to manage non security symlinks and non security directories
Miroslav Grepl [Thu, 11 Aug 2011 13:47:25 +0000 (13:47 +0000)]
Turn on allow_domain_fd_use boolean on F16
Miroslav Grepl [Thu, 11 Aug 2011 13:26:53 +0000 (13:26 +0000)]
Allow syslog to manage all log files
Miroslav Grepl [Thu, 11 Aug 2011 10:03:45 +0000 (10:03 +0000)]
Add use_fusefs_home_dirs boolean for chrome
Miroslav Grepl [Thu, 11 Aug 2011 09:55:03 +0000 (09:55 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 11 Aug 2011 09:54:30 +0000 (09:54 +0000)]
Make vdagent working with confined users
Dan Walsh [Wed, 10 Aug 2011 20:34:26 +0000 (16:34 -0400)]
Livecd ends up leaking some files into the switchroot environment which udisks-daemon does a getattr on, we need to dontaudit this to eliminate the AVC
Dan Walsh [Wed, 10 Aug 2011 20:28:28 +0000 (16:28 -0400)]
Livecd requires udev to be able to write to udev_rules_t, unless we want to write rules for each udev script, I think we need to allow this. fsadm_t looks like it wants to set attributes on / and create a boot flag file
Miroslav Grepl [Wed, 10 Aug 2011 19:11:32 +0000 (19:11 +0000)]
Add abrt_handle_event_t domain for ABRT event scripts
Miroslav Grepl [Wed, 10 Aug 2011 17:48:13 +0000 (17:48 +0000)]
- Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change
Dan Walsh [Wed, 10 Aug 2011 17:38:22 +0000 (13:38 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 10 Aug 2011 17:38:01 +0000 (13:38 -0400)]
Allow httpd_git_script_t to read passwd data
Miroslav Grepl [Wed, 10 Aug 2011 10:10:11 +0000 (10:10 +0000)]
Fix bug in ipsec.te
Miroslav Grepl [Wed, 10 Aug 2011 09:04:36 +0000 (09:04 +0000)]
Allow openvpn to set its process priority when the nice parameter is used
Dan Walsh [Wed, 10 Aug 2011 01:37:24 +0000 (21:37 -0400)]
Add file name transitions for vcs*
Dan Walsh [Wed, 10 Aug 2011 01:37:03 +0000 (21:37 -0400)]
Changes to make livecd work in enforcing mode
Dan Walsh [Wed, 10 Aug 2011 00:45:52 +0000 (20:45 -0400)]
Changes to make livecd work in enforcing mode
Dan Walsh [Tue, 9 Aug 2011 15:09:14 +0000 (11:09 -0400)]
Allow dhcpc_t to start/stop nis services using sysctl
Dan Walsh [Tue, 9 Aug 2011 14:53:57 +0000 (10:53 -0400)]
xdm should not transition to unconfined_t when it executes a shell, xserver wants to read consolekit process data
Dan Walsh [Mon, 8 Aug 2011 15:26:14 +0000 (11:26 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 8 Aug 2011 16:01:33 +0000 (16:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 8 Aug 2011 15:25:41 +0000 (11:25 -0400)]
add filetrans_home_content to alsa data
Dan Walsh [Mon, 8 Aug 2011 13:43:51 +0000 (09:43 -0400)]
Restorecond should be able to watch and relabel devices in /dev
Dan Walsh [Mon, 8 Aug 2011 13:43:21 +0000 (09:43 -0400)]
Add TCP/port 6514 to syslog_port_t
Miroslav Grepl [Mon, 8 Aug 2011 09:31:30 +0000 (09:31 +0000)]
Fix ctdbd_stream_connect interface
Miroslav Grepl [Mon, 8 Aug 2011 09:07:10 +0000 (09:07 +0000)]
Alow hddtemp to perform DNS name resolution
Miroslav Grepl [Mon, 8 Aug 2011 08:53:01 +0000 (08:53 +0000)]
Fix label for dirsrv-admin cgi scripts
Miroslav Grepl [Mon, 8 Aug 2011 08:25:00 +0000 (08:25 +0000)]
Add a new type for 7410/udp and allow fenced_t to bind on this port
Dan Walsh [Fri, 5 Aug 2011 17:29:04 +0000 (13:29 -0400)]
All apps that use selinux calls need to be able to getattr on the sysfs_t filesystem, since libselinux does this
Dan Walsh [Fri, 5 Aug 2011 17:02:54 +0000 (13:02 -0400)]
Add policy to allow nagios to write to directories in /var/lib/pnp4nagios
Dan Walsh [Fri, 5 Aug 2011 14:37:29 +0000 (10:37 -0400)]
When hostname is being run as dnsdomainname it checks the network state on the machine
Dan Walsh [Fri, 5 Aug 2011 14:27:14 +0000 (10:27 -0400)]
Allow nsplugin_config_t to use fds from sshd_t
Dan Walsh [Fri, 5 Aug 2011 13:10:15 +0000 (09:10 -0400)]
Since we are labeling /run/user as user_tmp_t we need to allow login programs to created content in these directories. .pam-systemd-lock
Dan Walsh [Fri, 5 Aug 2011 12:51:51 +0000 (08:51 -0400)]
Merge branches 'master' and 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 5 Aug 2011 12:49:57 +0000 (08:49 -0400)]
Modifications to policy to make it build with the new tool chain. Taking away transition to qemu_t from unconfined_t since we should either run within the same domain or transition to svirt_t.
Miroslav Grepl [Fri, 5 Aug 2011 08:48:37 +0000 (08:48 +0000)]
Allow ctdbd to connect to ctdb port
Miroslav Grepl [Thu, 4 Aug 2011 22:27:29 +0000 (22:27 +0000)]
Add definition of systemctl_domain attribute
Miroslav Grepl [Thu, 4 Aug 2011 22:22:19 +0000 (22:22 +0000)]
Fix typo in calling of ntp interfaces in gnomeclok.te
Miroslav Grepl [Thu, 4 Aug 2011 22:16:28 +0000 (22:16 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 4 Aug 2011 17:54:00 +0000 (13:54 -0400)]
Turn off transition from unconfined_t to mock_t, since mock -r ~/x.rpm blows up
Dan Walsh [Thu, 4 Aug 2011 17:37:04 +0000 (13:37 -0400)]
fetchmail can use kerberos
Dan Walsh [Thu, 4 Aug 2011 16:54:42 +0000 (12:54 -0400)]
ksmtuned reads in shell programs
Dan Walsh [Thu, 4 Aug 2011 16:51:14 +0000 (12:51 -0400)]
gnome_systemctl_t reads the process state of ntp
Dan Walsh [Thu, 4 Aug 2011 16:50:40 +0000 (12:50 -0400)]
dnsmasq_t asks the kernel to load multiple kernel modules
Dan Walsh [Thu, 4 Aug 2011 16:50:10 +0000 (12:50 -0400)]
Add rules for domains executing systemctl
Miroslav Grepl [Thu, 4 Aug 2011 10:32:37 +0000 (10:32 +0000)]
Allow lircd to read hardware state information
Miroslav Grepl [Wed, 3 Aug 2011 23:35:33 +0000 (23:35 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 3 Aug 2011 21:22:33 +0000 (21:22 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 3 Aug 2011 20:44:22 +0000 (16:44 -0400)]
Bogus text within fc file
Dan Walsh [Wed, 3 Aug 2011 19:52:22 +0000 (15:52 -0400)]
zarafa_gateway_t reads /dev/random
Dan Walsh [Wed, 3 Aug 2011 19:35:44 +0000 (15:35 -0400)]
Label all content under /var/lib/mock as mock_var_lib_t
Dan Walsh [Wed, 3 Aug 2011 19:30:04 +0000 (15:30 -0400)]
Looks like mozilla_plugin_t is communicating with firefox through shm and sem
Dan Walsh [Wed, 3 Aug 2011 19:15:05 +0000 (15:15 -0400)]
allow kernel_t to created devices with the correct label
Dan Walsh [Wed, 3 Aug 2011 17:22:10 +0000 (13:22 -0400)]
fsdaemon executes who to see who is logged in, who executes the kill command to check if users are actually logged in?
Dan Walsh [Wed, 3 Aug 2011 17:21:19 +0000 (13:21 -0400)]
Logwatch_mail_t needs to check whether it the network is online
projects / people / stevee / selinux-policy.git / log
