]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Mon, 11 Apr 2011 13:19:39 +0000 (13:19 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 11 Apr 2011 13:17:55 +0000 (13:17 +0000)]
Allow systemd to creates tasks
Miroslav Grepl [Mon, 11 Apr 2011 08:15:10 +0000 (08:15 +0000)]
Logwatch read /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward
Miroslav Grepl [Sun, 10 Apr 2011 23:54:12 +0000 (23:54 +0000)]
Fixes for foghorn policy
Miroslav Grepl [Sun, 10 Apr 2011 23:30:28 +0000 (23:30 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 8 Apr 2011 16:48:48 +0000 (16:48 +0000)]
Fix typo
Miroslav Grepl [Fri, 8 Apr 2011 16:42:37 +0000 (16:42 +0000)]
Add labeling for systemd unit files
Miroslav Grepl [Fri, 8 Apr 2011 15:45:24 +0000 (15:45 +0000)]
Move ssh_role_template() outside of ifndef(`distro_redhat',` declaration for unpriv SELinux user
Miroslav Grepl [Fri, 8 Apr 2011 15:42:32 +0000 (15:42 +0000)]
Add label for matahari-broker.pid file
Dan Walsh [Fri, 8 Apr 2011 15:13:53 +0000 (11:13 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 8 Apr 2011 15:13:38 +0000 (11:13 -0400)]
We want to remove untrustedmcsprocess from ability to read /proc/pid
Miroslav Grepl [Fri, 8 Apr 2011 14:51:00 +0000 (14:51 +0000)]
Fixes for matahari policy
Dan Walsh [Thu, 7 Apr 2011 17:49:30 +0000 (13:49 -0400)]
Allow system_tmpfiles_t to delete user_home_t files in the /tmp dir
Dan Walsh [Thu, 7 Apr 2011 15:41:53 +0000 (11:41 -0400)]
Allow colord to use unix_dgram_socket
Dan Walsh [Thu, 7 Apr 2011 15:01:34 +0000 (11:01 -0400)]
Allow sshd to transition to sysadm_t if ssh_sysadm_login is turned on
Dan Walsh [Thu, 7 Apr 2011 14:27:29 +0000 (10:27 -0400)]
Allow apps that search pids to read /var/run if it is a lnk_file
Dan Walsh [Thu, 7 Apr 2011 14:22:42 +0000 (10:22 -0400)]
dontaudit dbus chat attempts between sandbox and devicekit_disk
Dan Walsh [Thu, 7 Apr 2011 13:52:38 +0000 (09:52 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 7 Apr 2011 13:52:21 +0000 (09:52 -0400)]
Asterisk needs to read alsa config, chown files and we want to dontaudit searching homedir, setroubleshoot needs to read more files and execute ldd to see if programs need execstack
Miroslav Grepl [Thu, 7 Apr 2011 11:25:28 +0000 (11:25 +0000)]
Allow ksysguardproce to read stat
Dan Walsh [Wed, 6 Apr 2011 20:11:02 +0000 (16:11 -0400)]
iscsid_t creates its own directory
Dan Walsh [Wed, 6 Apr 2011 18:19:14 +0000 (14:19 -0400)]
Allow init to list var_lock_t dir
Dan Walsh [Wed, 6 Apr 2011 18:07:23 +0000 (14:07 -0400)]
init needs to relable var_lock_t and tmpfs_t files and directories
Dan Walsh [Wed, 6 Apr 2011 17:56:21 +0000 (13:56 -0400)]
apm needs to verify user accounts auth_use_nsswitch
Dan Walsh [Wed, 6 Apr 2011 14:44:20 +0000 (10:44 -0400)]
usermanage needs mls override to check all processes
Miroslav Grepl [Wed, 6 Apr 2011 13:57:15 +0000 (13:57 +0000)]
Allow ssh_keygen_t read and write a user TTYs and PTYs
Miroslav Grepl [Wed, 6 Apr 2011 10:05:05 +0000 (10:05 +0000)]
Stop transitioning from unconfined_t to mock_t
Dan Walsh [Tue, 5 Apr 2011 16:28:01 +0000 (12:28 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 5 Apr 2011 16:27:16 +0000 (12:27 -0400)]
fix slapd init script file context
Miroslav Grepl [Mon, 4 Apr 2011 23:54:17 +0000 (23:54 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 4 Apr 2011 23:37:20 +0000 (23:37 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 4 Apr 2011 22:46:22 +0000 (22:46 +0000)]
Fix typo
Miroslav Grepl [Mon, 4 Apr 2011 20:32:11 +0000 (20:32 +0000)]
comment out the sepolgen line
Dan Walsh [Mon, 4 Apr 2011 20:07:25 +0000 (16:07 -0400)]
Allow lvm_t to read mdadm_var_run_t and allow it to use userdom sem
Dan Walsh [Mon, 4 Apr 2011 19:36:51 +0000 (15:36 -0400)]
Allow procmail and system_mail_t to user fifo_file passed into it from postfix_master
Dan Walsh [Mon, 4 Apr 2011 19:29:43 +0000 (15:29 -0400)]
nslcd_t is looking for kerberos cc files
Dan Walsh [Mon, 4 Apr 2011 19:14:23 +0000 (15:14 -0400)]
SSH_USE_STRONG_RNG is 1 which requires /dev/random.
Dan Walsh [Mon, 4 Apr 2011 19:05:19 +0000 (15:05 -0400)]
Fix auth_rw_faillog definition
Dan Walsh [Mon, 4 Apr 2011 18:42:37 +0000 (14:42 -0400)]
Allow sysadm_t to set attributes on fixed disks
Chris PeBenito [Mon, 4 Apr 2011 18:37:29 +0000 (14:37 -0400)]
Dovecot managesieve support from Mika Pfluger.
Dan Walsh [Mon, 4 Apr 2011 18:21:26 +0000 (14:21 -0400)]
allow user domains to execute lsof and look at application sockets
Dan Walsh [Mon, 4 Apr 2011 18:10:17 +0000 (14:10 -0400)]
prelink_cron job calls telinit -u if init is rewritten
Dan Walsh [Mon, 4 Apr 2011 17:46:13 +0000 (13:46 -0400)]
crond_t wants to read init state, staff_t needs to be able to delete pulseaudio tmpfs_t created by qemu_t
Dan Walsh [Mon, 4 Apr 2011 17:43:17 +0000 (13:43 -0400)]
Fixes to run qemu_t from staff_t
Chris PeBenito [Mon, 4 Apr 2011 17:43:09 +0000 (13:43 -0400)]
Changelog for remove unnecessary semicolons after interface/template calls everywhere from Elia Pinto.
Elia Pinto [Mon, 4 Apr 2011 16:16:23 +0000 (18:16 +0200)]
trunk: remove unnecessary semicolons after interface/template calls everywhereSigned-off-by: Elia Pinto <gitter.spiros@gmail.com>
Miroslav Grepl [Mon, 4 Apr 2011 17:14:10 +0000 (17:14 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 4 Apr 2011 13:32:51 +0000 (09:32 -0400)]
Add ssh_run_keygen to ssh_role_template
Miroslav Grepl [Mon, 4 Apr 2011 12:21:11 +0000 (12:21 +0000)]
Allow smbd_t sys_chroot capability
Miroslav Grepl [Sat, 2 Apr 2011 01:32:45 +0000 (01:32 +0000)]
Fix typealias declaration
Miroslav Grepl [Sat, 2 Apr 2011 01:25:56 +0000 (01:25 +0000)]
Fix other typo in udev.te
Miroslav Grepl [Sat, 2 Apr 2011 01:19:08 +0000 (01:19 +0000)]
Fix typo
Miroslav Grepl [Sat, 2 Apr 2011 01:09:09 +0000 (01:09 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 1 Apr 2011 17:42:44 +0000 (13:42 -0400)]
Run_init is getattr all of /dev
Miroslav Grepl [Fri, 1 Apr 2011 16:01:03 +0000 (16:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 1 Apr 2011 15:45:58 +0000 (15:45 +0000)]
Fix label for /var/run/udev
Miroslav Grepl [Fri, 1 Apr 2011 15:40:53 +0000 (15:40 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 1 Apr 2011 15:36:19 +0000 (15:36 +0000)]
Add fs_setattr_tmpfs_dir interface
Miroslav Grepl [Fri, 1 Apr 2011 15:33:30 +0000 (15:33 +0000)]
Add label for /run/udev
Miroslav Grepl [Fri, 1 Apr 2011 15:00:28 +0000 (15:00 +0000)]
Change back Makefile and Rules.modular
Miroslav Grepl [Fri, 1 Apr 2011 14:57:55 +0000 (14:57 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 1 Apr 2011 14:35:38 +0000 (10:35 -0400)]
add transition from sysadm_t to sshd_keygen_t
Dan Walsh [Fri, 1 Apr 2011 14:15:43 +0000 (10:15 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 1 Apr 2011 14:14:18 +0000 (10:14 -0400)]
Fix udev files labels in /run/udev, remove udev_tbl_t and replace with udev_var_run_t
Dan Walsh [Fri, 1 Apr 2011 13:24:29 +0000 (09:24 -0400)]
Allow mock_t to setattr on sysfs_t dir, not sure if this would work with a dontaudit
Dan Walsh [Fri, 1 Apr 2011 12:55:50 +0000 (08:55 -0400)]
Mock needs to be able to read network state
Dan Walsh [Fri, 1 Apr 2011 12:55:29 +0000 (08:55 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 1 Apr 2011 13:37:14 +0000 (13:37 +0000)]
readahead needs to write to /run/systemd/notify
Miroslav Grepl [Fri, 1 Apr 2011 12:03:23 +0000 (12:03 +0000)]
Allow systemd-tmpfiles relabel /run/lock which is mounted as tmpfs_t
Miroslav Grepl [Fri, 1 Apr 2011 10:58:33 +0000 (10:58 +0000)]
Add label for /var/run/systemd/readahead
Miroslav Grepl [Thu, 31 Mar 2011 22:55:43 +0000 (22:55 +0000)]
Add init_search_pid_dirs interfrace
Miroslav Grepl [Thu, 31 Mar 2011 22:40:08 +0000 (22:40 +0000)]
Fix typo
Miroslav Grepl [Thu, 31 Mar 2011 22:36:22 +0000 (22:36 +0000)]
Fix label for /run/systemd/ask-password-block/
Miroslav Grepl [Thu, 31 Mar 2011 22:35:39 +0000 (22:35 +0000)]
Add init_create_pid_dirs interface
Miroslav Grepl [Thu, 31 Mar 2011 22:20:29 +0000 (22:20 +0000)]
readahead changes relating to /run change
Miroslav Grepl [Thu, 31 Mar 2011 22:03:30 +0000 (22:03 +0000)]
systemd_passwd changes relating to /run change
Dan Walsh [Thu, 31 Mar 2011 21:20:15 +0000 (17:20 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 31 Mar 2011 19:36:47 +0000 (19:36 +0000)]
Add files_lock_file for var_lock_t type
Dan Walsh [Thu, 31 Mar 2011 19:20:52 +0000 (15:20 -0400)]
dontaudit NetworkManager, udev and libvirt sys_module until kernel or userspace is fixed
Dan Walsh [Thu, 31 Mar 2011 19:10:34 +0000 (15:10 -0400)]
Daemons seem to be reading init_t directories, I am adding a dontaudit.
Miroslav Grepl [Thu, 31 Mar 2011 18:08:39 +0000 (18:08 +0000)]
Remove change for filetrans_pattern
Chris PeBenito [Thu, 31 Mar 2011 17:29:59 +0000 (13:29 -0400)]
Start pulling in pieces of Fedora policy in system layer.
Dan Walsh [Thu, 31 Mar 2011 15:47:09 +0000 (11:47 -0400)]
Allow initrc_t to create var_run_t dirs
Dan Walsh [Thu, 31 Mar 2011 15:44:02 +0000 (11:44 -0400)]
Fix init_stream_connect to allow domains to communicate with /run/systemd sockets
Dan Walsh [Thu, 31 Mar 2011 15:43:37 +0000 (11:43 -0400)]
Fix init_stream_connect to allow domains to communicate with /run/systemd sockets
Dan Walsh [Thu, 31 Mar 2011 15:15:51 +0000 (11:15 -0400)]
Allow init to create /run/lock
Dan Walsh [Thu, 31 Mar 2011 15:09:47 +0000 (11:09 -0400)]
Allow init to create /run/systemd with the correct label
Dan Walsh [Thu, 31 Mar 2011 15:01:54 +0000 (11:01 -0400)]
fsadm_t wants to read init /proc data
Dan Walsh [Thu, 31 Mar 2011 14:59:50 +0000 (10:59 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 31 Mar 2011 15:42:12 +0000 (15:42 +0000)]
Fix typo
Dan Walsh [Thu, 31 Mar 2011 14:59:35 +0000 (10:59 -0400)]
Fixes for /run directory
Dan Walsh [Thu, 31 Mar 2011 14:54:44 +0000 (10:54 -0400)]
Fixes for /run directory
Dan Walsh [Thu, 31 Mar 2011 14:54:35 +0000 (10:54 -0400)]
Fixes for /run directory
Dan Walsh [Thu, 31 Mar 2011 14:53:53 +0000 (10:53 -0400)]
dontaudit the setsched of domains that are dontaudited from chatting with the rtkit_daemon, only happens in permissive mode
Dan Walsh [Thu, 31 Mar 2011 14:53:00 +0000 (10:53 -0400)]
Allow rgmanager to send the kill signal to all users
Chris PeBenito [Thu, 31 Mar 2011 13:49:01 +0000 (09:49 -0400)]
Pull in additional changes in kernel layer from Fedora.
Chris PeBenito [Thu, 31 Mar 2011 12:55:05 +0000 (08:55 -0400)]
Whitespace fix in filesystem.
Chris PeBenito [Thu, 31 Mar 2011 12:52:07 +0000 (08:52 -0400)]
Remove eventpollfs_t.
Dan Walsh [Thu, 31 Mar 2011 12:45:39 +0000 (08:45 -0400)]
Allow ssh_t to search /root/.ssh and create it if it does not exist
Dan Walsh [Thu, 31 Mar 2011 12:40:35 +0000 (08:40 -0400)]
Allow audit daemons to change the run level in MLS environments
projects / people / stevee / selinux-policy.git / log
