]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Tue, 15 Nov 2011 21:23:17 +0000 (22:23 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 15 Nov 2011 21:12:55 +0000 (22:12 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 15 Nov 2011 21:00:08 +0000 (22:00 +0100)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 15 Nov 2011 19:22:12 +0000 (14:22 -0500)]
Add ssh_dontaudit_search_home_dir
Dan Walsh [Tue, 15 Nov 2011 19:20:06 +0000 (14:20 -0500)]
Changes to allow namespace_init_t to work
Dan Walsh [Tue, 15 Nov 2011 18:34:20 +0000 (13:34 -0500)]
Add interface to allow exec of mongod, add port definition for mongod port, 27017
Dan Walsh [Tue, 15 Nov 2011 14:38:00 +0000 (09:38 -0500)]
Label .kde/share/apps/networkmanagement/certificates/ as home_cert_t
Dan Walsh [Tue, 15 Nov 2011 14:19:21 +0000 (09:19 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 15 Nov 2011 14:18:03 +0000 (09:18 -0500)]
Allow spamd and clamd to steam connect to each other
Dan Walsh [Tue, 15 Nov 2011 14:17:37 +0000 (09:17 -0500)]
Add policy label for passwd.OLD
Miroslav Grepl [Tue, 15 Nov 2011 11:03:21 +0000 (11:03 +0000)]
More fixes for postfix and postfix maildrop
Miroslav Grepl [Tue, 15 Nov 2011 10:51:27 +0000 (10:51 +0000)]
Add ftp support for mozilla plugins
Miroslav Grepl [Tue, 15 Nov 2011 10:33:28 +0000 (10:33 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
dwalsh [Mon, 14 Nov 2011 19:52:00 +0000 (14:52 -0500)]
Useradd now needs to manage policy since it calls libsemanage
Miroslav Grepl [Mon, 14 Nov 2011 18:59:10 +0000 (18:59 +0000)]
Other policykit fixes
Miroslav Grepl [Mon, 14 Nov 2011 18:04:24 +0000 (18:04 +0000)]
Try to add devicekit_relabel_log_files() instead of filename trans for apmd since there is a conflict between apmd_var_log_t and devicekit_var_log_t
Miroslav Grepl [Mon, 14 Nov 2011 16:56:55 +0000 (16:56 +0000)]
Fix devicekit_manage_log_files() interface
Miroslav Grepl [Mon, 14 Nov 2011 16:51:53 +0000 (16:51 +0000)]
Fix devicekit_* filename trans interfaces
Miroslav Grepl [Mon, 14 Nov 2011 15:29:31 +0000 (15:29 +0000)]
Add policykit_domain attribute for policykit domains and call auth_use_nsswitch just for this attribute
Miroslav Grepl [Mon, 14 Nov 2011 15:12:50 +0000 (15:12 +0000)]
Allow colord to execute ifconfig
Miroslav Grepl [Mon, 14 Nov 2011 14:45:28 +0000 (14:45 +0000)]
Allow accountsd to read /sys
Miroslav Grepl [Mon, 14 Nov 2011 14:25:26 +0000 (14:25 +0000)]
Allow accountsd to read /sys
Miroslav Grepl [Mon, 14 Nov 2011 13:48:34 +0000 (13:48 +0000)]
Allow mysqld-safe to execute shell
Miroslav Grepl [Mon, 14 Nov 2011 13:46:30 +0000 (13:46 +0000)]
Allow openct to stream connect to pcscd
Miroslav Grepl [Mon, 14 Nov 2011 13:08:35 +0000 (13:08 +0000)]
Add label for /var/run/nm-dns-dnsmasq\.conf
Dan Walsh [Fri, 11 Nov 2011 22:25:28 +0000 (17:25 -0500)]
Allow apmd to run pm-suspend and create the devicekit log files with the correct label
Dan Walsh [Fri, 11 Nov 2011 22:14:57 +0000 (17:14 -0500)]
Allow networkmanager to chat with virtd_t
Dan Walsh [Fri, 11 Nov 2011 22:09:54 +0000 (17:09 -0500)]
Allow init to run postfix aliases.db file and read /etc/aliases file
Dan Walsh [Fri, 11 Nov 2011 21:58:56 +0000 (16:58 -0500)]
Allow pulseaudio to read .esd_auth file
Dan Walsh [Fri, 11 Nov 2011 21:45:33 +0000 (16:45 -0500)]
Fix ldconfig to create file with the correct label
Dan Walsh [Fri, 11 Nov 2011 21:39:11 +0000 (16:39 -0500)]
Change all calls that use the use_nfs_home_dirs to use attributes for either userdom_home_reader_type or userdom_home_manager_type, then we don't have to cut and paste the same code all over the place
Dan Walsh [Fri, 11 Nov 2011 20:09:43 +0000 (15:09 -0500)]
fix copy paste errors
Dan Walsh [Fri, 11 Nov 2011 20:01:08 +0000 (15:01 -0500)]
Allow mock to create dirs as well as files
Dan Walsh [Fri, 11 Nov 2011 19:57:48 +0000 (14:57 -0500)]
Multiple fixes for blueman
Dan Walsh [Fri, 11 Nov 2011 19:57:22 +0000 (14:57 -0500)]
Allow pulseaudio_t to manage lnk_files in homedir
Dan Walsh [Fri, 11 Nov 2011 19:14:31 +0000 (14:14 -0500)]
Remove all patches to execmem, java, openoffice and mono
Dan Walsh [Fri, 11 Nov 2011 18:56:30 +0000 (13:56 -0500)]
We have to get rid of java_exec_t, mono_exec_t, execmem_exec_t to stop templates from working
Dan Walsh [Fri, 11 Nov 2011 17:10:06 +0000 (12:10 -0500)]
Allow fail2ban to manage /etc/deny.hosts
Dan Walsh [Fri, 11 Nov 2011 15:53:06 +0000 (10:53 -0500)]
Dontaudit access_check for all files from xdm_t, it runs gnome-shell
Dan Walsh [Fri, 11 Nov 2011 15:40:15 +0000 (10:40 -0500)]
Add new device label for /dev/ati/card.*
Dan Walsh [Fri, 11 Nov 2011 15:36:38 +0000 (10:36 -0500)]
Added getattr to dontaudit
Dan Walsh [Fri, 11 Nov 2011 15:29:13 +0000 (10:29 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 11 Nov 2011 15:29:03 +0000 (10:29 -0500)]
Allow keyring to read /sys/devices/system/cpu/online
Miroslav Grepl [Fri, 11 Nov 2011 15:12:08 +0000 (15:12 +0000)]
Puppet fixes
Miroslav Grepl [Fri, 11 Nov 2011 15:07:22 +0000 (15:07 +0000)]
REmove userdom_manage_home_role() pulseaudio_role()
Miroslav Grepl [Fri, 11 Nov 2011 15:01:24 +0000 (15:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 11 Nov 2011 14:08:44 +0000 (09:08 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 11 Nov 2011 13:54:55 +0000 (13:54 +0000)]
Puppet fixes
Miroslav Grepl [Fri, 11 Nov 2011 08:29:19 +0000 (08:29 +0000)]
Allow smbcontrol to signal themselves
Dan Walsh [Thu, 10 Nov 2011 23:56:54 +0000 (18:56 -0500)]
Move permissive blueman to permissivedomains.te
Dan Walsh [Thu, 10 Nov 2011 23:29:47 +0000 (18:29 -0500)]
Add blueman policy
Dan Walsh [Thu, 10 Nov 2011 23:29:25 +0000 (18:29 -0500)]
virt wants to dbus chat with init
Dan Walsh [Thu, 10 Nov 2011 23:28:58 +0000 (18:28 -0500)]
tmpreaper wants to read meminfo
Dan Walsh [Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)]
Allow smbcontrol_t to signal itself
dwalsh [Thu, 10 Nov 2011 19:49:14 +0000 (14:49 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
dwalsh [Thu, 10 Nov 2011 19:48:56 +0000 (14:48 -0500)]
add label for /var/spool/turboprint
Dan Walsh [Thu, 10 Nov 2011 16:49:00 +0000 (11:49 -0500)]
Allow piranha_web_t to read /dev/random
dwalsh [Thu, 10 Nov 2011 14:33:07 +0000 (09:33 -0500)]
Remove all f16 permissive domains from F17
dwalsh [Thu, 10 Nov 2011 14:27:27 +0000 (09:27 -0500)]
Remove execmem_exec_t, java_exec_t, mono_exec_t and allow confined users to use execmem, add deny_execmem boolean to turn off execmem for all users. Probably will only work in server non graphical environments since so much of the desktop now requies JIT and execmem
dwalsh [Thu, 10 Nov 2011 14:19:43 +0000 (09:19 -0500)]
I am moving to remove consoletype policy package altogether from the system. I want to see if anything breaks without this package. It has tended to be an SELinux AVC generator with little to no benefit
dwalsh [Thu, 10 Nov 2011 14:14:04 +0000 (09:14 -0500)]
Remove need for qemu.te file altogether by moving qemu_exec_t to virt.te
dwalsh [Thu, 10 Nov 2011 13:50:05 +0000 (08:50 -0500)]
Add a boolean to turn off all instances of ptrace in the policy
dwalsh [Thu, 10 Nov 2011 13:46:46 +0000 (08:46 -0500)]
More apache script domain to use attributes, to shrink the size of policy
dwalsh [Thu, 10 Nov 2011 13:39:06 +0000 (08:39 -0500)]
Add label to /etc/passwd and /etc/group files, to start to block containers from being able to read their contents.
dwalsh [Thu, 10 Nov 2011 13:24:04 +0000 (08:24 -0500)]
Icecast seems to need to read /dev/rand and /dev/urand
Miroslav Grepl [Thu, 10 Nov 2011 07:07:46 +0000 (07:07 +0000)]
Revert "Fix pulseaudio_role() and move usermanage_home_role() template to appropriate places"
This reverts commit
732e5bc35d39e7911eb7787f69ae326cc0472594 .
Miroslav Grepl [Thu, 10 Nov 2011 07:06:30 +0000 (07:06 +0000)]
Add TODO comment for puppet
Miroslav Grepl [Thu, 10 Nov 2011 07:01:58 +0000 (07:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 9 Nov 2011 22:58:50 +0000 (17:58 -0500)]
Add allow rules for puppet based on Orions AVCs in Rawhide
Dan Walsh [Wed, 9 Nov 2011 20:52:44 +0000 (15:52 -0500)]
logrotate needs to be able to send signals at all levels
Dan Walsh [Wed, 9 Nov 2011 18:33:09 +0000 (13:33 -0500)]
Allow crond to send dbus messages to init
Dan Walsh [Wed, 9 Nov 2011 17:58:27 +0000 (12:58 -0500)]
init needs to be able to create private tmp dirs for services
Dan Walsh [Wed, 9 Nov 2011 17:57:51 +0000 (12:57 -0500)]
Consolekit needs to read the environ field of logged in users
Miroslav Grepl [Wed, 9 Nov 2011 14:19:25 +0000 (14:19 +0000)]
Fix pulseaudio_role() and move usermanage_home_role() template to appropriate places
Dan Walsh [Wed, 9 Nov 2011 13:16:01 +0000 (08:16 -0500)]
Allow dhcpc_t to read chronyd keys files
Dan Walsh [Wed, 9 Nov 2011 13:07:42 +0000 (08:07 -0500)]
vhostmd needs to send itself signals and wants to read /dev/random
Miroslav Grepl [Wed, 9 Nov 2011 09:26:33 +0000 (09:26 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 9 Nov 2011 09:22:59 +0000 (09:22 +0000)]
Add vhostmd fixes
Dan Walsh [Tue, 8 Nov 2011 20:23:51 +0000 (15:23 -0500)]
Add 9990 as a new port for jboss_management
Dan Walsh [Tue, 8 Nov 2011 17:08:40 +0000 (12:08 -0500)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 8 Nov 2011 17:08:28 +0000 (12:08 -0500)]
Allow login programs to connect to the pki_ca_port
Dan Walsh [Tue, 8 Nov 2011 17:08:01 +0000 (12:08 -0500)]
Allow service_munin_plugin_t to create its own shm
Miroslav Grepl [Tue, 8 Nov 2011 16:54:26 +0000 (16:54 +0000)]
Allow user_mail_t to read mail home file
Miroslav Grepl [Tue, 8 Nov 2011 15:05:34 +0000 (15:05 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
dwalsh [Tue, 8 Nov 2011 14:44:24 +0000 (09:44 -0500)]
Add filetrans rules for homecontent in userdom, allow chrome_sandbox to create home_cert_t
Miroslav Grepl [Mon, 7 Nov 2011 19:46:32 +0000 (19:46 +0000)]
Fix typo in fstools policy
Miroslav Grepl [Mon, 7 Nov 2011 17:25:35 +0000 (17:25 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Mon, 7 Nov 2011 17:24:25 +0000 (17:24 +0000)]
Make faillog MLS trusted to make sudo_$1_t working
Miroslav Grepl [Mon, 7 Nov 2011 17:23:18 +0000 (17:23 +0000)]
Fix the latest MCS patch to restrict fifo_file only on open to make sandbox working
Dan Walsh [Mon, 7 Nov 2011 23:47:14 +0000 (18:47 -0500)]
Allow sandbox_web_client_t to read passwd_file_t
Dan Walsh [Mon, 7 Nov 2011 16:58:50 +0000 (11:58 -0500)]
Add .mailrc file context
Dan Walsh [Fri, 4 Nov 2011 20:39:32 +0000 (16:39 -0400)]
Remove execheap from openoffice domain
Dan Walsh [Fri, 4 Nov 2011 18:52:27 +0000 (14:52 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 4 Nov 2011 18:52:12 +0000 (14:52 -0400)]
Allow chrome_sandbox_nacl_t to read cpu_info
Miroslav Grepl [Fri, 4 Nov 2011 18:14:18 +0000 (18:14 +0000)]
Allow virtd to relabel generic usb which is need if USB device
Miroslav Grepl [Fri, 4 Nov 2011 17:38:17 +0000 (17:38 +0000)]
Allow fsadm to read all to read files and directories regardless of their MCS category set.
Miroslav Grepl [Fri, 4 Nov 2011 16:31:11 +0000 (16:31 +0000)]
Fixes for virt.if interfaces to consiger chr_file as image file type
Miroslav Grepl [Fri, 4 Nov 2011 15:02:17 +0000 (15:02 +0000)]
Also add MCS fixes for initrc
Miroslav Grepl [Fri, 4 Nov 2011 15:01:34 +0000 (15:01 +0000)]
init_t needs mcs fixes
Miroslav Grepl [Fri, 4 Nov 2011 14:33:12 +0000 (14:33 +0000)]
virtd_t needs to able to relabel chr_file
projects / people / stevee / selinux-policy.git / log
