]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Miroslav Grepl [Fri, 4 Nov 2011 14:31:49 +0000 (14:31 +0000)]
Allow virtd_t to execute qemu-kvm
Dan Walsh [Fri, 4 Nov 2011 14:16:59 +0000 (10:16 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 4 Nov 2011 14:16:32 +0000 (10:16 -0400)]
init execs /lib/systemd/ksmctl which writes to the run fields in sysfs
Miroslav Grepl [Fri, 4 Nov 2011 13:44:14 +0000 (13:44 +0000)]
Changes for policy/mcs
Miroslav Grepl [Fri, 4 Nov 2011 12:24:21 +0000 (12:24 +0000)]
Fix thumb_role() interface
Miroslav Grepl [Fri, 4 Nov 2011 12:19:39 +0000 (12:19 +0000)]
Fix typo
Miroslav Grepl [Fri, 4 Nov 2011 11:42:46 +0000 (11:42 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 4 Nov 2011 11:42:18 +0000 (11:42 +0000)]
Allow systemd-tmpfile to delete /run/user/$USER/dconf
Miroslav Grepl [Fri, 4 Nov 2011 11:27:53 +0000 (11:27 +0000)]
Add dirsrvadmin_lock_t type
Dan Walsh [Thu, 3 Nov 2011 18:29:32 +0000 (14:29 -0400)]
Allow systemd_tmpfiles_t to delete all user content, if the user moves a file to /tmp, systemd_tmpfiles_t needs to be able to delete it. Also will fix the abiltiy to delete /run/user/ content
Dan Walsh [Thu, 3 Nov 2011 18:23:42 +0000 (14:23 -0400)]
Allow plymouthd_t to talk to sssd
Miroslav Grepl [Thu, 3 Nov 2011 15:31:09 +0000 (15:31 +0000)]
Fix context declaration in cloudform.fc
Dan Walsh [Thu, 3 Nov 2011 15:24:47 +0000 (11:24 -0400)]
megadev should be a fixed_disk, not a removable disk.
Dan Walsh [Thu, 3 Nov 2011 15:16:06 +0000 (11:16 -0400)]
use the correct interface
Dan Walsh [Thu, 3 Nov 2011 15:10:30 +0000 (11:10 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 3 Nov 2011 15:09:51 +0000 (11:09 -0400)]
We have seen mount execute the consolehelper executable
dwalsh [Thu, 3 Nov 2011 14:16:58 +0000 (10:16 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 3 Nov 2011 14:15:34 +0000 (10:15 -0400)]
Package-cleanup does uses the rpm libraries
Dan Walsh [Thu, 3 Nov 2011 13:25:53 +0000 (09:25 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 3 Nov 2011 13:24:04 +0000 (09:24 -0400)]
Allow quota to add quotadb files to mail_spool and mta_mquue
Miroslav Grepl [Thu, 3 Nov 2011 12:19:32 +0000 (12:19 +0000)]
Allow initrc_t to manage dirsrv pid files
dwalsh [Wed, 2 Nov 2011 16:40:39 +0000 (12:40 -0400)]
Updated cloudforms policy for latest AVC's
dwalsh [Wed, 2 Nov 2011 16:10:22 +0000 (12:10 -0400)]
MLS Overrides needed for a user running at a level to be able to use sudo and talk to sssd
dwalsh [Wed, 2 Nov 2011 16:09:30 +0000 (12:09 -0400)]
More AVCS from Tom London for thumb
dwalsh [Wed, 2 Nov 2011 14:33:32 +0000 (10:33 -0400)]
Tom London avc's show thumb domain connencting back to user unix_stream_sockets
dwalsh [Wed, 2 Nov 2011 14:32:57 +0000 (10:32 -0400)]
Tom London shows telepathy_msn_t trying to look at pid 1, no reason to not allow it
dwalsh [Wed, 2 Nov 2011 14:32:08 +0000 (10:32 -0400)]
Allow userdomains to talk to usbmuxd for handling ipods
dwalsh [Wed, 2 Nov 2011 14:20:37 +0000 (10:20 -0400)]
Allow devicekit_power_t to manage content in gnome directories of home dir, also allow it to read /dev/urandom
Miroslav Grepl [Wed, 2 Nov 2011 11:38:30 +0000 (11:38 +0000)]
Remove duplicat TE rules
Miroslav Grepl [Wed, 2 Nov 2011 09:43:46 +0000 (09:43 +0000)]
Fix dev_filetrans_xserver_named_dev() interface
Miroslav Grepl [Wed, 2 Nov 2011 09:23:11 +0000 (09:23 +0000)]
Add support for pam_tty_audit.so for sudo domains
Miroslav Grepl [Wed, 2 Nov 2011 09:03:36 +0000 (09:03 +0000)]
Make cloudform working again with SELinux
Miroslav Grepl [Wed, 2 Nov 2011 07:57:58 +0000 (07:57 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 1 Nov 2011 20:28:04 +0000 (16:28 -0400)]
Allow fsetid to smbd_t policy
Dan Walsh [Tue, 1 Nov 2011 20:21:47 +0000 (16:21 -0400)]
Add dev_filetrans_xserver_misc to xserver_t so that if it creates a device in /dev it will be labeled xserver_misc_dev_t:
Dan Walsh [Tue, 1 Nov 2011 18:54:12 +0000 (14:54 -0400)]
Allow xserver_t to create nvidia devices with the correct label
Dan Walsh [Tue, 1 Nov 2011 15:39:36 +0000 (11:39 -0400)]
devicekit_dontaudit_rw_log actually needs open
Dan Walsh [Tue, 1 Nov 2011 15:38:52 +0000 (11:38 -0400)]
mozilla_plugin_tmpfs_t not used in mozila_domtrans_plugin interface
Dan Walsh [Tue, 1 Nov 2011 15:38:24 +0000 (11:38 -0400)]
Duplicate policy removed
Dan Walsh [Tue, 1 Nov 2011 15:15:25 +0000 (11:15 -0400)]
gnomeclock on kde wants to create dgram_socket
Dan Walsh [Tue, 1 Nov 2011 13:40:39 +0000 (09:40 -0400)]
initrc_t should not be setting up devices if unconfined.pp is disabled
Dan Walsh [Tue, 1 Nov 2011 13:40:03 +0000 (09:40 -0400)]
Allow virtd_t domains to manage svirt_image_t chr_file
Miroslav Grepl [Tue, 1 Nov 2011 11:59:07 +0000 (11:59 +0000)]
Allow tor to read sysfs_t
Miroslav Grepl [Tue, 1 Nov 2011 11:17:28 +0000 (11:17 +0000)]
Fix abrt_manage_cache() interface
Miroslav Grepl [Tue, 1 Nov 2011 11:09:43 +0000 (11:09 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 1 Nov 2011 06:39:55 +0000 (06:39 +0000)]
Revert "remove temporary fixes"
This reverts commit
d62a4335e120f3f385575c25d20e2198b69ac3c1 .
Miroslav Grepl [Tue, 1 Nov 2011 06:31:38 +0000 (06:31 +0000)]
Revert "Temporary remove conflict filename transition for kernel_t"
This reverts commit
dac919641809cd23dbdeb7f8b288c985a3d6b7ef .
Miroslav Grepl [Tue, 1 Nov 2011 06:30:50 +0000 (06:30 +0000)]
remove temporary fixes
Dan Walsh [Mon, 31 Oct 2011 20:39:56 +0000 (16:39 -0400)]
Make filetrans rules optional so base policy will build
Dan Walsh [Mon, 31 Oct 2011 18:50:49 +0000 (14:50 -0400)]
Dontaudit chkpwd_t access to inherited TTYS
Dan Walsh [Mon, 31 Oct 2011 18:46:20 +0000 (14:46 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)]
Make sure postfix content gets created with the correct label
Miroslav Grepl [Mon, 31 Oct 2011 14:49:40 +0000 (14:49 +0000)]
Temporary remove conflict filename transition for kernel_t
Miroslav Grepl [Mon, 31 Oct 2011 13:10:36 +0000 (13:10 +0000)]
Allow gnomeclock to read cgroup
Miroslav Grepl [Mon, 31 Oct 2011 11:26:12 +0000 (11:26 +0000)]
Move libs* calling in kernel.te to optional blokc
Miroslav Grepl [Mon, 31 Oct 2011 11:11:01 +0000 (11:11 +0000)]
Fixes for cloudform policy
Miroslav Grepl [Mon, 31 Oct 2011 10:00:08 +0000 (10:00 +0000)]
Allow pptp to read kernel network state
Miroslav Grepl [Mon, 31 Oct 2011 08:37:58 +0000 (08:37 +0000)]
Allow gpg to read spamd tmp file
Miroslav Grepl [Mon, 31 Oct 2011 08:56:20 +0000 (08:56 +0000)]
Allow kcmdatetimehelper to read hardware state information
Dan Walsh [Fri, 28 Oct 2011 20:36:35 +0000 (16:36 -0400)]
New name for imagfac.py
Dan Walsh [Fri, 28 Oct 2011 20:28:58 +0000 (16:28 -0400)]
Move named file trans rules from unconfined_t to all unconfined_domains
Dan Walsh [Fri, 28 Oct 2011 20:28:06 +0000 (16:28 -0400)]
matahari-serviced reads /etc/machine-id
Dan Walsh [Fri, 28 Oct 2011 20:02:50 +0000 (16:02 -0400)]
Allow plymouthd to read the process info on gdm
Dan Walsh [Fri, 28 Oct 2011 16:38:09 +0000 (12:38 -0400)]
Add policy for matahari-qmf-sysconfigd
Dan Walsh [Fri, 28 Oct 2011 16:36:29 +0000 (12:36 -0400)]
Add policy for matahari-qmf-sysconfigd
Dan Walsh [Fri, 28 Oct 2011 13:57:23 +0000 (09:57 -0400)]
use LDAP (OpenLDAP) with TLS (NSS) requires slapd_t be able to write to /var/cache/coolkey
Dan Walsh [Fri, 28 Oct 2011 13:41:31 +0000 (09:41 -0400)]
Handle all drupal versions
Dan Walsh [Fri, 28 Oct 2011 13:31:01 +0000 (09:31 -0400)]
Allow dovecot_auth to changes the sched algorythm
Dan Walsh [Fri, 28 Oct 2011 13:24:02 +0000 (09:24 -0400)]
additional access required for matahari_serviced_t
Dan Walsh [Fri, 28 Oct 2011 13:21:14 +0000 (09:21 -0400)]
Need to allow matahari_serviced_t to transition scripts and config all services
Dan Walsh [Thu, 27 Oct 2011 21:21:59 +0000 (17:21 -0400)]
Allow chrome_sandbox_t to search user homedirs
Dan Walsh [Thu, 27 Oct 2011 20:57:32 +0000 (16:57 -0400)]
Chome_sandbox needs to read chrome_sandbox_nacl_t /proc data
Dan Walsh [Thu, 27 Oct 2011 20:15:29 +0000 (16:15 -0400)]
Allow chrome to interact with passed in stream sockets
Dan Walsh [Thu, 27 Oct 2011 13:50:04 +0000 (09:50 -0400)]
Check in fixed for Chrome nacl support
Dan Walsh [Wed, 26 Oct 2011 14:16:32 +0000 (10:16 -0400)]
Begin removing qemu_t domain, we really no longer need this domain. Want to
Dan Walsh [Wed, 26 Oct 2011 13:23:02 +0000 (09:23 -0400)]
systemd_passwd needs dac_overide to communicate with users TTY's
Dan Walsh [Wed, 26 Oct 2011 13:22:31 +0000 (09:22 -0400)]
Allow svirt_lxc domains to send kill signals within their container
Dan Walsh [Tue, 25 Oct 2011 19:53:29 +0000 (15:53 -0400)]
Allow policykit to talk to the systemd via dbus
Dan Walsh [Tue, 25 Oct 2011 19:49:55 +0000 (15:49 -0400)]
Move chrome_sandbox_nacl_t to permissive domains
Dan Walsh [Tue, 25 Oct 2011 19:48:41 +0000 (15:48 -0400)]
Additional rules for chrome_sandbox_nacl
Dan Walsh [Tue, 25 Oct 2011 15:40:06 +0000 (11:40 -0400)]
Change bootstrap name to nacl
Dan Walsh [Tue, 25 Oct 2011 15:21:14 +0000 (11:21 -0400)]
Chrome still needs execmem
Dan Walsh [Tue, 25 Oct 2011 15:20:41 +0000 (11:20 -0400)]
Missing role for chrome_sandbox_bootstrap
Dan Walsh [Tue, 25 Oct 2011 14:42:31 +0000 (10:42 -0400)]
Add boolean to remove execmem and execstack from virtual machines
Dan Walsh [Tue, 25 Oct 2011 13:47:44 +0000 (09:47 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 25 Oct 2011 13:47:28 +0000 (09:47 -0400)]
Dontaudit xdm_t doing an access_check on etc_t directories
Miroslav Grepl [Mon, 24 Oct 2011 22:13:52 +0000 (22:13 +0000)]
Allow named to connect to dirsrv
Miroslav Grepl [Mon, 24 Oct 2011 22:01:22 +0000 (22:01 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 24 Oct 2011 20:41:24 +0000 (16:41 -0400)]
Apparently chrome does not need execmem any longer
Dan Walsh [Mon, 24 Oct 2011 20:27:32 +0000 (16:27 -0400)]
udev talks to its own sock_file in /var/run/udevl
Dan Walsh [Mon, 24 Oct 2011 15:54:22 +0000 (11:54 -0400)]
add ldapmap1_0 as a krb5_host_rcache_t file
Dan Walsh [Mon, 24 Oct 2011 15:31:13 +0000 (11:31 -0400)]
Google chrome developers asked me to add bootstrap policy for nacl stuff
Miroslav Grepl [Mon, 24 Oct 2011 13:11:13 +0000 (13:11 +0000)]
Fix abrt_manage_cache() interface
Miroslav Grepl [Mon, 24 Oct 2011 12:54:44 +0000 (12:54 +0000)]
Allow rhev_agentd_t to getattr on mountpoints
Dan Walsh [Mon, 24 Oct 2011 12:30:41 +0000 (08:30 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 24 Oct 2011 12:30:20 +0000 (08:30 -0400)]
Postfix_smtpd_t needs access to milters and cleanup seems to read/write postfix_smtpd_t unix_stream_sockets
Miroslav Grepl [Mon, 24 Oct 2011 09:08:17 +0000 (09:08 +0000)]
Fix typo
Miroslav Grepl [Mon, 24 Oct 2011 08:28:36 +0000 (08:28 +0000)]
Fixes for cloudform policies which need to connect to random ports
Dan Walsh [Fri, 21 Oct 2011 20:09:10 +0000 (16:09 -0400)]
I have no idea why these guys have this label but it is wrong.
Dan Walsh [Fri, 21 Oct 2011 18:07:09 +0000 (14:07 -0400)]
Make sure if an admin creates modules content it creates them with the correct label
projects / people / stevee / selinux-policy.git / log
