git.ipfire.org Git - people/stevee/selinux-policy.git/log

fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh

Did not include dontaudit_leaks interface
Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set

commit | commitdiff | tree

Jeremy Solt [Fri, 12 Mar 2010 19:13:28 +0000 (14:13 -0500)]

Firstboot sends dbus messages from Dan Walsh

Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy

commit | commitdiff | tree

Jeremy Solt [Tue, 16 Mar 2010 15:05:14 +0000 (11:05 -0400)]

Policy for smolt sendProfile client from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Tue, 16 Mar 2010 12:37:41 +0000 (08:37 -0400)]

Run interface for ptchown from Dan Walsh

commit | commitdiff | tree

Chris PeBenito [Fri, 12 Mar 2010 16:43:09 +0000 (11:43 -0500)]

Module version bump for 1d3d00b.

commit | commitdiff | tree

Chris PeBenito [Fri, 12 Mar 2010 16:42:28 +0000 (11:42 -0500)]

Module version bump for e172614.

commit | commitdiff | tree

Chris PeBenito [Fri, 12 Mar 2010 16:40:59 +0000 (11:40 -0500)]

Filesystem patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Fri, 12 Mar 2010 13:59:23 +0000 (08:59 -0500)]

Rearrange lines in alsa an mysql.

commit | commitdiff | tree

Chris PeBenito [Fri, 12 Mar 2010 13:55:34 +0000 (08:55 -0500)]

Whitespace cleanup on mysql.if.

commit | commitdiff | tree

Jeremy Solt [Thu, 11 Mar 2010 19:03:48 +0000 (14:03 -0500)]

Manage alsa writable config files interface from Dan Walsh
Moved term_dontaudit_use_console for style.

commit | commitdiff | tree

Jeremy Solt [Thu, 11 Mar 2010 18:19:55 +0000 (13:19 -0500)]

mysql policy from Dan Walsh

My changes to patch:
A couple changes to match style.
Removed files_dontaudit_search_all_mountpoints(mysqld_safe_t), it doesn't exist in refpolicy

commit | commitdiff | tree

Chris PeBenito [Tue, 9 Mar 2010 20:33:29 +0000 (15:33 -0500)]

Raid patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Tue, 9 Mar 2010 20:17:16 +0000 (15:17 -0500)]

Iscsi and tgtd patches from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Tue, 9 Mar 2010 19:32:17 +0000 (14:32 -0500)]

Fstools patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Tue, 9 Mar 2010 15:44:55 +0000 (10:44 -0500)]

Miscfiles patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Tue, 9 Mar 2010 14:34:30 +0000 (09:34 -0500)]

Module version bump for ddae1cc.

commit | commitdiff | tree

Jeremy Solt [Mon, 8 Mar 2010 16:32:39 +0000 (11:32 -0500)]

Creates sock files in /tmp, reads network state. - From Dan Walsh

I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans

commit | commitdiff | tree

Chris PeBenito [Mon, 8 Mar 2010 16:04:40 +0000 (11:04 -0500)]

Fix another corenetwork typo.

commit | commitdiff | tree

Chris PeBenito [Mon, 8 Mar 2010 15:03:18 +0000 (10:03 -0500)]

Module version bump for 42fa15b.

commit | commitdiff | tree

Chris PeBenito [Mon, 8 Mar 2010 15:02:58 +0000 (10:02 -0500)]

Module version bump for 3fcdc39.

commit | commitdiff | tree

Chris PeBenito [Mon, 8 Mar 2010 15:02:34 +0000 (10:02 -0500)]

Module version bump for cf3da95.

commit | commitdiff | tree

Chris PeBenito [Mon, 8 Mar 2010 15:00:55 +0000 (10:00 -0500)]

Minor style fixes.

commit | commitdiff | tree

Jeremy Solt [Mon, 8 Mar 2010 14:22:23 +0000 (09:22 -0500)]

Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Fri, 5 Mar 2010 20:15:05 +0000 (15:15 -0500)]

shorewall log file from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Thu, 4 Mar 2010 19:03:59 +0000 (14:03 -0500)]

Allow cdrecord_t to execute bin_t from Dan Walsh
growisofs executes mkisofs

commit | commitdiff | tree

Chris PeBenito [Mon, 8 Mar 2010 12:59:56 +0000 (07:59 -0500)]

Add back missing s0 on network_port().

commit | commitdiff | tree

Chris PeBenito [Fri, 5 Mar 2010 19:09:49 +0000 (14:09 -0500)]

Guest patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Fri, 5 Mar 2010 18:46:46 +0000 (13:46 -0500)]

Corenetwork patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Fri, 5 Mar 2010 15:51:39 +0000 (10:51 -0500)]

Corecommands patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 20:30:22 +0000 (15:30 -0500)]

Devices patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 19:23:44 +0000 (14:23 -0500)]

Storage patch from Dan Walsh.

commit | commitdiff | tree

Dominick Grift [Thu, 4 Mar 2010 18:52:02 +0000 (19:52 +0100)]

Fix cobbler_admin interface to require cobblerd_initrc_exec_t.

As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 18:50:46 +0000 (13:50 -0500)]

Corenetwork patch from Dan Walsh.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 16:29:06 +0000 (11:29 -0500)]

add write to manage_lnk_file_perms.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:15:03 +0000 (09:15 -0500)]

Module version bump for be47d75.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:14:45 +0000 (09:14 -0500)]

Module version bump for e1e78df.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:14:20 +0000 (09:14 -0500)]

Module version bump for 52b215f.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:13:31 +0000 (09:13 -0500)]

Module version bump for cf5e81d.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:13:02 +0000 (09:13 -0500)]

Module version bump for 96b7e9f.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:12:32 +0000 (09:12 -0500)]

Module version bump for a005018.

commit | commitdiff | tree

Chris PeBenito [Thu, 4 Mar 2010 14:10:18 +0000 (09:10 -0500)]

Add additional comments for e1e78df.

commit | commitdiff | tree

Jeremy Solt [Wed, 3 Mar 2010 15:50:41 +0000 (10:50 -0500)]

hotplug transition to brctl from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Wed, 3 Mar 2010 15:08:44 +0000 (10:08 -0500)]

Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
Patch from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Tue, 2 Mar 2010 20:35:47 +0000 (15:35 -0500)]

Domain transition for apmd to vbetool from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Tue, 2 Mar 2010 20:02:30 +0000 (15:02 -0500)]

gen_require typo fix in dbadm.if from Dan Walsh

commit | commitdiff | tree

Jeremy Solt [Tue, 2 Mar 2010 19:40:29 +0000 (14:40 -0500)]

Changed amavis_initrc_domtrans domain summary to match style.

commit | commitdiff | tree

Jeremy Solt [Tue, 2 Mar 2010 19:34:43 +0000 (14:34 -0500)]

Changed arpwatch_initrc_domtrans domain summary to match style.
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface

commit | commitdiff | tree

Dominick Grift [Wed, 24 Feb 2010 12:41:39 +0000 (13:41 +0100)]

Various arpwatch fixes.

Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Jeremy Solt [Fri, 26 Feb 2010 21:34:23 +0000 (16:34 -0500)]

Modified apcupsd_initrc_domtrans interface summary to match style.
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).

commit | commitdiff | tree

Dominick Grift [Wed, 24 Feb 2010 12:21:15 +0000 (13:21 +0100)]

Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.

Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Jeremy Solt [Fri, 26 Feb 2010 18:55:04 +0000 (13:55 -0500)]

Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).

commit | commitdiff | tree

Dominick Grift [Wed, 24 Feb 2010 12:00:42 +0000 (13:00 +0100)]

Various amavis fixes.

Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 19:16:36 +0000 (14:16 -0500)]

Improve documentation of udev_read_db().

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 19:16:22 +0000 (14:16 -0500)]

Improve documentation of seutil_sigchld_newrole().

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 18:42:15 +0000 (13:42 -0500)]

Add examples to documentation of common corenetwork interfaces.

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 18:11:58 +0000 (13:11 -0500)]

Module version bump for bf530f5.

commit | commitdiff | tree

Dominick Grift [Wed, 3 Mar 2010 16:54:34 +0000 (17:54 +0100)]

Various permission set fixes.

Fix various interfaces to use permission sets for compatiblity with open permission.

Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.

The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 15:37:58 +0000 (10:37 -0500)]

Improve the documentation of application_domain().

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 15:37:37 +0000 (10:37 -0500)]

Improve the documentation of auth_use_nsswitch().

commit | commitdiff | tree

Chris PeBenito [Wed, 3 Mar 2010 15:37:15 +0000 (10:37 -0500)]

Improve the documentation of nis_use_ypbind().

commit | commitdiff | tree

Dominick Grift [Wed, 3 Mar 2010 15:10:56 +0000 (16:10 +0100)]

Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

commit | commitdiff | tree

Chris PeBenito [Tue, 2 Mar 2010 19:01:10 +0000 (14:01 -0500)]

Improve documentation for userdomain interfaces:
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()

commit | commitdiff | tree

Chris PeBenito [Tue, 2 Mar 2010 17:52:07 +0000 (12:52 -0500)]

Improve the documentation of domain interfaces:
domain_type()
domain_use_interactive_fds()

commit | commitdiff | tree

Chris PeBenito [Tue, 2 Mar 2010 16:28:44 +0000 (11:28 -0500)]

Improve the documentation of ubac_constrained().

commit | commitdiff | tree

Chris PeBenito [Tue, 2 Mar 2010 15:24:24 +0000 (10:24 -0500)]

Improve the documentation of devices interfaces:
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()

commit | commitdiff | tree

Chris PeBenito [Mon, 1 Mar 2010 19:50:55 +0000 (14:50 -0500)]

Improve filesystem interfaces:
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()

commit | commitdiff | tree

Chris PeBenito [Mon, 1 Mar 2010 18:34:10 +0000 (13:34 -0500)]

Module version bump for 03dd57f.

commit | commitdiff | tree

Dominick Grift [Mon, 1 Mar 2010 17:47:51 +0000 (18:47 +0100)]

Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

commit | commitdiff | tree

Chris PeBenito [Mon, 1 Mar 2010 15:53:50 +0000 (10:53 -0500)]

Improve the documentation of files interfaces:
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()

commit | commitdiff | tree

Chris PeBenito [Mon, 1 Mar 2010 15:38:24 +0000 (10:38 -0500)]

Additional docs for logging_log_filetrans().

commit | commitdiff | tree

Chris PeBenito [Fri, 26 Feb 2010 19:24:56 +0000 (14:24 -0500)]

Improve the documentation of corenetwork interfaces
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()

commit | commitdiff | tree

Chris PeBenito [Fri, 26 Feb 2010 18:47:17 +0000 (13:47 -0500)]

Improve the documentation of unconfined_domain().

commit | commitdiff | tree

Chris PeBenito [Fri, 26 Feb 2010 14:34:41 +0000 (09:34 -0500)]

Improve the documentation of logging_log_file() and logging_log_filetrans().

commit | commitdiff | tree

Chris PeBenito [Fri, 26 Feb 2010 13:58:32 +0000 (08:58 -0500)]

Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().

commit | commitdiff | tree

Chris PeBenito [Thu, 25 Feb 2010 21:00:58 +0000 (16:00 -0500)]

Improve the documentation of:
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()

commit | commitdiff | tree

Chris PeBenito [Thu, 25 Feb 2010 18:54:34 +0000 (13:54 -0500)]

Improve sysnet_read_config() documentation.

commit | commitdiff | tree

Chris PeBenito [Thu, 25 Feb 2010 18:53:52 +0000 (13:53 -0500)]

Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage.

commit | commitdiff | tree

Chris PeBenito [Thu, 25 Feb 2010 17:59:11 +0000 (12:59 -0500)]

Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().

commit | commitdiff | tree

Chris PeBenito [Thu, 25 Feb 2010 15:41:12 +0000 (10:41 -0500)]

Add additional documentation to files_type().

commit | commitdiff | tree

Chris PeBenito [Thu, 25 Feb 2010 13:32:22 +0000 (08:32 -0500)]

Rearrange files interfaces.

commit | commitdiff | tree

Chris PeBenito [Wed, 24 Feb 2010 20:56:05 +0000 (15:56 -0500)]

Improve documentation on logging_send_syslog_msg().

commit | commitdiff | tree

Chris PeBenito [Wed, 24 Feb 2010 20:20:03 +0000 (15:20 -0500)]

Improve documentation on files_read_etc_files().

commit | commitdiff | tree

Chris PeBenito [Wed, 24 Feb 2010 19:56:07 +0000 (14:56 -0500)]

Improve documentation on miscfiles_read_localization().

commit | commitdiff | tree

Chris PeBenito [Wed, 24 Feb 2010 15:13:12 +0000 (10:13 -0500)]

Module version bump for cd17345.

commit | commitdiff | tree

Dominick Grift [Wed, 24 Feb 2010 11:35:58 +0000 (12:35 +0100)]

Various abrt fixes.

Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

commit | commitdiff | tree

Chris PeBenito [Wed, 24 Feb 2010 15:08:41 +0000 (10:08 -0500)]

Module version bump for 534e57b.

commit | commitdiff | tree

Dominick Grift [Wed, 24 Feb 2010 11:34:09 +0000 (12:34 +0100)]

Various afs fixes.

Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

commit | commitdiff | tree

Dominick Grift [Tue, 23 Feb 2010 23:33:12 +0000 (00:33 +0100)]

mysqlmanagerd_var_run_t is not a domain type.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

The IPFire selinux policy.

RSS Atom