]>
git.ipfire.org Git - people/stevee/selinux-policy.git/log
Dan Walsh [Fri, 21 Oct 2011 18:06:42 +0000 (14:06 -0400)]
hal is trying to read mislabled modules.dep files, allow it until we figure out why they are mislabeled. hald is no longer in fedora so this needs to be back ported to RHEL6
Dan Walsh [Fri, 21 Oct 2011 15:19:58 +0000 (11:19 -0400)]
Add port 8953 as a dns port used by unbound
Dan Walsh [Fri, 21 Oct 2011 14:23:01 +0000 (10:23 -0400)]
I would rather remove the alsa home trans from the named_content, since we will want this transition for all unpriv_users
Revert "More fixes for alsa and confind users"
This reverts commit
11a508156f32c6bdf4e7d96963986fabf24f9e47 .
Dan Walsh [Fri, 21 Oct 2011 14:20:59 +0000 (10:20 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 21 Oct 2011 15:51:25 +0000 (15:51 +0000)]
More fixes for alsa and confind users
Miroslav Grepl [Fri, 21 Oct 2011 15:39:15 +0000 (15:39 +0000)]
Fix calling of alsa_filetrans_named_content()
Miroslav Grepl [Fri, 21 Oct 2011 15:34:50 +0000 (15:34 +0000)]
Fix sudo policy
Miroslav Grepl [Fri, 21 Oct 2011 15:31:56 +0000 (15:31 +0000)]
Fix typo
Miroslav Grepl [Fri, 21 Oct 2011 15:22:09 +0000 (15:22 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 21 Oct 2011 14:20:45 +0000 (10:20 -0400)]
Remove the hometrans rules from name_content, to prevent a conflict in unconfined_t
Dan Walsh [Fri, 21 Oct 2011 13:49:11 +0000 (09:49 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 21 Oct 2011 13:48:16 +0000 (09:48 -0400)]
varnishlog_log_t should be labeled as a logging_log_file
Dan Walsh [Thu, 20 Oct 2011 20:06:46 +0000 (16:06 -0400)]
Allow systemd_passwd_agent_t to talk to sock files in systemd_passswd_var_run_t
Dan Walsh [Thu, 20 Oct 2011 19:50:33 +0000 (15:50 -0400)]
Add chown to sudodomain, also move sudodomain out of interfaces into te file, to shrink policy
Dan Walsh [Thu, 20 Oct 2011 19:10:28 +0000 (15:10 -0400)]
Allow usermanage domains to getattr on all pty
Dan Walsh [Thu, 20 Oct 2011 18:18:45 +0000 (14:18 -0400)]
Stop transitioning from unconfined_t to alsa, but make sure unconfined_t running alsa commands labels correctly
Miroslav Grepl [Thu, 20 Oct 2011 17:59:42 +0000 (17:59 +0000)]
Fix duplicate declaration
Miroslav Grepl [Thu, 20 Oct 2011 17:46:24 +0000 (17:46 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 17:37:25 +0000 (17:37 +0000)]
Fix systemd_manage_passwd_run() interface
Miroslav Grepl [Thu, 20 Oct 2011 17:34:57 +0000 (17:34 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 17:30:34 +0000 (17:30 +0000)]
Add changes which relate with changed /run/systemd/ask-password-block/ labeling
Miroslav Grepl [Thu, 20 Oct 2011 17:30:34 +0000 (17:30 +0000)]
Add changes which relate with changed /run/systemd/ask-password-block/ labeling
Dan Walsh [Thu, 20 Oct 2011 15:50:39 +0000 (11:50 -0400)]
Should only be in F17
Revert "Remove ada domain"
This reverts commit
e904f39962f6e59d74594d0cb0ca706781dc7680 .
Dan Walsh [Thu, 20 Oct 2011 15:49:47 +0000 (11:49 -0400)]
Remove ada domain
Dan Walsh [Thu, 20 Oct 2011 15:39:13 +0000 (11:39 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Thu, 20 Oct 2011 15:38:58 +0000 (11:38 -0400)]
Remove the need for tetex domain
Dan Walsh [Thu, 20 Oct 2011 14:47:31 +0000 (10:47 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 15:51:30 +0000 (15:51 +0000)]
Allow sshd_t to getattr /root/.hushlogin
Miroslav Grepl [Thu, 20 Oct 2011 14:50:23 +0000 (14:50 +0000)]
Add support for ~/.fetchmailrc
Dan Walsh [Thu, 20 Oct 2011 14:47:17 +0000 (10:47 -0400)]
udevd has moved
Miroslav Grepl [Thu, 20 Oct 2011 14:11:17 +0000 (14:11 +0000)]
Add cloudform policies
Miroslav Grepl [Thu, 20 Oct 2011 14:08:10 +0000 (14:08 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Thu, 20 Oct 2011 11:43:47 +0000 (11:43 +0000)]
Allow BOINC to read all domain state
Dan Walsh [Wed, 19 Oct 2011 18:10:27 +0000 (14:10 -0400)]
Allow confined domains to read their mail
Dan Walsh [Wed, 19 Oct 2011 18:05:44 +0000 (14:05 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 19 Oct 2011 18:05:30 +0000 (14:05 -0400)]
Bootloader access required by Tom London
Miroslav Grepl [Wed, 19 Oct 2011 17:18:51 +0000 (17:18 +0000)]
Add support for quota_nld
Miroslav Grepl [Wed, 19 Oct 2011 15:07:47 +0000 (15:07 +0000)]
Allow abrt setpgid
Miroslav Grepl [Wed, 19 Oct 2011 10:50:35 +0000 (10:50 +0000)]
Move nova permissive declarations to the proper module
Miroslav Grepl [Wed, 19 Oct 2011 10:28:54 +0000 (10:28 +0000)]
Add policies for nova-stack
Miroslav Grepl [Wed, 19 Oct 2011 09:36:12 +0000 (09:36 +0000)]
Add dnsmasq_exec() interface
Miroslav Grepl [Tue, 18 Oct 2011 23:17:36 +0000 (23:17 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 18 Oct 2011 22:55:31 +0000 (22:55 +0000)]
Add sudo_exec() interface
Miroslav Grepl [Tue, 18 Oct 2011 22:40:15 +0000 (22:40 +0000)]
Add label for /usr/bin/nova-compute
Miroslav Grepl [Tue, 18 Oct 2011 20:32:07 +0000 (20:32 +0000)]
Allow dirsrv_t to read netlink socket
Miroslav Grepl [Tue, 18 Oct 2011 20:21:25 +0000 (20:21 +0000)]
Add types for ports which are needed by novaopenstack
Dan Walsh [Tue, 18 Oct 2011 15:42:22 +0000 (11:42 -0400)]
Change systemd_device_t to systemd_passwd_var_run_t
Miroslav Grepl [Tue, 18 Oct 2011 11:46:08 +0000 (11:46 +0000)]
Allow system mail to connect to courier-authdaemon over an unix stream socket
Miroslav Grepl [Tue, 18 Oct 2011 11:48:38 +0000 (11:48 +0000)]
Add support for lnk files in the /var/lib/sssd directory
Miroslav Grepl [Tue, 18 Oct 2011 09:04:59 +0000 (09:04 +0000)]
Allow fail2ban domtrans to shorewall in the same way as with iptables
Dan Walsh [Mon, 17 Oct 2011 18:15:00 +0000 (14:15 -0400)]
Allow sshd to relbale tunnel sockets
Dan Walsh [Mon, 17 Oct 2011 18:04:17 +0000 (14:04 -0400)]
Allow setroubleshoot_fixit_t to read /dev/urand
Dan Walsh [Mon, 17 Oct 2011 16:37:28 +0000 (12:37 -0400)]
Take away transition rules for users executing ssh-keygen
Dan Walsh [Mon, 17 Oct 2011 15:28:58 +0000 (11:28 -0400)]
Allow init process to setrlimit on itself
Dan Walsh [Mon, 17 Oct 2011 15:25:33 +0000 (11:25 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Mon, 17 Oct 2011 15:25:19 +0000 (11:25 -0400)]
Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain
Miroslav Grepl [Mon, 17 Oct 2011 11:34:08 +0000 (11:34 +0000)]
fix label defintion for /root/.hushlogin
Miroslav Grepl [Mon, 17 Oct 2011 11:07:22 +0000 (11:07 +0000)]
Allow gpsd to use /dev/ttyUSB
Dan Walsh [Fri, 14 Oct 2011 17:59:05 +0000 (13:59 -0400)]
Fix abrt interface names and apply them to domain rather then individual transition domains, since abrt can transition at some point to most domains, and we are only allowing access to inherited domains
Dan Walsh [Fri, 14 Oct 2011 17:57:23 +0000 (13:57 -0400)]
sosreport needs additional access when not being run as unconfined
Miroslav Grepl [Fri, 14 Oct 2011 15:35:36 +0000 (15:35 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 14 Oct 2011 14:43:41 +0000 (14:43 +0000)]
Remove other duplicate declaration
Miroslav Grepl [Fri, 14 Oct 2011 14:40:44 +0000 (14:40 +0000)]
Remove duplicate declaration
Miroslav Grepl [Fri, 14 Oct 2011 14:33:21 +0000 (14:33 +0000)]
Fix mozilla interface
Miroslav Grepl [Fri, 14 Oct 2011 14:17:14 +0000 (14:17 +0000)]
Fix matahari labeling
Dan Walsh [Fri, 14 Oct 2011 13:22:01 +0000 (09:22 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Fri, 14 Oct 2011 13:21:49 +0000 (09:21 -0400)]
Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK)
Miroslav Grepl [Fri, 14 Oct 2011 10:53:30 +0000 (10:53 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Fri, 14 Oct 2011 10:50:50 +0000 (10:50 +0000)]
Make corosync to be able to relabelto cluster lib fies
Dan Walsh [Thu, 13 Oct 2011 14:13:47 +0000 (10:13 -0400)]
Allow thumb to call getuid
Dan Walsh [Wed, 12 Oct 2011 13:33:41 +0000 (09:33 -0400)]
chrome less likely to get mmap_zero bug so removing dontaudit
Dan Walsh [Wed, 12 Oct 2011 13:31:01 +0000 (09:31 -0400)]
gimp help-browser has built in javascript
Dan Walsh [Wed, 12 Oct 2011 13:28:58 +0000 (09:28 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Wed, 12 Oct 2011 13:27:43 +0000 (09:27 -0400)]
Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t
Miroslav Grepl [Wed, 12 Oct 2011 13:14:06 +0000 (13:14 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Wed, 12 Oct 2011 13:13:23 +0000 (13:13 +0000)]
Re-write glance policy
Miroslav Grepl [Tue, 11 Oct 2011 20:38:15 +0000 (20:38 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 11 Oct 2011 20:37:30 +0000 (20:37 +0000)]
Allow pptp to connect only to pptp port
Dan Walsh [Tue, 11 Oct 2011 20:27:21 +0000 (16:27 -0400)]
Seems systemctl lists init_var_run_t directory
Miroslav Grepl [Tue, 11 Oct 2011 20:21:00 +0000 (20:21 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 11 Oct 2011 18:55:42 +0000 (14:55 -0400)]
Add labels for new matahari daemon names
Dan Walsh [Tue, 11 Oct 2011 18:46:05 +0000 (14:46 -0400)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Dan Walsh [Tue, 11 Oct 2011 18:45:56 +0000 (14:45 -0400)]
Dontaudit mozilla_plugins trying to increase their priority
Dan Walsh [Tue, 11 Oct 2011 18:34:17 +0000 (14:34 -0400)]
Mozilla plugin seems to want to destroy shm passed in from mozilla
Dan Walsh [Tue, 11 Oct 2011 18:13:57 +0000 (14:13 -0400)]
Make sure content in /opt/google/chrome is labeled bin_t by default
Dan Walsh [Tue, 11 Oct 2011 17:53:04 +0000 (13:53 -0400)]
unconfined_t should not be transitioning to bootloader_t, should just make sure content has correct label.
Dan Walsh [Tue, 11 Oct 2011 17:27:45 +0000 (13:27 -0400)]
prelink tries to execute files in the homedir
Dan Walsh [Tue, 11 Oct 2011 17:26:11 +0000 (13:26 -0400)]
Been seeing this for a while, and I have no idea why it happens, no harm in allowing it though
Dan Walsh [Tue, 11 Oct 2011 16:59:23 +0000 (12:59 -0400)]
This change will remove over 2000 dontaudit rules
Dan Walsh [Tue, 11 Oct 2011 16:58:54 +0000 (12:58 -0400)]
Make sure unconfined creates ~/.pulse ~/.pulse-cookie with the right label
Miroslav Grepl [Tue, 11 Oct 2011 16:57:05 +0000 (16:57 +0000)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy
Miroslav Grepl [Tue, 11 Oct 2011 16:56:16 +0000 (16:56 +0000)]
Allow abrt_dump_oops_t to read abrt conf file abrt_etc_t
Dan Walsh [Tue, 11 Oct 2011 16:55:42 +0000 (12:55 -0400)]
chrome-sandbox will attempt to mmap low memory, so we need to dontaudit, the tool should work fine with this.
Dan Walsh [Tue, 11 Oct 2011 16:05:12 +0000 (12:05 -0400)]
Add policy for ~/.hushlogin and remove ability for login to read users homedir content
Dan Walsh [Tue, 11 Oct 2011 16:03:28 +0000 (12:03 -0400)]
Libra domains need to getattr on ~/.ssh
Dan Walsh [Tue, 11 Oct 2011 14:41:05 +0000 (10:41 -0400)]
sendmail run by a user wants to read sysfs
Miroslav Grepl [Tue, 11 Oct 2011 09:51:50 +0000 (09:51 +0000)]
Allow systemd-logind to write to kernel messages device
Miroslav Grepl [Tue, 11 Oct 2011 00:29:47 +0000 (00:29 +0000)]
Fix use_fusefs_home_dirs boolean in ssh.te
Miroslav Grepl [Tue, 11 Oct 2011 00:26:26 +0000 (00:26 +0000)]
Fix use_nfs_home_dirs boolean in dbus policy
Miroslav Grepl [Tue, 11 Oct 2011 00:21:48 +0000 (00:21 +0000)]
Fixes for bootloader policy
projects / people / stevee / selinux-policy.git / log
