Commit Graph

1137 Commits

Author SHA1 Message Date
Chris PeBenito 8da88970be Accountsd cleanup. 2010-08-03 09:50:40 -04:00
Chris PeBenito d0eebed0b7 Move accountsd to services. 2010-08-03 09:31:53 -04:00
Jeremy Solt c4834a02d2 accountsd policy from Dan Walsh
Edits:
 - Removed accountsd_manage_var_lib
 - Removed optional block for xserver - these interfaces didn't exist
 - It looks like sys_ptrace is needed because it reads /proc/pid/loginuid
 - Whitespace and style fixes
2010-08-03 09:27:24 -04:00
Chris PeBenito a7ee7f819a Docs standardizing on the role portion of run interfaces. Additional docs cleanup. 2010-08-03 09:20:22 -04:00
Chris PeBenito 9d4395a736 MojoMojo from Lain Arnell. 2010-08-02 09:28:06 -04:00
Chris PeBenito a72e42f485 Interface documentation standardization patch from Dan Walsh. 2010-08-02 09:22:09 -04:00
Chris PeBenito 27eeb649cc Virtio disk file context update from Mika Pfluger. 2010-08-02 08:33:41 -04:00
Mika Pflüger b3f7203d6a Take virtio disks into account.
Signed-off-by: Mika Pflüger <debian@mikapflueger.de>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-08-02 08:25:14 -04:00
Chris PeBenito 64ef2df368 Module version bump for 5563d4c. 2010-07-22 09:13:11 -04:00
Jeremy Solt 5563d4c4d8 Removing seutil_domtrans_setsebool from anaconda patch - it doesn't exist 2010-07-22 08:49:32 -04:00
Jeremy Solt b0a6f1b7c2 anaconda patch from Dan Walsh
- Did not include the change to unconfined_domain_noaudit
2010-07-22 08:49:32 -04:00
Chris PeBenito 21fdee9dd5 Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
We went back and reread the bindreservport code in glibc.

Turns out the range or ports that this will reserve are 512-1024 rather
then 600-1024.

The code actually first tries to reserve a port from 600-1024 and if
they are ALL reserved will try 512-599.

So we need to change corenetwork to reflect this.
2010-07-19 14:22:44 -04:00
Chris PeBenito 29f3bfa464 Fix JIT usage for freshclam.
http://marc.info/?l=selinux&m=127893898208934&w=2
2010-07-13 08:39:54 -04:00
Dominick Grift 48c3c37cf2 Remove some redundant attributes from user_home_t.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-12 14:35:22 -04:00
Chris PeBenito 4b76ea5f51 Module version bump for fa1847f. 2010-07-12 14:02:18 -04:00
Dominick Grift fa1847f4a2 Add files_poly_member() to userdom_user_home_content() Remove redundant files_poly_member() calls.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-09 09:43:04 -04:00
Chris PeBenito f7ffe6c2a9 Add missing ubac constraints on pulseaudio. 2010-07-09 09:14:35 -04:00
Chris PeBenito c14aebd032 Remove old rbacsep role statements. 2010-07-09 08:38:05 -04:00
Chris PeBenito 072857c425 VMWare patch from Dan Walsh. 2010-07-08 13:43:50 -04:00
Chris PeBenito f1618ffc6f Whitespace fix in userhelper. 2010-07-08 10:56:15 -04:00
Chris PeBenito b70dfcdf8f RPM patch from Dan Walsh. 2010-07-08 10:53:28 -04:00
Chris PeBenito 2d839c6791 Whitespace fixes in RPM. 2010-07-08 10:12:24 -04:00
Chris PeBenito 7e265a8abb Add shutdown from Dan Walsh. 2010-07-07 11:10:56 -04:00
Chris PeBenito b841dffda1 Add livecd from Dan Walsh. 2010-07-07 10:28:25 -04:00
Chris PeBenito 08690c84ad Remove ethereal module since the application was renamed to wireshark due to trademark issues. 2010-07-07 09:31:57 -04:00
Chris PeBenito 3c4e9fce8e Make spamassassin optional for milter, from Russell Coker. 2010-07-07 08:55:57 -04:00
Chris PeBenito bca0cdb86e Remove duplicate/redundant rules, from Russell Coker. 2010-07-07 08:41:20 -04:00
Chris PeBenito 1db1836ab9 Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role(). 2010-07-06 13:17:05 -04:00
Chris PeBenito a3b0dc5b3c GPG patch from Dan Walsh. 2010-07-06 10:58:40 -04:00
Chris PeBenito 3bcfe5beb7 Usermanage patch from Dan Walsh.
Broken leaks of sockets

useradd runs semanage for -Z.

passwd_t needs sys_nice

useradd run within a samba_controler needs to append to the samba log.
2010-07-06 10:56:20 -04:00
Chris PeBenito cad4224e8e Guest patch from Dan Walsh.
Dominic asked to remove mono and java from guest_t
2010-07-06 08:35:56 -04:00
Chris PeBenito ab62f3f1b1 Module version bump for a7521af. 2010-07-01 10:48:11 -04:00
Jeremy Solt a7521af67d firstboot patch from Dan Walsh
- Did not include gnome_admin_home_gconf_filetrans
- Whitespace fixes
2010-07-01 10:36:31 -04:00
Dominick Grift 7e5463b58c fix cgroup_admin
When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-07-01 09:02:58 -04:00
Chris PeBenito caf1666dc1 Module version bump for 5f04c91. 2010-06-29 11:26:16 -04:00
Jeremy Solt 5f04c91f30 gitosis patch from Dan Walsh 2010-06-29 11:25:37 -04:00
Chris PeBenito ab4f820548 Module version bump for b5d89d0. 2010-06-29 11:03:56 -04:00
Jeremy Solt b5d89d0325 vpn patch from Dan Walsh
fixed gen_require in vpn_relabelfrom_tun_socket interface (wrong type)
removed userdom_read_home_certs (not in refpolicy)
2010-06-29 11:02:45 -04:00
Chris PeBenito 113d2e023d Minor tweaks and module version bump for a00fc1c. 2010-06-25 09:51:34 -04:00
Dominick Grift a00fc1c317 hddtemp fixes.
Clean up network control section.
Implement hddtemp_etc_t for /etc/sysconfig/hddtemp. The advantages are:
- hddtemp_t no longer needs access to read all generic etc_t files.
- allows us to implement a meaningful hddtemp_admin()

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-06-25 09:43:54 -04:00
Chris PeBenito 0cec649be7 WM patch from Dan Walsh.
Window manager policy changes needed for MLS policy.
2010-06-25 09:00:19 -04:00
Chris PeBenito 3c79f954d1 Rearrage interfaces in filesystem. 2010-06-22 10:17:42 -04:00
Chris PeBenito eab2cc89b4 Slocate patch from Dan Walsh.
Locate attempts to look at network sate and does getattr on all blk/chr
and noxattr symlinks.
2010-06-22 09:58:14 -04:00
Chris PeBenito 2c207dfa49 Qemu patch from Dan Walsh.
Fix qemu labeling.

Additional qemu interfaces

Allow qemu to read/write removable devices
2010-06-22 09:32:35 -04:00
Chris PeBenito 1fd3a8070f Pulseaudio patch from Dan Walsh.
Dontaudit attempts to exec pulseaudio.  qemu does this and it causes
other avc's even though qemu can not use pulseaudio.

Allow other domains to use pulseiaudio
2010-06-22 09:13:17 -04:00
Chris PeBenito 1ff703fc4a Podsleuth patch from Dan Walsh.
podsleuth asks the kernel to load modules
Reads/write removable blk device.

Reads user_tmpfs
2010-06-22 09:01:38 -04:00
Chris PeBenito 8a24097bff Mplayer patch from Dominick Grift through Dan Walsh. 2010-06-21 09:52:33 -04:00
Chris PeBenito 3c1e8ff6bb Mozilla patch from Dan Walsh.
Various old fixes for mozilla.
2010-06-21 09:36:39 -04:00
Chris PeBenito ae1b7dedd7 Cpufreqselector patch from Dan Walsh.
Needs to read localization
2010-06-21 09:03:11 -04:00
Chris PeBenito a99f69fd0e Loadkeys patch from Dan Walsh.
Dontaudit leaked sockets
2010-06-18 15:12:33 -04:00