6d9925c872
Fix requires for apache tmp interfaces.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:12 -04:00
b577852a98
Portreserve patch from Dan Walsh.
2010-04-05 14:50:23 -04:00
38db49c545
PPP patch from Dan Walsh.
2010-04-05 14:38:30 -04:00
372acd0037
Rpc patch from Dan Walsh.
2010-04-05 14:26:21 -04:00
20fa703294
Whitespace fixes on Apache.
2010-04-05 14:05:05 -04:00
da0608ba38
Module version bump for 170a46d, f8b3b7f, and a49a82c.
2010-04-05 13:49:00 -04:00
b7d3db1860
Tweak for 170a46d.
2010-04-05 13:48:01 -04:00
a49a82c295
snort patch from Dan Walsh
...
Didn't rearrange all the kernel calls, but did add the kernel_request_load_module.
Didn't include the usbmod (doesn't exist in refpolicy at this time).
Included the generic usb device permissions because snort uses libpcap, which can also be used to monitor USB traffic, so this may be a side effect.
From the red hat bug (559861), it sounds as though snort was failing without these permissions, so it doesn't look like a dontaudit would work.
2010-04-05 13:46:11 -04:00
f8b3b7fa48
Nut policy from Dan Walsh
...
Dropped optional policy for shutdown_domtrans
Dropped commented can_exec line
2010-04-05 13:45:31 -04:00
170a46d6c5
memcached patch from Dan Walsh
...
Moved term_dontaudits up for style
2010-04-05 13:43:58 -04:00
60def66b13
Second part of Apache patch from Dan Walsh.
2010-04-05 10:57:52 -04:00
83caba3eb9
First part of apache patch from Dan Walsh: file context changes, including renaming script ro/ra/rw files.
2010-04-01 08:17:50 -04:00
25d81d2655
Tor patch from Dan Walsh.
2010-03-29 14:30:52 -04:00
2b93b88584
Sssd patch from Dan Walsh.
2010-03-29 14:08:52 -04:00
ee2d2dda24
Add usbmuxd from Dan Walsh.
2010-03-29 13:29:18 -04:00
6d4dbd20ae
Vhostmd from Dan Walsh.
2010-03-29 11:25:06 -04:00
bf54d5be44
Module version bumps for c586c1b, dcbb332, 4c05dff, 84ce9c3, 2b012ba, and 1868383.
2010-03-29 09:21:59 -04:00
ad0071bbe4
Tweaks on pulseaudio 1868383, ksmtuned d279dd6, and smokeping f3c346c.
2010-03-29 09:19:40 -04:00
f3c346cc07
Smokeping policy from Dan Walsh
...
Made some style / spacing changes
Did not include read access to /etc/shadow
Removed manage_var_run and manage_var_lib interfaces
Removed permissive line
2010-03-29 08:46:30 -04:00
18683835fd
pulseaudio patch from Dan Walsh
...
Fixed template where it should have been interface
Replaced read_home and manage_home interfaces with read_home_files, manage_home_files and reduced access
Removed admin_dir reference
Replaced rtkit_daemon_system_domain with rtkit_scheduled
Fixed style / spacing issues
2010-03-29 08:41:45 -04:00
d279dd603f
ksmtuned policy from Dan Walsh
...
Couple style/space fixes.
Used ps_process_pattern in admin interface
2010-03-29 08:36:53 -04:00
2b012bacb6
Prelude patch from Dan Walsh
2010-03-29 08:36:15 -04:00
84ce9c3333
Bluetooth patch (sys_admin and debugfs) from Dan Walsh
...
Added comments to reference redhat bugs
2010-03-29 08:36:05 -04:00
4c05dff3d1
avahi patch from Dan Walsh
...
Didn't include the file read in the dbus_chat interface.
2010-03-29 08:36:00 -04:00
dcbb332992
chronyd patch from Dan Walsh
...
Fixed a couple style/spacing issues.
Added files_search_etc for chronyd_keys file
2010-03-29 08:35:52 -04:00
c586c1bfa6
Give dcc setgid from Dan Walsh
2010-03-29 08:35:34 -04:00
7656af7a6f
Module version bump for c37d843.
2010-03-23 08:07:19 -04:00
be8311279e
Minor bind XML tweaks.
2010-03-23 08:05:00 -04:00
c37d843fa1
bind patch from Dan Walsh
...
some fixes in interfaces, added bind_setattr_zone_dirs interface
sysnet_read_config not needed with auth_use_nsswitch
Did not include init_read_script_tmp_files for named_t
2010-03-23 08:01:05 -04:00
390b8a821b
Radvd patch from Dan Walsh.
2010-03-22 15:19:50 -04:00
1b22152c2c
Rdisc patch from Dan Walsh.
2010-03-22 15:09:27 -04:00
6c40309ef1
Module version bump for 1d348bd.
2010-03-22 13:53:24 -04:00
1d348bd253
Afs needs sys_admin, sends signals, and resolves hostnames from Dan Walsh
2010-03-22 13:52:19 -04:00
df29613c72
Module version bump for 75c8a69.
2010-03-22 13:51:35 -04:00
75c8a691ee
gitosis read/manage lib interfaces from Dan Walsh
...
Only giving manage_files_pattern for gitosis_manage_lib_files
2010-03-22 13:48:39 -04:00
cf7eb082d2
Sasl patch from Dan Walsh.
2010-03-22 11:22:25 -04:00
449d2069ac
Snmp patch from Dan Walsh.
2010-03-22 11:08:31 -04:00
08d7c7339b
Sysstat patch from Dan Walsh.
2010-03-22 10:47:41 -04:00
98ac3f5ace
Telnet patch from Dan Walsh.
2010-03-22 10:40:37 -04:00
461b53e028
Tuned patch from Dan Walsh.
2010-03-22 10:33:31 -04:00
7630200e1b
Virt patch from Dan Walsh.
2010-03-22 10:24:34 -04:00
064d1b469e
Rename rtkit_schedule() to rtkit_scheduled().
2010-03-22 09:54:58 -04:00
e13a9ef5fe
Module version bump for ac19f1a.
2010-03-22 08:59:04 -04:00
c7a4cf3179
Module version bump for 9681df1.
2010-03-22 08:58:41 -04:00
32103f250f
Module version bump for d3b5907.
2010-03-22 08:58:20 -04:00
340af119b0
Minor tweaks on icecast.
2010-03-22 08:56:32 -04:00
584dfaca45
icecast policy from Dan Walsh
...
Fixed some style and spacing issues
Replace manage_var_run interface with manage_pid_files with fewer permissions
Replaced rkit_daemon_system_domain with rtkit_schedule
2010-03-22 08:49:54 -04:00
ac19f1ac26
rtkit patch from Dan Walsh:
...
rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
Needs sys_nice capability
Needs to getsched on all domains.
Fix bug in te file
Me:
changed interface name from rtkit_daemon_system_domain to rtkit_schedule
Already had sys_nice capability
2010-03-22 08:41:42 -04:00
9681df1c8d
postgresql patch from Dan Walsh:
...
"File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info"
Moved signal interface for style.
2010-03-22 08:39:15 -04:00
d3b5907ea4
openvpn needs ipc_lock capability, connects to http ports,
...
and manages net_conf_t files - from Dan Walsh
2010-03-22 08:36:47 -04:00
47293bd8d6
Tftp patch from Dan Walsh.
2010-03-19 15:56:14 -04:00
788ba75491
Uucp patch from Dan Walsh.
2010-03-19 15:49:12 -04:00
bed0a44560
Zebra patch from Dan Walsh.
2010-03-19 15:45:25 -04:00
bc31d12725
Libraries patch from Dan Walsh.
2010-03-19 14:21:23 -04:00
0d86ea1d7b
Xen patch from Dan Walsh.
2010-03-19 11:54:50 -04:00
b60df9f57d
Getty patch from Dan Walsh.
2010-03-19 11:05:56 -04:00
1fa92b8a55
Sysnetwork patch from Dan Walsh.
2010-03-18 15:40:04 -04:00
ddd786e404
Init patch from Dan Walsh.
2010-03-18 10:19:49 -04:00
153ed8751a
Authlogin patch from Dan Walsh.
2010-03-18 08:59:25 -04:00
4fbcd778de
Iptables patch from Dan Walsh.
2010-03-18 08:10:21 -04:00
a124c0a81f
Udev patch from Dan Walsh.
2010-03-17 15:17:48 -04:00
7a8807b627
Logging patch from Dan Walsh.
2010-03-17 14:40:06 -04:00
90e65feca5
Ipsec patch from Dan Walsh.
2010-03-17 13:52:07 -04:00
d13c6758a4
Modutils patch from Dan Walsh.
2010-03-17 11:59:14 -04:00
0417386142
Kernel patch from Dan Walsh.
2010-03-17 11:16:25 -04:00
1f6d975502
Domain patch from Dan Walsh.
2010-03-17 10:02:07 -04:00
7b50b7053d
Module version bump for 6a03548.
2010-03-17 09:42:46 -04:00
6a035482dc
amavis uses uptime which reads utmp, and reads certs - from Dan Walsh
2010-03-17 09:41:18 -04:00
827060cb04
Style fixes and module version bumps for 38fc1bd.
2010-03-17 09:28:18 -04:00
38fc1bd180
Likewise policy.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-17 08:48:45 -04:00
2a62db7883
Module version bump for 414a570.
2010-03-16 15:28:36 -04:00
414a5704df
fetchmail executes programs in bin (uname), from Dan Walsh
2010-03-16 15:27:40 -04:00
e8871c2092
Add additional documentation to kernel_request_load_module().
2010-03-16 15:08:00 -04:00
5911f3dbca
Module version bump for 935151a.
2010-03-16 14:35:09 -04:00
c6491af860
Module version bump for d12f18e.
2010-03-16 14:34:50 -04:00
9a59893e5a
Module version bump for d7ec247.
2010-03-16 14:34:23 -04:00
9570fc108e
Module version bump for 591af7b.
2010-03-16 14:34:05 -04:00
ce693cbbec
Module version bump for ae07c9e.
2010-03-16 14:33:43 -04:00
1656bf730f
Whitespace fixes in mailman.
2010-03-16 13:51:51 -04:00
935151afcd
Change kernel_load_module to kernel_request_load_module for howl from Dan Walsh
2010-03-16 13:44:55 -04:00
d12f18e452
Change kernel_load_module to kernel_request_load_module from Dan Walsh
2010-03-16 13:44:52 -04:00
d7ec24785b
File context update for certmaster from Dan Walsh
2010-03-16 13:44:50 -04:00
591af7be0c
file context updates from Dan Walsh
2010-03-16 13:44:48 -04:00
ae07c9e2e8
Screen needs to setattr on user_ttydevice_t from Dan Walsh
2010-03-16 13:36:45 -04:00
fad6e761bf
Whitespace fix for mcelog.
2010-03-16 13:15:38 -04:00
fce868d074
Module version bump for f7d413a.
2010-03-16 13:15:00 -04:00
bf140fc32c
Rearrange interfaces in fail2ban.
2010-03-16 13:14:46 -04:00
580279da88
Module version bump for 74b51e6.
2010-03-16 13:12:22 -04:00
6bc64c4be7
Whitespace fixes for smoltclient.
2010-03-16 13:11:53 -04:00
ba1c45337b
Module version bump for 3137148.
2010-03-16 13:10:14 -04:00
1484157201
mcelog policy from Dan Walsh
...
Me: Removed permissive line, and fixed a couple style issues
2010-03-16 11:47:07 -04:00
f7d413af27
fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh
...
Did not include dontaudit_leaks interface
Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set
2010-03-16 11:44:35 -04:00
74b51e6db2
Firstboot sends dbus messages from Dan Walsh
...
Not including the noaudit for the unconfined domain
Corrected tabbing for nested optional policy
2010-03-16 11:43:36 -04:00
257a2788cd
Policy for smolt sendProfile client from Dan Walsh
2010-03-16 11:37:56 -04:00
31371480b0
Run interface for ptchown from Dan Walsh
2010-03-16 11:34:58 -04:00
37e2499ed1
Module version bump for 1d3d00b.
2010-03-12 11:43:09 -05:00
ce0570dc6d
Module version bump for e172614.
2010-03-12 11:42:28 -05:00
7af0e9bc95
Filesystem patch from Dan Walsh.
2010-03-12 11:40:59 -05:00
9e506eb236
Rearrange lines in alsa an mysql.
2010-03-12 08:59:23 -05:00
e172614b57
Whitespace cleanup on mysql.if.
2010-03-12 08:55:34 -05:00
Dominick Grift
Chris PeBenito
Jeremy Solt