Commit Graph

2661 Commits

Author SHA1 Message Date
Chris PeBenito 299db7080c CVS patch from Dan Walsh.
cvs needs dac_override when it tries to read shadow
2010-05-14 10:24:11 -04:00
Chris PeBenito bcc6e65421 SETroubleshoot patch from Dan Walsh.
Policy to handle the fixit button in setroubleshoot.
2010-05-13 13:22:53 -04:00
Chris PeBenito ada61e1529 Asterisk patch from Dan Walsh.
asterisk_manage_lib_files(logrotate_t)
    asterisk_exec(logrotate_t)

Needs net_admin

Drops capabilities
connects to unix_stream

execs itself

Requests kernel load modules

Execs shells

Connects to postgresql and snmp ports

Reads urand and generic usb devices

Has mysql and postgresql back ends
sends mail
2010-05-13 11:35:58 -04:00
Chris PeBenito 24e0b9b3a4 Munin patch from Dan Walsh. 2010-05-13 11:20:54 -04:00
Chris PeBenito 16070400a8 RPM patch from Dan Walsh. 2010-05-11 11:11:40 -04:00
Chris PeBenito 27afb97c29 Minor fixes on a2524cf. Module version bump. 2010-05-11 08:33:04 -04:00
Chris PeBenito aeb7a4e180 Whitespace fixes on cobbler. 2010-05-11 08:23:02 -04:00
Jeremy Solt a2524cfa77 cobbler patch from Dan Walsh 2010-05-11 08:17:33 -04:00
Chris PeBenito fb3fc9e4f0 Cyrus patch from Dan Walsh. 2010-05-03 15:14:50 -04:00
Chris PeBenito 4804cd43a0 Clamav patch from Dan Walsh. 2010-05-03 15:01:35 -04:00
Chris PeBenito d8eb3c71c6 Dovecot patch from Dan Walsh. 2010-05-03 14:37:19 -04:00
Chris PeBenito baea7b1dc6 Networkmanager patch from Dan Walsh. 2010-05-03 14:01:26 -04:00
Justin P. Mattock d5932a6ac4 Fix a typo in support/genhomedircon.
Fix a typo in support/genhomedircon.

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-05-03 11:45:09 -04:00
Chris PeBenito 03a6e03926 Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t. 2010-05-03 11:17:16 -04:00
Chris PeBenito a3108c60c0 Consolekit patch from Dan Walsh. 2010-05-03 10:21:48 -04:00
Chris PeBenito b0076a1413 Arpwatch patch from Dan Walsh. 2010-05-03 09:49:33 -04:00
Chris PeBenito 98ac98623c Dbus patch from Dan Walsh. 2010-05-03 09:34:42 -04:00
Chris PeBenito 61738f11ec Devicekit patch from Dan Walsh. 2010-05-03 09:01:46 -04:00
Chris PeBenito 857d37e84a GPG patch from Dan Walsh. 2010-04-30 15:24:19 -04:00
Chris PeBenito 3b72786090 Add trusted object condition to unix socket connectto/sendto, to fix label translation. 2010-04-29 11:29:39 -04:00
Chris PeBenito 87a9469fc9 Add networking rules for spamd to connect to mysql/postgresql over the network, from Chris St. Pierre. 2010-04-27 10:31:47 -04:00
Chris PeBenito 45696ab282 Add missing secmark rules in ntop, from Dominick Grift. 2010-04-27 09:31:30 -04:00
Chris PeBenito a53c6c65a4 FTP patch from Dan Walsh. 2010-04-26 15:15:23 -04:00
Chris PeBenito d7ebbd9d22 Module version bump for 34838aa. 2010-04-26 13:40:21 -04:00
Jeremy Solt 34838aa62a Samba patch from Dan Walsh
- signal interfaces
 - fusefs support
 - bug 566984: getattrs on all blk and chr files

Did not include:
 - changes related to samba_unconfined_script_t and samba_unconfined_net_t
 - samba_helper_template (didn't appear to be used)
 - manage_lnk_files_pattern in samba_manage_var_files
 - signal allow rule in samba_domtrans_winbind_helper
 - samba_role_notrans
 - userdom_manage_user_home_content

Some style and spacing fixes
2010-04-26 13:28:21 -04:00
Chris Richards 9b3e798ea3 bootmisc init script, 2nd try
Allow to create /var/lock/.keep.  This prevents Portage from destroying /var/lock under certain conditions.  This patch is Gentoo specific.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-04-26 12:59:12 -04:00
Chris PeBenito 05a2e3e2d7 Lircd patch from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito e07fbc004d Add DenyHosts from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito 44b3808ba5 Djbdns patch from Dan Walsh. 2010-04-26 12:59:02 -04:00
Chris PeBenito 4a8bd017aa Module version bump and extra comments for 194d61f. 2010-04-24 08:10:43 -04:00
Chris Richards 194d61fd3c modutils patch for update-modules
update-modules on Gentoo throws errors when run because it sources /etc/init.d/functions.sh, which always scans /var/lib/init.d to set SOFTLEVEL environment var.  This is never used by update-modules.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:08:15 -04:00
Chris PeBenito 78352db924 Module version bump for 8c38fba. 2010-04-24 08:07:51 -04:00
Chris Richards 8c38fba0f0 allow syslog-ng to setrlimit
syslog-ng wants to increase the number of permissible open files from 256 to 4096 on unix/linux systems.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-04-24 08:02:23 -04:00
Chris PeBenito 5c3274d7bf Module version bump for 4b121a5. 2010-04-19 10:23:11 -04:00
Chris PeBenito 46879922d8 Additional whitespace fix in nis. 2010-04-19 10:20:19 -04:00
Jeremy Solt f49fc19e5a Style changes 2010-04-19 10:19:46 -04:00
Jeremy Solt 4b121a5f53 nis patch from Dan Walsh
Made a couple style changes.
Removed unnecessary require in nis_use_ypbind interface
2010-04-19 10:19:44 -04:00
Chris PeBenito da5940411c Additional whitespace fixes in certmonger. 2010-04-19 10:17:24 -04:00
Jeremy Solt 0e5494a3d9 Fix some whitespace and style issues. 2010-04-19 10:07:20 -04:00
Jeremy Solt 33793ec2ce certmonger policy from Dan Walsh
Removed manage_var_run and manage_var_lib interfaces
Added missing requires to admin interface
Removed permissive line
Fixed some spacing / style issues
2010-04-19 10:07:17 -04:00
Chris PeBenito 86ff008754 Module version bump for 4f7b413. 2010-04-19 10:05:22 -04:00
Jeremy Solt e6e2a769ac Remove excess white space from ntop.te
Move ntop ports declaration to correct location.
2010-04-19 09:55:01 -04:00
Jeremy Solt 4f7b413cdc Ntop policy from Dan Walsh
Added alias for ntop_http_content_t in apache
Pulled in ntop port from corenetwork patch
2010-04-19 09:54:58 -04:00
Chris PeBenito 98759716fe Module version bump for 46e16a2. 2010-04-19 09:54:13 -04:00
Jeremy Solt d86d4f6069 Move optional policy to correct location for style 2010-04-19 09:50:42 -04:00
Jeremy Solt 01bfe1d20e kerberos patch from Dan Walsh 2010-04-19 09:50:39 -04:00
Chris PeBenito 46e16a2d2a Use port range notation in corenetwork where it makes sense. 2010-04-13 11:55:04 -04:00
Chris PeBenito 3829eecb12 Clean up output of generated corenetwork.te. 2010-04-13 11:52:09 -04:00
Chris PeBenito 85e71c86da Fix network_port() in corenetwork to correctly handle port ranges. 2010-04-13 11:06:02 -04:00
KaiGai Kohei ec8d32c8e9 [BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)
I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.

In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.

And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.
2010-04-12 10:37:21 -04:00