Commit Graph

2503 Commits

Author SHA1 Message Date
Chris PeBenito 30496b1575 Iscsi and tgtd patches from Dan Walsh. 2010-03-09 15:17:16 -05:00
Chris PeBenito 939eaf2f13 Fstools patch from Dan Walsh. 2010-03-09 14:32:17 -05:00
Chris PeBenito d0a6df5c47 Miscfiles patch from Dan Walsh. 2010-03-09 10:44:55 -05:00
Chris PeBenito 547d62ea9e Module version bump for ddae1cc. 2010-03-09 09:34:30 -05:00
Jeremy Solt ddae1cc9ec Creates sock files in /tmp, reads network state. - From Dan Walsh
I didn't include userdom_search_user_home_dirs, this is redundant with
the call to userdom_user_home_dir_filetrans
2010-03-09 09:32:23 -05:00
Chris PeBenito bd063de6c4 Fix another corenetwork typo. 2010-03-08 11:04:40 -05:00
Chris PeBenito 6f9c3c4895 Module version bump for 42fa15b. 2010-03-08 10:03:18 -05:00
Chris PeBenito b193389baa Module version bump for 3fcdc39. 2010-03-08 10:02:58 -05:00
Chris PeBenito 5dac50953f Module version bump for cf3da95. 2010-03-08 10:02:34 -05:00
Chris PeBenito e2e1b6721b Minor style fixes. 2010-03-08 10:00:55 -05:00
Jeremy Solt 42fa15ba75 Logwatch looks for content in homedirs, reads samba shares - from Dan Walsh 2010-03-08 09:34:37 -05:00
Jeremy Solt 3fcdc39764 shorewall log file from Dan Walsh 2010-03-08 09:34:37 -05:00
Jeremy Solt cf3da95084 Allow cdrecord_t to execute bin_t from Dan Walsh
growisofs executes mkisofs
2010-03-08 09:34:37 -05:00
Chris PeBenito 4af2b3fb98 Add back missing s0 on network_port(). 2010-03-08 07:59:56 -05:00
Chris PeBenito 09b92dcc3c Guest patch from Dan Walsh. 2010-03-05 14:09:49 -05:00
Chris PeBenito 9c709c46a1 Corenetwork patch from Dan Walsh. 2010-03-05 13:46:46 -05:00
Chris PeBenito 4b23c6747b Corecommands patch from Dan Walsh. 2010-03-05 10:51:39 -05:00
Chris PeBenito 05351730cc Devices patch from Dan Walsh. 2010-03-04 15:30:22 -05:00
Chris PeBenito febc7fdfba Storage patch from Dan Walsh. 2010-03-04 14:23:44 -05:00
Dominick Grift 183f79e38e Fix cobbler_admin interface to require cobblerd_initrc_exec_t.
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-04 14:12:41 -05:00
Chris PeBenito eeb7616f5e Corenetwork patch from Dan Walsh. 2010-03-04 13:50:46 -05:00
Chris PeBenito c9ab7707b3 add write to manage_lnk_file_perms. 2010-03-04 11:29:06 -05:00
Chris PeBenito 1112a5bc20 Module version bump for be47d75. 2010-03-04 09:18:04 -05:00
Chris PeBenito ec0205ff73 Module version bump for e1e78df. 2010-03-04 09:18:04 -05:00
Chris PeBenito b7070a9f3d Module version bump for 52b215f. 2010-03-04 09:18:04 -05:00
Chris PeBenito cb6385d0ba Module version bump for cf5e81d. 2010-03-04 09:18:04 -05:00
Chris PeBenito c4faa1db8e Module version bump for 96b7e9f. 2010-03-04 09:18:04 -05:00
Chris PeBenito 812f30af02 Module version bump for a005018. 2010-03-04 09:18:04 -05:00
Chris PeBenito 4931c57e4b Add additional comments for e1e78df. 2010-03-04 09:18:04 -05:00
Jeremy Solt 4d2680e508 hotplug transition to brctl from Dan Walsh 2010-03-04 09:18:04 -05:00
Jeremy Solt 9a1f0d21e1 Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
Patch from Dan Walsh
2010-03-04 09:18:03 -05:00
Jeremy Solt 15ae77bd77 Domain transition for apmd to vbetool from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt 6a9ef9e852 gen_require typo fix in dbadm.if from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt a739053cf5 Changed amavis_initrc_domtrans domain summary to match style. 2010-03-04 09:18:03 -05:00
Jeremy Solt 6665c3c768 Changed arpwatch_initrc_domtrans domain summary to match style.
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
2010-03-04 09:18:03 -05:00
Dominick Grift d783374bc9 Various arpwatch fixes.
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt 6eed0aa57c Modified apcupsd_initrc_domtrans interface summary to match style.
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
2010-03-04 09:18:03 -05:00
Dominick Grift eda6417669 Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
Jeremy Solt 3b814894c7 Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
2010-03-04 09:18:02 -05:00
Dominick Grift 88340b904a Various amavis fixes.
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:02 -05:00
Chris PeBenito 402bbb9fe9 Improve documentation of udev_read_db(). 2010-03-03 14:16:36 -05:00
Chris PeBenito b675cec7f8 Improve documentation of seutil_sigchld_newrole(). 2010-03-03 14:16:22 -05:00
Chris PeBenito 4a4436a778 Add examples to documentation of common corenetwork interfaces. 2010-03-03 13:42:15 -05:00
Chris PeBenito a6bafb5a25 Module version bump for bf530f5. 2010-03-03 13:11:58 -05:00
Dominick Grift bf530f532c Various permission set fixes.
Fix various interfaces to use permission sets for compatiblity with open permission.

Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.

The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
Chris PeBenito b58db31da6 Improve the documentation of application_domain(). 2010-03-03 10:37:58 -05:00
Chris PeBenito d24a7df15c Improve the documentation of auth_use_nsswitch(). 2010-03-03 10:37:37 -05:00
Chris PeBenito 0bbb165448 Improve the documentation of nis_use_ypbind(). 2010-03-03 10:37:15 -05:00
Dominick Grift 4cb24aed7b Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
Chris PeBenito c46376e665 Improve documentation for userdomain interfaces:
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00