Commit Graph

2618 Commits

Author SHA1 Message Date
Chris PeBenito 98759716fe Module version bump for 46e16a2. 2010-04-19 09:54:13 -04:00
Jeremy Solt d86d4f6069 Move optional policy to correct location for style 2010-04-19 09:50:42 -04:00
Jeremy Solt 01bfe1d20e kerberos patch from Dan Walsh 2010-04-19 09:50:39 -04:00
Chris PeBenito 46e16a2d2a Use port range notation in corenetwork where it makes sense. 2010-04-13 11:55:04 -04:00
Chris PeBenito 3829eecb12 Clean up output of generated corenetwork.te. 2010-04-13 11:52:09 -04:00
Chris PeBenito 85e71c86da Fix network_port() in corenetwork to correctly handle port ranges. 2010-04-13 11:06:02 -04:00
KaiGai Kohei ec8d32c8e9 [BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)
I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.

In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.

And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.
2010-04-12 10:37:21 -04:00
Chris PeBenito 23ad802a9d Module version bump for 5d3214f and 795b733. 2010-04-12 10:01:39 -04:00
Jeremy Solt 795b733a71 pcscd patch from Dan Walsh: manage pub files and fifo files 2010-04-12 09:10:37 -04:00
Jeremy Solt 5d3214f5a9 gpsd path from Dan Walsh 2010-04-12 09:07:50 -04:00
Chris PeBenito e399e3abea Add devtmpfs labeling. 2010-04-07 08:55:33 -04:00
Dominick Grift 91b12ad94c Move kernel_request_load_module(gssd_t) to the proper place.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:22 -04:00
Dominick Grift 6d9925c872 Fix requires for apache tmp interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-04-06 15:05:12 -04:00
Chris PeBenito b577852a98 Portreserve patch from Dan Walsh. 2010-04-05 14:50:23 -04:00
Chris PeBenito 38db49c545 PPP patch from Dan Walsh. 2010-04-05 14:38:30 -04:00
Chris PeBenito 372acd0037 Rpc patch from Dan Walsh. 2010-04-05 14:26:21 -04:00
Chris PeBenito 20fa703294 Whitespace fixes on Apache. 2010-04-05 14:05:05 -04:00
Chris PeBenito da0608ba38 Module version bump for 170a46d, f8b3b7f, and a49a82c. 2010-04-05 13:49:00 -04:00
Chris PeBenito b7d3db1860 Tweak for 170a46d. 2010-04-05 13:48:01 -04:00
Jeremy Solt a49a82c295 snort patch from Dan Walsh
Didn't rearrange all the kernel calls, but did add the kernel_request_load_module.
Didn't include the usbmod (doesn't exist in refpolicy at this time).
Included the generic usb device permissions because snort uses libpcap, which can also be used to monitor USB traffic, so this may be a side effect.
From the red hat bug (559861), it sounds as though snort was failing without these permissions, so it doesn't look like a dontaudit would work.
2010-04-05 13:46:11 -04:00
Jeremy Solt f8b3b7fa48 Nut policy from Dan Walsh
Dropped optional policy for shutdown_domtrans
Dropped commented can_exec line
2010-04-05 13:45:31 -04:00
Jeremy Solt 170a46d6c5 memcached patch from Dan Walsh
Moved term_dontaudits up for style
2010-04-05 13:43:58 -04:00
Chris PeBenito 60def66b13 Second part of Apache patch from Dan Walsh. 2010-04-05 10:57:52 -04:00
Chris PeBenito 83caba3eb9 First part of apache patch from Dan Walsh: file context changes, including renaming script ro/ra/rw files. 2010-04-01 08:17:50 -04:00
Chris PeBenito 25d81d2655 Tor patch from Dan Walsh. 2010-03-29 14:30:52 -04:00
Chris PeBenito 2b93b88584 Sssd patch from Dan Walsh. 2010-03-29 14:08:52 -04:00
Chris PeBenito ee2d2dda24 Add usbmuxd from Dan Walsh. 2010-03-29 13:29:18 -04:00
Chris PeBenito 6d4dbd20ae Vhostmd from Dan Walsh. 2010-03-29 11:25:06 -04:00
Chris PeBenito bf54d5be44 Module version bumps for c586c1b, dcbb332, 4c05dff, 84ce9c3, 2b012ba, and 1868383. 2010-03-29 09:21:59 -04:00
Chris PeBenito ad0071bbe4 Tweaks on pulseaudio 1868383, ksmtuned d279dd6, and smokeping f3c346c. 2010-03-29 09:19:40 -04:00
Jeremy Solt f3c346cc07 Smokeping policy from Dan Walsh
Made some style / spacing changes
Did not include read access to /etc/shadow
Removed manage_var_run and manage_var_lib interfaces
Removed permissive line
2010-03-29 08:46:30 -04:00
Jeremy Solt 18683835fd pulseaudio patch from Dan Walsh
Fixed template where it should have been interface
Replaced read_home and manage_home interfaces with read_home_files, manage_home_files and reduced access
Removed admin_dir reference
Replaced rtkit_daemon_system_domain with rtkit_scheduled
Fixed style / spacing issues
2010-03-29 08:41:45 -04:00
Jeremy Solt d279dd603f ksmtuned policy from Dan Walsh
Couple style/space fixes.
Used ps_process_pattern in admin interface
2010-03-29 08:36:53 -04:00
Jeremy Solt 2b012bacb6 Prelude patch from Dan Walsh 2010-03-29 08:36:15 -04:00
Jeremy Solt 84ce9c3333 Bluetooth patch (sys_admin and debugfs) from Dan Walsh
Added comments to reference redhat bugs
2010-03-29 08:36:05 -04:00
Jeremy Solt 4c05dff3d1 avahi patch from Dan Walsh
Didn't include the file read in the dbus_chat interface.
2010-03-29 08:36:00 -04:00
Jeremy Solt dcbb332992 chronyd patch from Dan Walsh
Fixed a couple style/spacing issues.
Added files_search_etc for chronyd_keys file
2010-03-29 08:35:52 -04:00
Jeremy Solt c586c1bfa6 Give dcc setgid from Dan Walsh 2010-03-29 08:35:34 -04:00
Chris PeBenito 7656af7a6f Module version bump for c37d843. 2010-03-23 08:07:19 -04:00
Chris PeBenito be8311279e Minor bind XML tweaks. 2010-03-23 08:05:00 -04:00
Jeremy Solt c37d843fa1 bind patch from Dan Walsh
some fixes in interfaces, added bind_setattr_zone_dirs interface
sysnet_read_config not needed with auth_use_nsswitch

Did not include init_read_script_tmp_files for named_t
2010-03-23 08:01:05 -04:00
Chris PeBenito 390b8a821b Radvd patch from Dan Walsh. 2010-03-22 15:19:50 -04:00
Chris PeBenito 1b22152c2c Rdisc patch from Dan Walsh. 2010-03-22 15:09:27 -04:00
Chris PeBenito 6c40309ef1 Module version bump for 1d348bd. 2010-03-22 13:53:24 -04:00
Jeremy Solt 1d348bd253 Afs needs sys_admin, sends signals, and resolves hostnames from Dan Walsh 2010-03-22 13:52:19 -04:00
Chris PeBenito df29613c72 Module version bump for 75c8a69. 2010-03-22 13:51:35 -04:00
Jeremy Solt 75c8a691ee gitosis read/manage lib interfaces from Dan Walsh
Only giving manage_files_pattern for gitosis_manage_lib_files
2010-03-22 13:48:39 -04:00
Chris PeBenito cf7eb082d2 Sasl patch from Dan Walsh. 2010-03-22 11:22:25 -04:00
Chris PeBenito 449d2069ac Snmp patch from Dan Walsh. 2010-03-22 11:08:31 -04:00
Chris PeBenito 08d7c7339b Sysstat patch from Dan Walsh. 2010-03-22 10:47:41 -04:00