Commit Graph

2737 Commits

Author SHA1 Message Date
Jeremy Solt fdc0d0f77c vpn patch from Dan Walsh
Edits:
 - Removed userdom_read_home_certs
2010-05-24 13:08:08 -04:00
Jeremy Solt 37194ac055 dnsmasq patch from Dan Walsh
- cron_manage_pid_files call removed until further explanation
2010-05-24 13:08:07 -04:00
Jeremy Solt 2483d7ae56 Replace apache_delete_cache with apache_delete_cache_files in tmpreaper.te 2010-05-24 13:08:07 -04:00
Jeremy Solt 8daddcf37e tmpreaper patch from Dan Walsh 2010-05-24 13:08:07 -04:00
Jeremy Solt 7605d2738c Remove call to nagios_rw_inherited_tmp_files 2010-05-24 13:08:07 -04:00
Jeremy Solt 44dc1b9c21 netutils patch from Dan Walsh
Edits:
 - Dropping term_use_all_terms and user_ping tunables for ping and traceroute
 - Whitespace fixes
2010-05-24 13:08:07 -04:00
Jeremy Solt 4ac0cd30fa Remove nagios_rw_inherited_tmp_files interface 2010-05-24 13:08:07 -04:00
Jeremy Solt 99bbe34881 Nagios patch from Dan Walsh
Edits:
- Removed permissive lines
- Removed tunable for broken symptoms
- Style and whitespace fixes
2010-05-24 13:08:07 -04:00
Jeremy Solt 599e8ff702 Create type and allow squid to manage its own tmpfs files 2010-05-24 13:08:07 -04:00
Jeremy Solt d86c09846b squid patch from Dan Walsh
Edits:
 - Added netport to corenetwork.te.in
2010-05-24 13:08:07 -04:00
Jeremy Solt fb543d0df1 remove rules for nx_server_home_ssh_t since they are already provided by the ssh template 2010-05-24 13:08:07 -04:00
Jeremy Solt 316cdb1d0d nx patch from Dan Walsh
Edits:
 - Style and whitespace fixes
 - Removed read_lnk_files_pattern from nx_read_home_files
 - Delete declaration of nx_server_home_ssh_t and files_type since the template already does this
2010-05-24 13:08:07 -04:00
Chris PeBenito d9e4cbd2ce Postfix patch from Dan Walsh. 2010-05-21 08:56:49 -04:00
Chris PeBenito 9fe1b540b8 Prelink patch from Dan Walsh. 2010-05-20 08:54:51 -04:00
Chris PeBenito 9ea85eaa8b Sendmail patch from Dan Walsh. 2010-05-20 08:36:38 -04:00
Chris PeBenito b276e36914 Procmail patch from Dan Walsh. 2010-05-20 08:17:06 -04:00
Chris PeBenito e19b8d1c2e MTA patch from Dan Walsh. 2010-05-19 09:00:39 -04:00
Chris PeBenito 088b65e52b SSH patch from Dan Walsh. 2010-05-19 08:31:17 -04:00
Chris PeBenito 4e698b0fca Cups patch from Dan Walsh. 2010-05-18 10:59:37 -04:00
Chris PeBenito e2c9450235 Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file. Module version bump for d56b33a. 2010-05-18 10:28:17 -04:00
Chris Richards d56b33a1e4 Create new interface and type for managing /etc/udev/rules.d
udev_var_run_t is used for managing files in /etc/udev/rules.d as well as other files, including udev pid files.  This patch creates a type specifically for rules.d files, and an interface for managing them.  It also gives access to this type to initrc_t so that rules can be properly populated during startup.  This also fixes a problem on Gentoo where udev rules are NOT properly populated on startup.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-05-18 10:20:55 -04:00
Chris PeBenito 1b2f08ea10 Abrt patch from Dan Walsh. 2010-05-18 10:18:12 -04:00
Chris PeBenito e9e43f04b3 Plymouthd policy from Dan Walsh. 2010-05-18 09:54:18 -04:00
Chris PeBenito b0c2cae14a Hal patch from Dan Walsh.
Lots of random access for hal.
2010-05-18 09:06:36 -04:00
Chris PeBenito 2e4e39d26a Loadkeys patch from Dan Walsh. 2010-05-14 11:40:26 -04:00
Chris PeBenito 84940a0995 Java patch from Dan Walsh.
Additional java context

unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled

We want unconfined java apps to transition to rpm when they execute rpm_exec_t.  To maintain proper labeling.
2010-05-14 10:40:59 -04:00
Chris PeBenito 299db7080c CVS patch from Dan Walsh.
cvs needs dac_override when it tries to read shadow
2010-05-14 10:24:11 -04:00
Chris PeBenito bcc6e65421 SETroubleshoot patch from Dan Walsh.
Policy to handle the fixit button in setroubleshoot.
2010-05-13 13:22:53 -04:00
Chris PeBenito ada61e1529 Asterisk patch from Dan Walsh.
asterisk_manage_lib_files(logrotate_t)
    asterisk_exec(logrotate_t)

Needs net_admin

Drops capabilities
connects to unix_stream

execs itself

Requests kernel load modules

Execs shells

Connects to postgresql and snmp ports

Reads urand and generic usb devices

Has mysql and postgresql back ends
sends mail
2010-05-13 11:35:58 -04:00
Chris PeBenito 24e0b9b3a4 Munin patch from Dan Walsh. 2010-05-13 11:20:54 -04:00
Chris PeBenito 16070400a8 RPM patch from Dan Walsh. 2010-05-11 11:11:40 -04:00
Chris PeBenito 27afb97c29 Minor fixes on a2524cf. Module version bump. 2010-05-11 08:33:04 -04:00
Chris PeBenito aeb7a4e180 Whitespace fixes on cobbler. 2010-05-11 08:23:02 -04:00
Jeremy Solt a2524cfa77 cobbler patch from Dan Walsh 2010-05-11 08:17:33 -04:00
Chris PeBenito fb3fc9e4f0 Cyrus patch from Dan Walsh. 2010-05-03 15:14:50 -04:00
Chris PeBenito 4804cd43a0 Clamav patch from Dan Walsh. 2010-05-03 15:01:35 -04:00
Chris PeBenito d8eb3c71c6 Dovecot patch from Dan Walsh. 2010-05-03 14:37:19 -04:00
Chris PeBenito baea7b1dc6 Networkmanager patch from Dan Walsh. 2010-05-03 14:01:26 -04:00
Justin P. Mattock d5932a6ac4 Fix a typo in support/genhomedircon.
Fix a typo in support/genhomedircon.

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-05-03 11:45:09 -04:00
Chris PeBenito 03a6e03926 Add kernel access to devtmpfs. Also add workround while devtmpfs is tmpfs_t instead of device_t. 2010-05-03 11:17:16 -04:00
Chris PeBenito a3108c60c0 Consolekit patch from Dan Walsh. 2010-05-03 10:21:48 -04:00
Chris PeBenito b0076a1413 Arpwatch patch from Dan Walsh. 2010-05-03 09:49:33 -04:00
Chris PeBenito 98ac98623c Dbus patch from Dan Walsh. 2010-05-03 09:34:42 -04:00
Chris PeBenito 61738f11ec Devicekit patch from Dan Walsh. 2010-05-03 09:01:46 -04:00
Chris PeBenito 857d37e84a GPG patch from Dan Walsh. 2010-04-30 15:24:19 -04:00
Chris PeBenito 3b72786090 Add trusted object condition to unix socket connectto/sendto, to fix label translation. 2010-04-29 11:29:39 -04:00
Chris PeBenito 87a9469fc9 Add networking rules for spamd to connect to mysql/postgresql over the network, from Chris St. Pierre. 2010-04-27 10:31:47 -04:00
Chris PeBenito 45696ab282 Add missing secmark rules in ntop, from Dominick Grift. 2010-04-27 09:31:30 -04:00
Chris PeBenito a53c6c65a4 FTP patch from Dan Walsh. 2010-04-26 15:15:23 -04:00
Chris PeBenito d7ebbd9d22 Module version bump for 34838aa. 2010-04-26 13:40:21 -04:00