c9ab7707b3
add write to manage_lnk_file_perms.
2010-03-04 11:29:06 -05:00
1112a5bc20
Module version bump for be47d75.
2010-03-04 09:18:04 -05:00
ec0205ff73
Module version bump for e1e78df.
2010-03-04 09:18:04 -05:00
b7070a9f3d
Module version bump for 52b215f.
2010-03-04 09:18:04 -05:00
cb6385d0ba
Module version bump for cf5e81d.
2010-03-04 09:18:04 -05:00
c4faa1db8e
Module version bump for 96b7e9f.
2010-03-04 09:18:04 -05:00
812f30af02
Module version bump for a005018.
2010-03-04 09:18:04 -05:00
4931c57e4b
Add additional comments for e1e78df.
2010-03-04 09:18:04 -05:00
4d2680e508
hotplug transition to brctl from Dan Walsh
2010-03-04 09:18:04 -05:00
9a1f0d21e1
Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim
...
Patch from Dan Walsh
2010-03-04 09:18:03 -05:00
15ae77bd77
Domain transition for apmd to vbetool from Dan Walsh
2010-03-04 09:18:03 -05:00
6a9ef9e852
gen_require typo fix in dbadm.if from Dan Walsh
2010-03-04 09:18:03 -05:00
a739053cf5
Changed amavis_initrc_domtrans domain summary to match style.
2010-03-04 09:18:03 -05:00
6665c3c768
Changed arpwatch_initrc_domtrans domain summary to match style.
...
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
2010-03-04 09:18:03 -05:00
d783374bc9
Various arpwatch fixes.
...
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
6eed0aa57c
Modified apcupsd_initrc_domtrans interface summary to match style.
...
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
2010-03-04 09:18:03 -05:00
eda6417669
Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes.
...
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:03 -05:00
3b814894c7
Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake).
...
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
2010-03-04 09:18:02 -05:00
88340b904a
Various amavis fixes.
...
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-03-04 09:18:02 -05:00
402bbb9fe9
Improve documentation of udev_read_db().
2010-03-03 14:16:36 -05:00
b675cec7f8
Improve documentation of seutil_sigchld_newrole().
2010-03-03 14:16:22 -05:00
4a4436a778
Add examples to documentation of common corenetwork interfaces.
2010-03-03 13:42:15 -05:00
a6bafb5a25
Module version bump for bf530f5.
2010-03-03 13:11:58 -05:00
bf530f532c
Various permission set fixes.
...
Fix various interfaces to use permission sets for compatiblity with open permission.
Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.
The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 13:10:55 -05:00
b58db31da6
Improve the documentation of application_domain().
2010-03-03 10:37:58 -05:00
d24a7df15c
Improve the documentation of auth_use_nsswitch().
2010-03-03 10:37:37 -05:00
0bbb165448
Improve the documentation of nis_use_ypbind().
2010-03-03 10:37:15 -05:00
4cb24aed7b
Fix userdom_write_user_tmp_sockets to use write_sock_file_perms to allow domains to open user_tmp_t sock_files.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-03 10:31:56 -05:00
c46376e665
Improve documentation for userdomain interfaces:
...
userdom_use_user_terminals()
userdom_dontaudit_search_user_home_dirs()
userdom_dontaudit_use_unpriv_user_fds()
2010-03-02 14:01:10 -05:00
88daf126f2
Improve the documentation of domain interfaces:
...
domain_type()
domain_use_interactive_fds()
2010-03-02 12:52:07 -05:00
888d9e4652
Improve the documentation of ubac_constrained().
2010-03-02 11:28:44 -05:00
4e12649d4e
Improve the documentation of devices interfaces:
...
dev_node()
dev_read_rand()
dev_read_urand()
dev_read_sysfs()
2010-03-02 10:24:24 -05:00
12f73d8b69
Improve filesystem interfaces:
...
fs_getattr_xattr_fs()
fs_getattr_all_fs()
fs_search_auto_mountpoints()
2010-03-01 14:50:55 -05:00
42f1b11482
Module version bump for 03dd57f.
2010-03-01 13:34:10 -05:00
03dd57fe7b
Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-03-01 13:30:28 -05:00
7cf2858e4a
Improve the documentation of files interfaces:
...
files_pid_file()
files_config_file()
files_tmp_file()
files_read_etc_runtime_files()
files_read_usr_files()
files_search_var_lib()
files_pid_filetrans()
2010-03-01 10:53:50 -05:00
5fb5bf2686
Additional docs for logging_log_filetrans().
2010-03-01 10:38:24 -05:00
42eb0f10a9
Improve the documentation of corenetwork interfaces
...
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
2010-02-26 14:24:56 -05:00
14e543cb1c
Improve the documentation of unconfined_domain().
2010-02-26 13:47:17 -05:00
45185c0783
Improve the documentation of logging_log_file() and logging_log_filetrans().
2010-02-26 09:34:41 -05:00
3a744d1275
Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
2010-02-26 08:58:32 -05:00
13f000d2ef
Improve the documentation of:
...
init_script_file()
init_daemon_domain()
init_system_domain()
init_ranged_daemon_domain()
init_ranged_system_domain()
init_use_fds()
2010-02-25 16:00:58 -05:00
d6887176c1
Improve sysnet_read_config() documentation.
2010-02-25 13:54:34 -05:00
81a0fb4024
Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_dns_name_resolve() to use sysnet_read_config() rather thane explicit type usage.
2010-02-25 13:53:52 -05:00
7a0c0b4088
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 12:59:11 -05:00
fd813456a4
Add additional documentation to files_type().
2010-02-25 10:41:12 -05:00
6dadd3995e
Rearrange files interfaces.
2010-02-25 08:32:22 -05:00
6e48775f75
Improve documentation on logging_send_syslog_msg().
2010-02-24 15:56:05 -05:00
fca4a96bae
Improve documentation on files_read_etc_files().
2010-02-24 15:20:03 -05:00
611bc9311d
Improve documentation on miscfiles_read_localization().
2010-02-24 14:56:07 -05:00
d124921979
Module version bump for cd17345.
2010-02-24 10:13:12 -05:00
cd17345324
Various abrt fixes.
...
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:11:51 -05:00
2040268b01
Module version bump for 534e57b.
2010-02-24 10:08:41 -05:00
534e57b770
Various afs fixes.
...
Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:07:28 -05:00
6306637c89
mysqlmanagerd_var_run_t is not a domain type.
...
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-24 10:00:05 -05:00
1021460884
Minor tweaks and module version bump for 68cda59.
2010-02-23 13:58:18 -05:00
68cda59844
Add MySQL Manager to MySQL policy module
...
Second submission to fix mistakes from first.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2010-02-23 13:23:42 -05:00
1049180cd8
Automount patch from Dan Walsh.
2010-02-19 13:50:01 -05:00
fa03ecc046
Shorewall patch from Dan Walsh.
2010-02-19 11:53:19 -05:00
6ae29c7378
Vbetool patch from Dan Walsh.
2010-02-19 11:34:28 -05:00
4fd0889171
Java patch from Dan Walsh.
2010-02-19 11:21:38 -05:00
1e0f483a18
Mono patch from Dan Walsh.
2010-02-19 10:42:43 -05:00
a777957b49
Rename qemu_unconfined_t to unconfined_qemu_t.
2010-02-19 10:27:09 -05:00
8a1c9c505f
Rearrage qemu.if.
2010-02-19 10:16:28 -05:00
72295e93e1
Qemu patch from Dan Walsh.
2010-02-19 10:15:19 -05:00
29b580ce8f
Add sectoolm by Miroslav Grepl.
2010-02-19 09:39:06 -05:00
4796d07ee0
Wine patch from Dan Walsh.
2010-02-19 09:17:51 -05:00
6a9da24987
Useradd home dir creation fix from Gentoo.
2010-02-17 20:34:23 -05:00
2f84a77d22
Syslog fixes from Gentoo.
2010-02-17 20:33:53 -05:00
8b8501991e
Clean up leaked portage file descriptors.
2010-02-17 20:33:31 -05:00
d08a3df046
Ssh key creation fix from Gentoo.
2010-02-17 20:32:08 -05:00
2c05132062
Utmp fix from Gentoo.
2010-02-17 20:31:46 -05:00
72c8a37c2b
Setfiles fix from Gentoo.
2010-02-17 20:30:42 -05:00
679a63d09f
Mount usbfs fix from Gentoo.
2010-02-17 20:30:13 -05:00
aadcb968f9
Move netlink route sockets from nsswitch to DNS name resolve.
2010-02-17 20:28:59 -05:00
15d80e3646
Misc portage fixes.
2010-02-17 20:25:39 -05:00
05bd2f9837
Portage fixes for installing SELinux-aware programs.
2010-02-17 20:23:41 -05:00
c06a4452e2
Xguest patch from Dan Walsh.
2010-02-17 09:23:17 -05:00
6f30d7e770
Pulseaudio patch from Dan Walsh.
2010-02-16 15:13:08 -05:00
a513794b4c
Chronyd from Miroslav Grepl.
2010-02-16 14:53:59 -05:00
3fb2b72c65
Ccs patch from Dan Walsh.
2010-02-16 11:28:08 -05:00
0ab2c1eae9
Clear xserver TODO.
2010-02-12 10:29:41 -05:00
6246e7d30a
Non-drawing X client support for consolekit.
2010-02-12 10:29:00 -05:00
1322a1af4d
Remove redundant conditional user_ping terminal rules.
2010-02-11 14:35:38 -05:00
c3c753f786
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.
2010-02-11 14:20:10 -05:00
ed03a5b916
Sudo patch from Dan Walsh.
2010-02-11 09:15:45 -05:00
ca5dc2f1cb
Consoletype patch from Dan Walsh.
2010-02-11 08:56:53 -05:00
21673b238a
Hal patch from Dan Walsh.
2010-02-11 08:42:00 -05:00
3079cbceb1
Virt/svirt patch from Dan Walsh.
2010-02-09 10:28:17 -05:00
aa9e3b4b65
Ktalk patch from Dan Walsh.
2010-02-09 10:28:00 -05:00
16412e2ff9
Merge branch 'master' of git+ssh://cpebenito@oss.tresys.com/home/git/refpolicy
2010-02-08 14:47:06 -05:00
27eab81f2f
Misc fixes for 1031ee6.
2010-02-08 13:38:48 -05:00
7d2f96783c
Module version number bump for 1031ee6.
2010-02-08 13:37:42 -05:00
1031ee6f6a
Implement cobblerd policy.
...
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.
Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.
As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.
Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
2010-02-08 12:56:01 -05:00
2d743657f4
Userdomain patch from Stefan Schulze Frielinghaus.
2010-02-08 11:43:44 -05:00
e526fca176
Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl.
2010-02-08 11:29:12 -05:00
4ebfec7303
Add pyicqt from Stefan Schulze Frielinghaus.
2010-02-08 10:58:16 -05:00
22a2874dbf
Add dbadm, from KaiGai Kohei.
2010-02-08 10:34:08 -05:00
edc2f7dea4
Fix home_ssh_t usage.
2010-01-25 08:34:28 -05:00
82b5d290cc
PPP patch from Dan Walsh.
2010-01-15 15:46:07 -05:00
cde15072d0
SSH patch from Dan Walsh.
2010-01-15 15:28:27 -05:00
fee5bb73bc
Uucp patch from Dan Walsh.
2010-01-08 10:37:47 -05:00
c155e042d8
Sendmail patch from Dan Walsh.
2010-01-08 10:37:37 -05:00
3624ef76d2
Mailman patch from Dan Walsh.
2010-01-08 10:37:23 -05:00
8a8b24a4ba
Lircd patch from Dan Walsh.
2010-01-08 10:37:13 -05:00
07ba15168b
Courier patch from Dan Walsh.
2010-01-08 10:37:01 -05:00
d2acef78f4
Inetd patch from Dan Walsh.
2010-01-08 10:36:49 -05:00
c292cb96ad
Avahi patch from Dan Walsh.
2010-01-08 10:35:47 -05:00
00808a9b13
Fprintd patch from Dan Walsh.
2010-01-07 11:51:17 -05:00
ef6ea56c4b
Fetchmail patch from Dan Walsh.
2010-01-07 11:51:05 -05:00
84a45c9617
Exim patch from Dan Walsh.
2010-01-07 11:50:55 -05:00
4dd84bbf0e
Dovecot patch from Dan Walsh.
2010-01-07 11:50:47 -05:00
14c7865f1f
Ddclient patch from Dan Walsh.
2010-01-07 11:50:35 -05:00
dcabb11eb5
DCC patch from Dan Walsh.
2010-01-07 11:50:20 -05:00
30958fb7e7
Cyrus patch from Dan Walsh.
2010-01-07 11:49:55 -05:00
192fb874f5
Clamav patch from Dan Walsh.
2010-01-07 11:49:44 -05:00
c5155ac008
Bluetooth patch from Dan Walsh.
2010-01-07 11:49:32 -05:00
96831fe421
Move rules from mta mailserver delivery from interface to .te to use the attribute.
2010-01-07 09:56:21 -05:00
9c40673ff5
MTA patch from Dan Walsh.
2010-01-07 09:48:35 -05:00
2650ca57ec
Tftp patch from Dan Walsh.
2010-01-07 09:01:10 -05:00
f3890b25db
Sssd patch from Dan Walsh.
2010-01-07 09:00:59 -05:00
207c4d1e6e
Snmp patch from Dan Walsh.
2010-01-07 09:00:48 -05:00
82cdffce58
ntp patch from Dan Walsh.
2010-01-07 09:00:39 -05:00
f37b7bd0cb
gpsd patch from Dan Walsh.
2010-01-07 08:59:38 -05:00
b11dcd43b6
Tuned patch from Dan Walsh.
2009-12-18 10:45:56 -05:00
ff785b93df
Rpcbind patch from Dan Walsh.
2009-12-18 10:45:39 -05:00
733f494802
Radvd patch from Dan Walsh.
2009-12-18 10:45:29 -05:00
b36ae9786f
Privoxy patch from Dan Walsh.
2009-12-18 10:45:22 -05:00
1232a50c5f
Prelude patch from Dan Walsh.
2009-12-18 10:45:09 -05:00
6df09cfef7
PCSCD patch from Dan Walsh.
2009-12-18 10:44:59 -05:00
2d59a828b6
Nslcd patch from Dan Walsh.
2009-12-18 10:44:49 -05:00
80f0587459
Mysql patch from Dan Walsh.
2009-12-18 10:44:35 -05:00
d3c612ffd8
Modemmanager patch from Dan Walsh.
2009-12-18 10:44:26 -05:00
0000b795ea
Milter patch from Dan Walsh.
2009-12-18 10:42:08 -05:00
a32226612a
Memcached patch from Dan Walsh.
2009-12-18 10:41:56 -05:00
6aa333b47e
Kerneloops patch from Dan Walsh.
2009-12-18 10:41:41 -05:00
e1b8b54739
Kerberos patch from Dan Walsh.
2009-12-18 10:40:53 -05:00
7d05af77c3
Irqbalance patch from Dan Walsh.
2009-12-18 10:39:36 -05:00
d7b98c8902
GPM patch from Dan Walsh.
2009-12-18 10:39:23 -05:00
ce8a71a960
Fail2ban patch from Dan Walsh.
2009-12-18 10:39:10 -05:00
bd21cb1e09
Certmaster patch from Dan Walsh.
2009-12-18 10:38:57 -05:00
a7d606860b
Bitlbee patch from Dan Walsh.
2009-12-18 10:38:30 -05:00
5894c3e4fb
Amavis patch from Dan Walsh.
2009-12-18 10:38:17 -05:00
32f27a7489
asterisk patch from Dan Walsh.
2009-12-18 10:37:52 -05:00
7e81399d84
apm patch from Dan Walsh.
2009-12-18 10:35:31 -05:00
41c139dc77
afs patch from Dan Walsh.
2009-12-18 10:35:03 -05:00
b84d6ec491
smartmon patch from Dan Walsh.
2009-12-18 10:33:50 -05:00
3fe6f6ad60
Typo in policy/users
...
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
2009-12-18 08:51:58 -05:00
7fc72a02d9
Changelog and version bump for X object manager changes.
2009-12-03 10:40:42 -05:00
e331a05c77
Merge branch 'master' into xselinux
2009-12-03 10:13:41 -05:00
Chris PeBenito
Jeremy Solt
Dominick Grift
Chris Richards
Chris PeBenito
Justin P. Mattock