RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,504 Commits 3 Branches 49 Tags 19 MiB
Commit Graph

475 Commits

Author SHA1 Message Date
Chris PeBenito 30496b1575 Iscsi and tgtd patches from Dan Walsh. 2010-03-09 15:17:16 -05:00
Dominick Grift 183f79e38e Fix cobbler_admin interface to require cobblerd_initrc_exec_t. 
As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-03-04 14:12:41 -05:00
Chris PeBenito ec0205ff73 Module version bump for e1e78df. 2010-03-04 09:18:04 -05:00
Chris PeBenito b7070a9f3d Module version bump for 52b215f. 2010-03-04 09:18:04 -05:00
Chris PeBenito cb6385d0ba Module version bump for cf5e81d. 2010-03-04 09:18:04 -05:00
Chris PeBenito c4faa1db8e Module version bump for 96b7e9f. 2010-03-04 09:18:04 -05:00
Chris PeBenito 812f30af02 Module version bump for a005018. 2010-03-04 09:18:04 -05:00
Chris PeBenito 4931c57e4b Add additional comments for e1e78df. 2010-03-04 09:18:04 -05:00
Jeremy Solt 9a1f0d21e1 Seems reasonable that exim may need to manage these files when /etc/alternatives/mta points to exim 
Patch from Dan Walsh
 2010-03-04 09:18:03 -05:00
Jeremy Solt 15ae77bd77 Domain transition for apmd to vbetool from Dan Walsh 2010-03-04 09:18:03 -05:00
Jeremy Solt a739053cf5 Changed amavis_initrc_domtrans domain summary to match style. 2010-03-04 09:18:03 -05:00
Jeremy Solt 6665c3c768 Changed arpwatch_initrc_domtrans domain summary to match style. 
Restored arpwatch_initrc_exec_t require because it's still used in arpwatch_admin interface
 2010-03-04 09:18:03 -05:00
Dominick Grift d783374bc9 Various arpwatch fixes. 
Allow domains to search /var/lib to enable interaction with arpwatch data.
Allow domains to search /tmp to enable interaction with arpwatch tmp content.
Create arpwatch initrc domtrans.
Call arpwatch initrc domtrans from arpwatch_admin.
Remove obsolete require.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-03-04 09:18:03 -05:00
Jeremy Solt 6eed0aa57c Modified apcupsd_initrc_domtrans interface summary to match style. 
Restored apcupsd_initrc_exec_t require in apcupsd_admin interface (It is used here in the role_transition).
 2010-03-04 09:18:03 -05:00
Dominick Grift eda6417669 Create apcupsd initrc domtrans. Call apcupsd initrc domtrans in apcupsd_admin. Remove obsolete require. Allow domains Various apcupsd fixes. 
Create apcupsd initrc domtrans.
Call apcupsd initrc domtrans in apcupsd_admin.
Remove obsolete require.
Allow domains to search bin to enable run apcupsd executable file.
Allow domains to search httpd system content to enable run apcupsd cgi script executables.
Allow domains to search var to enable run apcupsd content in /var/www/upcupsd.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-03-04 09:18:03 -05:00
Jeremy Solt 3b814894c7 Fixed typo in gen_require for amavis_initrc_domtrans (Appears to be a copy/paste mistake). 
Restored amavis_initrc_exec_t require in amavis_admin (still being used in this interface).
 2010-03-04 09:18:02 -05:00
Dominick Grift 88340b904a Various amavis fixes. 
Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-03-04 09:18:02 -05:00
Chris PeBenito 0bbb165448 Improve the documentation of nis_use_ypbind(). 2010-03-03 10:37:15 -05:00
Chris PeBenito d124921979 Module version bump for cd17345. 2010-02-24 10:13:12 -05:00
Dominick Grift cd17345324 Various abrt fixes. 
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-02-24 10:11:51 -05:00
Chris PeBenito 2040268b01 Module version bump for 534e57b. 2010-02-24 10:08:41 -05:00
Dominick Grift 534e57b770 Various afs fixes. 
Fix afs_initrc_domtrans.
Remove obsolete require in afs_admin.
Allow domains to search var to enable read write cache.
Allow domains to search bin to enable run afs executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-02-24 10:07:28 -05:00
Dominick Grift 6306637c89 mysqlmanagerd_var_run_t is not a domain type. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-02-24 10:00:05 -05:00
Chris PeBenito 1021460884 Minor tweaks and module version bump for 68cda59. 2010-02-23 13:58:18 -05:00
Chris Richards 68cda59844 Add MySQL Manager to MySQL policy module 
Second submission to fix mistakes from first.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
 2010-02-23 13:23:42 -05:00
Chris PeBenito 1049180cd8 Automount patch from Dan Walsh. 2010-02-19 13:50:01 -05:00
Chris PeBenito d08a3df046 Ssh key creation fix from Gentoo. 2010-02-17 20:32:08 -05:00
Chris PeBenito a513794b4c Chronyd from Miroslav Grepl. 2010-02-16 14:53:59 -05:00
Chris PeBenito 3fb2b72c65 Ccs patch from Dan Walsh. 2010-02-16 11:28:08 -05:00
Chris PeBenito 0ab2c1eae9 Clear xserver TODO. 2010-02-12 10:29:41 -05:00
Chris PeBenito 6246e7d30a Non-drawing X client support for consolekit. 2010-02-12 10:29:00 -05:00
Chris PeBenito c3c753f786 Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 14:20:10 -05:00
Chris PeBenito 21673b238a Hal patch from Dan Walsh. 2010-02-11 08:42:00 -05:00
Chris PeBenito 3079cbceb1 Virt/svirt patch from Dan Walsh. 2010-02-09 10:28:17 -05:00
Chris PeBenito aa9e3b4b65 Ktalk patch from Dan Walsh. 2010-02-09 10:28:00 -05:00
Chris PeBenito 27eab81f2f Misc fixes for 1031ee6. 2010-02-08 13:38:48 -05:00
Chris PeBenito 7d2f96783c Module version number bump for 1031ee6. 2010-02-08 13:37:42 -05:00
Dominick Grift 1031ee6f6a Implement cobblerd policy. 
My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.

Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.

As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.

Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
 2010-02-08 12:56:01 -05:00
Chris PeBenito e526fca176 Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl. 2010-02-08 11:29:12 -05:00
Chris PeBenito 4ebfec7303 Add pyicqt from Stefan Schulze Frielinghaus. 2010-02-08 10:58:16 -05:00
Chris PeBenito 22a2874dbf Add dbadm, from KaiGai Kohei. 2010-02-08 10:34:08 -05:00
Chris PeBenito edc2f7dea4 Fix home_ssh_t usage. 2010-01-25 08:34:28 -05:00
Chris PeBenito 82b5d290cc PPP patch from Dan Walsh. 2010-01-15 15:46:07 -05:00
Chris PeBenito cde15072d0 SSH patch from Dan Walsh. 2010-01-15 15:28:27 -05:00
Chris PeBenito fee5bb73bc Uucp patch from Dan Walsh. 2010-01-08 10:37:47 -05:00
Chris PeBenito c155e042d8 Sendmail patch from Dan Walsh. 2010-01-08 10:37:37 -05:00
Chris PeBenito 3624ef76d2 Mailman patch from Dan Walsh. 2010-01-08 10:37:23 -05:00
Chris PeBenito 8a8b24a4ba Lircd patch from Dan Walsh. 2010-01-08 10:37:13 -05:00
Chris PeBenito 07ba15168b Courier patch from Dan Walsh. 2010-01-08 10:37:01 -05:00
Chris PeBenito d2acef78f4 Inetd patch from Dan Walsh. 2010-01-08 10:36:49 -05:00