nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,518 Commits 1 Branch 0 Tags 16 MiB
f80bd12603
Commit Graph

1868 Commits

Author SHA1 Message Date
Chris PeBenito
f80bd12603 Rearrange lines. 2012-10-31 10:52:36 -04:00
Dominick Grift
de7b3815c9 Changes to the user domain policy module 
Content that (at least) common users need to be able to relabel and
create with a type transition

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-31 10:51:34 -04:00
Chris PeBenito
af2496ea2e Module version bump/contrib sync. 2012-10-30 16:12:14 -04:00
Chris PeBenito
a94ff9d100 Rearrange devices interfaces. 2012-10-30 16:11:32 -04:00
Dominick Grift
7545e7d22c Samhain_admin() now requires a role for the role_transition from $1 to initrc_t via samhain_initrc_exec_t 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 15:39:20 -04:00
Dominick Grift
83d28d8a52 Changes to the user domain policy module 
gnome_role is deprecated, use gnome_role_template instead
depends on dbus because of gkeyringd

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 15:39:20 -04:00
Dominick Grift
4c68e48950 For virtd 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 15:39:20 -04:00
Chris PeBenito
35bb8cbf62 Module version bump for arping setcap from Dominick Grift. 2012-10-30 14:28:53 -04:00
Dominick Grift
7ef9402705 Arping needs setcap to cap_set_proc 
rhbz#869615

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 14:19:37 -04:00
Chris PeBenito
104456aa17 Module version bump for interfaces used by virt from Dominick Grift. 2012-10-30 14:17:25 -04:00
Chris PeBenito
1673ea6474 Rearrange interfaces in files, clock, and udev. 2012-10-30 14:16:30 -04:00
Dominick Grift
176afaf5d6 For virtd 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
fc749312f5 For virtd lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
f980fd9208 For virtd lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
f4a0be2dfc For virtd_lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
0122830bd9 For virtd_lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
e04ad5fe92 For virtd lxc 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
193760f130 For svirt_lxc_domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
c40ea7bd2d For svirt_lxc_domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:02 -04:00
Dominick Grift
1cbe9e6196 For svirt_lxc_domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-30 13:58:01 -04:00
Chris PeBenito
2b63d6a616 Module version bump for dovecot libs from Mika Pflueger. 2012-10-30 13:52:59 -04:00
Mika Pflüger
5ea6bf5c1e Explicitly label dovecot libraries lib_t for debian 2012-10-30 13:42:05 -04:00
Chris PeBenito
a2cc003740 Module version bump for minor logging and sysnet changes from Sven Vermeulen. 2012-10-30 13:39:46 -04:00
Sven Vermeulen
7ed91bfafd Support flushing routing cache 
To flush the routing cache, ifconfig_t (through the "ip" command) requires
sys_admin capability. If not:

~# ip route flush cache
Cannot flush routing cache

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-30 13:28:02 -04:00
Chris PeBenito
d29f5d4e72 Rename logging_search_all_log_dirs to logging_search_all_logs 2012-10-30 13:27:10 -04:00
Sven Vermeulen
c239a20504 Introduce logging_search_all_log_dirs interface 
Support the logging_search_all_log_dirs interface for applications such as
fail2ban-client, who scan through log directories.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-30 13:25:23 -04:00
Sven Vermeulen
48e8c08717 Introduce logging_getattr_all_logs interface 
Support the logging_getattr_all_logs interface, which will be used by
applications responsible for reviewing the state of log files (without needing
to read them), such as the fail2ban-client application.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-30 13:25:07 -04:00
Chris PeBenito
b7bc3d1506 Module version bump for kernel_stream_connect() from Dominick Grift. 2012-10-19 09:18:53 -04:00
Chris PeBenito
2dfd2b93a9 Move kernel_stream_connect() declaration. 2012-10-19 09:18:19 -04:00
Dominick Grift
07c2944493 Changes to the kernel policy module 
Interface is needed by at least plymouth

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 09:03:37 -04:00
Dominick Grift
0805dd800c Changes to various policy modules 
pcscd_read_pub_files is deprecated use pcscd_read_pid_files instead

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 08:59:22 -04:00
Chris PeBenito
51b1bd56c4 Module version bump for xserver interfaces from Dominick Grift. 2012-10-19 08:58:54 -04:00
Chris PeBenito
1409b86b02 Rename new xserver interfaces. 2012-10-19 08:52:58 -04:00
Chris PeBenito
9b6993158b Rearrange new xserver interfaces. 2012-10-19 08:49:43 -04:00
Dominick Grift
4034f4a4b4 Changes to the xserver policy module 
These interfaces are needed by at least plymouth

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 08:48:12 -04:00
Mika Pflüger
8b1aa69f1f Debian locations of gvfs and kde4 libexec binaries in /usr/lib 2012-10-19 08:40:16 -04:00
Chris PeBenito
e4f0112175 Module version bump for dhcp6 ports, from Russell Coker. 2012-10-19 08:39:02 -04:00
Russell Coker
f9bee5a60b Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control 
Client control is used by the wide dhcp6 client, which can be controlled
via dhcp6ctl. This works by communicating over port 5546.
 2012-10-19 08:19:28 -04:00
Chris PeBenito
2f3035fb3b Module version bump for modutils patch from Dominick Grift. 2012-10-19 08:17:35 -04:00
Dominick Grift
e74b098ca4 Changes to the modutils policy module 
modutils_read_module_config() provides access to list modules_conf_t
directories so that we do not need a seperate
modutils_list_modules_config()

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-19 08:14:32 -04:00
Chris PeBenito
afdb509245 Module version bump for changes from Dominick Grift and Sven Vermeulen. 2012-10-09 11:01:42 -04:00
Dominick Grift
a63f5143ce Changes to the bootloader policy module 
Add bootloader_exec() for kdumpgui

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:26:15 -04:00
Dominick Grift
c667fa4a7d Changes to the userdomain policy module 
Remove evolution and evolution alarm dbus chat from common user template
since callers of the evolution role are now allowed to dbus chat to
evolution and evolution alarm.

Common users need to be able to dbus chat with policykit and consolekit

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:25:29 -04:00
Sven Vermeulen
40c32b7a6a Allow search within postgresql var directory for the stream connect interface 
Domains that are granted postgresql_stream_connect() need to be able to search
through the postgresql_var_run_t directory (in which the socket is located).

Update the interface to use the stream_connect_pattern definition to simplify
the interface and make it more readable.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2012-10-09 10:21:09 -04:00
Dominick Grift
4ea2bc7eba Changes to the sysnetwork policy module 
dhcpc is a dbus_system_domain()

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:18:36 -04:00
Dominick Grift
f3492a3a1e Declare a cslistener port type for phpfpm 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:05:35 -04:00
Dominick Grift
1dc2705388 Restricted Xwindows user domains run windows managers in the windows managers domain 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-09 10:03:34 -04:00
Chris PeBenito
d7f7136953 Module version bump for cachefiles core support. 2012-10-04 08:25:19 -04:00
Chris PeBenito
1391285cf8 Rename cachefiles_dev_t to cachefiles_device_t. 2012-10-04 08:24:57 -04:00
Dominick Grift
298d840e46 Implement files_create_all_files_as() for cachefilesd 
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
 2012-10-04 08:13:18 -04:00