selinux-refpolicy

History

Yi Zhao 6bb56e6158 logwatch: fixes for logwatch * Allow logwatch_t to getsched * Allow logwatch_t to create logwatch_lock_t dirs * Allow logwatch_mail_t to read/write pipe of crond Fixes: avc: denied { getsched } for pid=1012 comm="sort" scontext=system_u:system_r:logwatch_t:s0-s15:c0.c1023 tcontext=system_u:system_r:logwatch_t:s0-s15:c0.c1023 tclass=process permissive=0 avc: denied { write } for pid=269 comm="lockfile-create" name="logcheck" dev="tmpfs" ino=12709 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c1023 tcontext=system_u:object_r:logwatch_lock_t:s0 tclass=dir permissive=0 avc: denied { write } for pid=1470 comm="sendmail" path="pipe:[15133]" dev="pipefs" ino=15133 scontext=system_u:system_r:logwatch_mail_t:s0-s15:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s15:c0.c1023 tclass=fifo_file permissive=0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>		2022-09-18 00:38:25 +08:00
..
flask	flask: add new kernel security classes	2022-03-22 19:05:45 +01:00
modules	logwatch: fixes for logwatch	2022-09-18 00:38:25 +08:00
support
constraints
context_defaults
global_booleans
global_tunables
mcs	mcs: Reorganize file.	2022-06-23 15:29:50 -04:00
mls	mls: Add setsockcreate constraint.	2022-06-23 15:33:34 -04:00
policy_capabilities	policy_capabilities: add ioctl_skip_cloexec	2022-03-22 19:05:45 +01:00
users