Package: refpolicy / 2:2.20110726-12

Metadata

Package Version Patches format
refpolicy 2:2.20110726-12 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Make usage of deprecated interfaces fatal.patch | (download)

policy/modules/admin/certwatch.if | 29 0 + 29 - 0 !
policy/modules/kernel/corecommands.if | 352 0 + 352 - 0 !
policy/modules/kernel/corenetwork.if.in | 149 0 + 149 - 0 !
policy/modules/kernel/devices.if | 58 0 + 58 - 0 !
policy/modules/kernel/filesystem.if | 24 0 + 24 - 0 !
policy/modules/kernel/kernel.if | 42 0 + 42 - 0 !
policy/modules/kernel/kernel.te | 4 2 + 2 - 0 !
policy/modules/kernel/mls.if | 104 0 + 104 - 0 !
policy/modules/kernel/selinux.if | 32 0 + 32 - 0 !
policy/modules/kernel/terminal.if | 243 0 + 243 - 0 !
policy/modules/roles/secadm.te | 2 1 + 1 - 0 !
policy/modules/roles/sysadm.te | 2 1 + 1 - 0 !
policy/modules/services/automount.if | 15 0 + 15 - 0 !
policy/modules/services/bind.if | 14 0 + 14 - 0 !
policy/modules/services/bluetooth.if | 40 0 + 40 - 0 !
policy/modules/services/cups.if | 14 0 + 14 - 0 !
policy/modules/services/dictd.if | 15 0 + 15 - 0 !
policy/modules/services/finger.if | 14 0 + 14 - 0 !
policy/modules/services/ftp.if | 14 0 + 14 - 0 !
policy/modules/services/i18n_input.if | 13 0 + 13 - 0 !
policy/modules/services/inetd.if | 28 0 + 28 - 0 !
policy/modules/services/jabber.if | 14 0 + 14 - 0 !
policy/modules/services/ldap.if | 14 0 + 14 - 0 !
policy/modules/services/mta.if | 14 0 + 14 - 0 !
policy/modules/services/nessus.if | 13 0 + 13 - 0 !
policy/modules/services/nis.if | 28 0 + 28 - 0 !
policy/modules/services/nsd.if | 27 0 + 27 - 0 !
policy/modules/services/perdition.if | 13 0 + 13 - 0 !
policy/modules/services/portmap.if | 42 0 + 42 - 0 !
policy/modules/services/radius.if | 14 0 + 14 - 0 !
policy/modules/services/rpc.if | 28 0 + 28 - 0 !
policy/modules/services/snmp.if | 28 0 + 28 - 0 !
policy/modules/services/soundserver.if | 14 0 + 14 - 0 !
policy/modules/services/squid.if | 14 0 + 14 - 0 !
policy/modules/services/ssh.if | 14 0 + 14 - 0 !
policy/modules/services/xserver.if | 75 0 + 75 - 0 !
policy/modules/system/authlogin.if | 133 0 + 133 - 0 !
policy/modules/system/init.if | 28 0 + 28 - 0 !
policy/modules/system/libraries.if | 64 0 + 64 - 0 !
policy/modules/system/logging.if | 15 0 + 15 - 0 !
policy/modules/system/miscfiles.if | 45 0 + 45 - 0 !
policy/modules/system/mount.if | 26 0 + 26 - 0 !
policy/modules/system/selinuxutil.if | 81 0 + 81 - 0 !
policy/modules/system/setrans.te | 2 1 + 1 - 0 !
policy/modules/system/udev.te | 2 1 + 1 - 0 !
policy/modules/system/unconfined.if | 50 0 + 50 - 0 !
policy/modules/system/userdomain.if | 43 1 + 42 - 0 !
policy/support/loadable_module.spt | 2 1 + 1 - 0 !
policy/support/misc_patterns.spt | 6 0 + 6 - 0 !
policy/support/obj_perm_sets.spt | 46 0 + 46 - 0 !
50 files changed, 8 insertions(+), 2095 deletions(-)

 make usage of deprecated interfaces fatal


0002 disable user based access control.patch | (download)

build.conf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable user-based access control


0003 Make default and root mcs seusers unconfined.patch | (download)

config/appconfig-mcs/seusers | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 make default and root mcs/seusers unconfined


0004 Add additional interfaces and a boolean switch to ac.patch | (download)

policy/modules/system/unconfined.if | 80 80 + 0 - 0 !
policy/modules/system/unconfined.te | 9 9 + 0 - 0 !
2 files changed, 89 insertions(+)

 add additional interfaces and a boolean switch to access unconfined
 homes


0005 Add support for Jabber including adding the epmd_t d.patch | (download)

policy/modules/kernel/corenetwork.te.in | 1 1 + 0 - 0 !
policy/modules/services/epmd.fc | 1 1 + 0 - 0 !
policy/modules/services/epmd.if | 29 29 + 0 - 0 !
policy/modules/services/epmd.te | 52 52 + 0 - 0 !
policy/modules/services/jabber.fc | 3 3 + 0 - 0 !
policy/modules/services/jabber.te | 16 13 + 3 - 0 !
6 files changed, 99 insertions(+), 3 deletions(-)

 add support for jabber, including adding the epmd_t domain for the
 Erlang


0006 Include policy for the iodine IP over DNS tunnel dae.patch | (download)

policy/modules/system/iodine.fc | 1 1 + 0 - 0 !
policy/modules/system/iodine.if | 1 1 + 0 - 0 !
policy/modules/system/iodine.te | 26 26 + 0 - 0 !
3 files changed, 28 insertions(+)

 include policy for the iodine ip over dns tunnel daemon


0007 Added new lda module for email local delivery agents.patch | (download)

policy/modules/services/courier.if | 19 19 + 0 - 0 !
policy/modules/services/lda.fc | 9 9 + 0 - 0 !
policy/modules/services/lda.if | 41 41 + 0 - 0 !
policy/modules/services/lda.te | 162 162 + 0 - 0 !
policy/modules/services/postfix.te | 6 5 + 1 - 0 !
5 files changed, 236 insertions(+), 1 deletion(-)

 added new "lda" module for email local delivery agents such as
 maildrop and procmail


0008 Add pythonsupport policy.patch | (download)

policy/modules/admin/apt.te | 4 4 + 0 - 0 !
policy/modules/roles/sysadm.te | 4 4 + 0 - 0 !
policy/modules/system/pythonsupport.fc | 2 2 + 0 - 0 !
policy/modules/system/pythonsupport.if | 83 83 + 0 - 0 !
policy/modules/system/pythonsupport.te | 41 41 + 0 - 0 !
policy/modules/system/selinuxutil.te | 4 4 + 0 - 0 !
policy/modules/system/userdomain.if | 4 4 + 0 - 0 !
7 files changed, 142 insertions(+)

 add pythonsupport policy


0009 user access to DOS files.patch | (download)

policy/global_tunables | 7 7 + 0 - 0 !
policy/modules/system/userdomain.if | 6 6 + 0 - 0 !
2 files changed, 13 insertions(+)

 user access to dos files

Add a new boolean to grant users access to dosfs_t.

0010 Allow users read access to var lib apt lists.patch | (download)

policy/modules/system/userdomain.if | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 allow users read access to /var/lib/apt/lists


0011 Debian file locations patch from Russell Coker.patch | (download)

policy/modules/kernel/corecommands.fc | 5 5 + 0 - 0 !
policy/modules/kernel/devices.fc | 8 8 + 0 - 0 !
policy/modules/kernel/files.fc | 8 7 + 1 - 0 !
policy/modules/services/xserver.fc | 30 14 + 16 - 0 !
policy/modules/system/init.fc | 5 5 + 0 - 0 !
policy/modules/system/sysnetwork.fc | 8 8 + 0 - 0 !
policy/modules/system/udev.fc | 13 12 + 1 - 0 !
policy/modules/system/unconfined.fc | 6 6 + 0 - 0 !
8 files changed, 65 insertions(+), 18 deletions(-)

 debian file locations patch from russell coker.


droppable/0012 Droppable legacy patch differs from newer upstream o.patch | (download)

policy/modules/kernel/devices.fc | 15 7 + 8 - 0 !
policy/modules/services/dkim.if | 19 19 + 0 - 0 !
policy/modules/services/dkim.te | 6 6 + 0 - 0 !
policy/modules/services/dovecot.fc | 14 11 + 3 - 0 !
policy/modules/services/dovecot.te | 24 23 + 1 - 0 !
policy/modules/services/xserver.fc | 27 13 + 14 - 0 !
policy/modules/system/sysnetwork.fc | 11 4 + 7 - 0 !
policy/modules/system/udev.fc | 14 4 + 10 - 0 !
policy/modules/system/unconfined.fc | 12 3 + 9 - 0 !
9 files changed, 90 insertions(+), 52 deletions(-)

 droppable legacy patch (differs from newer upstream only in
 syntax/whitespace)


0013 Add debian apache paths and apache_script_exec_domai.patch | (download)

policy/modules/apps/awstats.te | 1 1 + 0 - 0 !
policy/modules/services/apache.fc | 7 6 + 1 - 0 !
policy/modules/services/apache.if | 35 33 + 2 - 0 !
policy/modules/services/apache.te | 34 33 + 1 - 0 !
policy/modules/services/apcupsd.te | 1 1 + 0 - 0 !
policy/modules/services/cvs.te | 1 1 + 0 - 0 !
policy/modules/services/git.te | 1 1 + 0 - 0 !
policy/modules/services/munin.te | 1 1 + 0 - 0 !
policy/modules/services/prelude.te | 1 1 + 0 - 0 !
policy/modules/services/squid.te | 1 1 + 0 - 0 !
policy/modules/services/w3c.te | 1 1 + 0 - 0 !
11 files changed, 80 insertions(+), 4 deletions(-)

 add debian apache paths and apache_script_exec_domain()

The patch firstly adds support for some Debian paths to the Apache
policy and has some minor changes to the access granted to user content.

The biggest change is to have a new interface apache_script_exec_domain() for
creating types for Apache content which doesn't need to be optional.  So the
types created by it can be used in a .fc file which will be included even if
apache.pp isn't loaded.  This means that a module which has a script that
Apache might run won't depend on apache.pp.

0014 Debian nagios file locations and additional policy.patch | (download)

policy/modules/admin/sudo.if | 26 26 + 0 - 0 !
policy/modules/kernel/corenetwork.te.in | 3 2 + 1 - 0 !
policy/modules/services/nagios.fc | 9 7 + 2 - 0 !
policy/modules/services/nagios.te | 52 51 + 1 - 0 !
4 files changed, 86 insertions(+), 4 deletions(-)

 debian nagios file locations and additional policy

This addresses distribution specific file locations, allows the nagios mail
plugin to run sudo for the purpose of directly searching postfix spools (more
policy needed for other MTAs), allows nrpe to create tmp files and do all
networking stuff, and to talk to database servers.

0015 Move dev xconsole from xserver policy to logging.pp.patch | (download)

policy/modules/kernel/devices.if | 20 20 + 0 - 0 !
policy/modules/services/xserver.fc | 6 1 + 5 - 0 !
policy/modules/services/xserver.te | 9 2 + 7 - 0 !
policy/modules/system/init.te | 3 3 + 0 - 0 !
policy/modules/system/logging.fc | 1 1 + 0 - 0 !
policy/modules/system/logging.if | 35 35 + 0 - 0 !
policy/modules/system/logging.te | 17 12 + 5 - 0 !
7 files changed, 74 insertions(+), 17 deletions(-)

 move /dev/xconsole from xserver policy to logging.pp

The patch moves the xconsole policy to logging.pp from the xserver
policy.  It's more about logging than the X server and there are a lot of
systems which have syslogd configured to write to /dev/xconsole but that have
no X server installed.

0016 Debian specific changes for init_t.patch | (download)

policy/modules/kernel/filesystem.if | 18 18 + 0 - 0 !
policy/modules/system/init.te | 31 24 + 7 - 0 !
2 files changed, 42 insertions(+), 7 deletions(-)

 debian specific changes for init_t


0017 logrotate.if Add interface to search logrotate runti.patch | (download)

policy/modules/admin/logrotate.if | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 logrotate.if: add interface to search logrotate runtime directories.

Nobody is using this interface so this is for easier local policies only.

0019 gpg. fc if te Fixes so that gpg agent starts up also.patch | (download)

policy/modules/apps/gpg.fc | 1 1 + 0 - 0 !
policy/modules/apps/gpg.if | 46 46 + 0 - 0 !
policy/modules/apps/gpg.te | 7 7 + 0 - 0 !
policy/modules/roles/unprivuser.te | 1 1 + 0 - 0 !
policy/modules/services/ssh.if | 5 5 + 0 - 0 !
policy/modules/services/xserver.if | 18 18 + 0 - 0 !
policy/modules/system/userdomain.fc | 1 1 + 0 - 0 !
7 files changed, 79 insertions(+)

 gpg.{fc,if,te}: fixes so that gpg-agent starts up (also when
 launched by ssh-agent). Add interfaces to access to transition to
 gpg_agent_t. unprivuser.te, ssh.if: Make use of the new interfaces.
 userdomain.fc: Label user's .gnupg


0020 Small fixes for gpg policy Label gpgsm and allow gpg.patch | (download)

policy/modules/apps/gpg.fc | 1 1 + 0 - 0 !
policy/modules/apps/gpg.te | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+)

 small fixes for gpg policy: label gpgsm and allow gpg_pinentry_t to
 read /var/lib.


0021 mozilla. fc if te Add chromium policy.patch | (download)

policy/modules/apps/mozilla.fc | 8 8 + 0 - 0 !
policy/modules/apps/mozilla.if | 14 7 + 7 - 0 !
policy/modules/apps/mozilla.te | 56 56 + 0 - 0 !
3 files changed, 71 insertions(+), 7 deletions(-)

 mozilla.{fc,if,te}: add chromium policy.


0022 mozilla. fc te fixes for debian mozilla iceweasel pa.patch | (download)

policy/modules/apps/mozilla.fc | 4 4 + 0 - 0 !
policy/modules/apps/mozilla.te | 5 4 + 1 - 0 !
2 files changed, 8 insertions(+), 1 deletion(-)

 mozilla.{fc,te}: fixes for debian mozilla/iceweasel packaging and
 fix to use userdom_search_user_home_conent instead of
 userdom_serach_user_home_dirs.


0023 Watchdog policy Allow watchdog_t to also read watchd.patch | (download)

policy/modules/kernel/devices.if | 6 3 + 3 - 0 !
policy/modules/services/watchdog.te | 2 1 + 1 - 0 !
2 files changed, 4 insertions(+), 4 deletions(-)

 watchdog policy: allow watchdog_t to also read watchdog files.


0024 Use filesystem transitions for hugetlbfs_t.patch | (download)

policy/modules/kernel/files.if | 20 20 + 0 - 0 !
policy/modules/kernel/files.te | 8 8 + 0 - 0 !
policy/modules/kernel/filesystem.te | 2 2 + 0 - 0 !
policy/modules/system/userdomain.if | 3 3 + 0 - 0 !
policy/modules/system/userdomain.te | 3 3 + 0 - 0 !
5 files changed, 36 insertions(+)

 use filesystem transitions for hugetlbfs_t


0025 files.if Allow management of symlinks under mnt also.patch | (download)

policy/modules/kernel/files.if | 29 27 + 2 - 0 !
1 file changed, 27 insertions(+), 2 deletions(-)

 files.if: allow management of symlinks under /mnt; also add
 interface files_manage_pid_dirs which is not used in standard
 policy for local system administrator's use


0026 tmpreaper policy Some debian customisations also mak.patch | (download)

policy/modules/admin/tmpreaper.fc | 4 4 + 0 - 0 !
policy/modules/admin/tmpreaper.te | 4 2 + 2 - 0 !
policy/modules/kernel/mcs.if | 20 20 + 0 - 0 !
3 files changed, 26 insertions(+), 2 deletions(-)

 tmpreaper policy: some debian customisations, also make tmpreaper
 policy MCS-aware (add interface in mcs.if for that)


0027 Refinements for MCS policy.patch | (download)

policy/modules/kernel/mcs.if | 50 50 + 0 - 0 !
policy/modules/kernel/mcs.te | 11 11 + 0 - 0 !
policy/modules/kernel/selinux.te | 1 1 + 0 - 0 !
3 files changed, 62 insertions(+)

 refinements for mcs policy


0028 add getattr access to selinux_validate_context.patch | (download)

policy/modules/kernel/selinux.if | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add getattr access to selinux_validate_context


0029 Add storage_var_run_filetrans_fixed_disk interface f.patch | (download)

policy/modules/kernel/storage.if | 18 18 + 0 - 0 !
policy/modules/system/init.te | 3 2 + 1 - 0 !
2 files changed, 20 insertions(+), 1 deletion(-)

 add storage_var_run_filetrans_fixed_disk interface for use in init
 policy


0030 Allow user_t and staff_t consolekit_dbus_chat access.patch | (download)

policy/modules/roles/staff.te | 3 3 + 0 - 0 !
policy/modules/roles/unprivuser.te | 3 3 + 0 - 0 !
2 files changed, 6 insertions(+)

 allow user_t and staff_t consolekit_dbus_chat() access so they can
 determine their session status - necessary to login in KDE
 sometimes.


0031 some changes in cron policy for debian and small fix.patch | (download)

policy/modules/services/cron.fc | 8 8 + 0 - 0 !
policy/modules/services/cron.if | 8 5 + 3 - 0 !
policy/modules/services/cron.te | 5 3 + 2 - 0 !
policy/modules/services/mta.if | 17 17 + 0 - 0 !
4 files changed, 33 insertions(+), 5 deletions(-)

 some changes in cron policy for debian and small fixes: * allow
 crond_t the sys_resource capability to set resource limits for
 children. * Allow crontab_t to create a directory of type
 crontab_tmp_t, necessary to allow crontab -e to work * Allow cron
 jobs to write to crond_tmp_t * Allow system_mail_t (sendmail) to
 get read/write access to crond_tmp_t


0032 Small adaptions of the base dbus policy for debian.patch | (download)

policy/modules/services/dbus.fc | 5 5 + 0 - 0 !
policy/modules/services/dbus.if | 2 2 + 0 - 0 !
2 files changed, 7 insertions(+)

 small adaptions of the base dbus policy for debian.


0033 Small debian fixes for exim policy.patch | (download)

policy/modules/services/exim.te | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 small debian fixes for exim policy


0034 Allow gpm_t self signull and signal access.patch | (download)

policy/modules/services/gpm.te | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 allow gpm_t self signull and signal access.


0035 Correctly label older pm .log logs.patch | (download)

policy/modules/services/hal.fc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 correctly label older pm-*.log* logs


0036 Allow inetd_t setrlimit access.patch | (download)

policy/modules/services/inetd.te | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 allow inetd_t setrlimit access.


0037 Make some parts of the kerberos policy optional.patch | (download)

policy/modules/services/kerberos.if | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 make some parts of the kerberos policy optional.


0038 mysqld policy fixes Allow mysqld_safe_t to send mess.patch | (download)

policy/modules/services/mysql.fc | 2 2 + 0 - 0 !
policy/modules/services/mysql.if | 20 20 + 0 - 0 !
policy/modules/services/mysql.te | 6 5 + 1 - 0 !
policy/modules/system/userdomain.if | 4 4 + 0 - 0 !
4 files changed, 31 insertions(+), 1 deletion(-)

 mysqld policy fixes: * allow mysqld_safe_t to send messages to
 syslogd * Allow mysqld_t to run shell scripts (shell_exec_t and
 bin_t) * Add interface to execute mysqld in its own domain for use
 in userdomain


0039 Allow network manager to run wpa_cli_exec_t programs.patch | (download)

policy/modules/services/networkmanager.te | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 allow network manager to run wpa_cli_exec_t programs.


0040 openvpn policy fixes Label var run openvpn.client as.patch | (download)

policy/modules/services/openvpn.fc | 1 1 + 0 - 0 !
policy/modules/services/openvpn.te | 4 4 + 0 - 0 !
2 files changed, 5 insertions(+)

 openvpn policy fixes: * label /var/run/openvpn.client* as
 openvpn_var_run_t. * allow openvpn_t to access var_lib_t and usr_t
 files for vulnkey.


0041 Policykit debian fixes.patch | (download)

policy/modules/services/policykit.fc | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 policykit debian fixes


0042 Portslave debian fixes.patch | (download)

policy/modules/services/portslave.te | 6 6 + 0 - 0 !
policy/modules/services/ppp.if | 18 18 + 0 - 0 !
2 files changed, 24 insertions(+)

 portslave debian fixes


0043 Made devicekit.pp and ricci.pp not depend on console.patch | (download)

policy/modules/services/devicekit.te | 4 3 + 1 - 0 !
policy/modules/services/ricci.te | 12 9 + 3 - 0 !
2 files changed, 12 insertions(+), 4 deletions(-)

 made devicekit.pp and ricci.pp not depend on consoletype.pp


0044 Debian fixes for xserver policy.patch | (download)

policy/modules/services/xserver.if | 9 5 + 4 - 0 !
policy/modules/services/xserver.te | 1 1 + 0 - 0 !
2 files changed, 6 insertions(+), 4 deletions(-)

 debian fixes for xserver policy


0045 Remaining unsorted changes for debian init.patch | (download)

policy/modules/kernel/files.fc | 2 1 + 1 - 0 !
policy/modules/system/init.fc | 2 2 + 0 - 0 !
policy/modules/system/init.if | 2 2 + 0 - 0 !
policy/modules/system/init.te | 18 16 + 2 - 0 !
policy/modules/system/udev.if | 18 18 + 0 - 0 !
5 files changed, 39 insertions(+), 3 deletions(-)

 remaining unsorted changes for debian init


0046 Add dev_read_urand to several programs.patch | (download)

policy/modules/services/bind.te | 1 1 + 0 - 0 !
policy/modules/services/courier.te | 2 2 + 0 - 0 !
policy/modules/services/mailman.te | 4 3 + 1 - 0 !
policy/modules/services/perdition.te | 2 1 + 1 - 0 !
policy/modules/services/portmap.te | 2 2 + 0 - 0 !
policy/modules/system/clock.te | 1 1 + 0 - 0 !
policy/modules/system/getty.te | 1 1 + 0 - 0 !
policy/modules/system/hostname.te | 2 2 + 0 - 0 !
policy/modules/system/logging.te | 3 3 + 0 - 0 !
policy/modules/system/mount.te | 1 1 + 0 - 0 !
policy/modules/system/selinuxutil.te | 3 3 + 0 - 0 !
11 files changed, 20 insertions(+), 2 deletions(-)

 add dev_read_urand to several programs


0047 Allow several programs to read from the console.patch | (download)

policy/modules/services/portmap.te | 2 2 + 0 - 0 !
policy/modules/system/modutils.te | 1 1 + 0 - 0 !
policy/modules/system/selinuxutil.te | 1 1 + 0 - 0 !
policy/modules/system/sysnetwork.te | 1 1 + 0 - 0 !
4 files changed, 5 insertions(+)

 allow several programs to read from the console


0049 Correctly label rotated logs of apt.patch | (download)

policy/modules/admin/apt.fc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 correctly label rotated logs of apt


0050 Tweaks to the dpkg policy especially for support of .patch | (download)

policy/modules/admin/dpkg.te | 24 19 + 5 - 0 !
1 file changed, 19 insertions(+), 5 deletions(-)

 tweaks to the dpkg policy, especially for support of se_dpkg and
 friends.


0051 Webalizer policy adjustments Labeled awffull as weba.patch | (download)

policy/modules/admin/logrotate.te | 4 4 + 0 - 0 !
policy/modules/apps/webalizer.fc | 1 1 + 0 - 0 !
policy/modules/apps/webalizer.te | 7 2 + 5 - 0 !
3 files changed, 7 insertions(+), 5 deletions(-)

 webalizer policy adjustments: * labeled awffull as webalizer_exec_t
 * Allow webalizer to read usr_t files for geoip database * Allow
 logrotate_t to transition to webalizer_t for web log processing


0052 Logrotate policy adjustments Dontaudit logrotate sea.patch | (download)

policy/modules/admin/logrotate.te | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 logrotate policy adjustments: * dontaudit logrotate search access to
 unconfined_home_dir_t * Allow logrotate access to utmp files


0053 Quota policy adjustments Allow quota_t to load kerne.patch | (download)

policy/modules/admin/quota.te | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 quota policy adjustments: * allow quota_t to load kernel modules


0054 Allow vbetool_t to read inotify directories.patch | (download)

policy/modules/admin/vbetool.te | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 allow vbetool_t to read inotify directories


0055 Gitosis policy adjustments Allow sshd_t to read gito.patch | (download)

policy/modules/apps/gitosis.fc | 4 4 + 0 - 0 !
policy/modules/services/ssh.te | 4 4 + 0 - 0 !
2 files changed, 8 insertions(+)

 gitosis policy adjustments: * allow sshd_t to read gitosis files *
 Made the gitosis label apply to /srv/gitosis


droppable/0056 droppable allow apm to talk to hal via dbus.patch | (download)

policy/modules/services/apm.te | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 droppable: allow apm to talk to hal via dbus


0057 Asterisk policy adjustments.patch | (download)

policy/modules/services/asterisk.te | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 asterisk policy adjustments


0058 Dontaudit bind_t write attempts to for lwresd callin.patch | (download)

policy/modules/services/bind.te | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 dontaudit bind_t write attempts to / for lwresd calling access(".",
 W_OK)


0059 Allow cron to read mysql config and connect to mysql.patch | (download)

policy/modules/services/cron.te | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 allow cron to read mysql config and connect to mysql


0060 debian file locations for dcc policy.patch | (download)

policy/modules/services/dcc.fc | 12 11 + 1 - 0 !
policy/modules/services/dcc.te | 18 18 + 0 - 0 !
2 files changed, 29 insertions(+), 1 deletion(-)

 debian file locations for dcc policy


0061 Debian file locations for devicekit policy.patch | (download)

policy/modules/services/devicekit.fc | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 debian file locations for devicekit policy


0062 Allow mailman to read user_t files.patch | (download)

policy/modules/services/mailman.te | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 allow mailman to read user_t files