1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769
|
* Sun Oct 23 2016 Chris PeBenito <pebenito@ieee.org> - 2.20161023
Adam Tkac (2):
varnishncsa (varnishlog_t) reads localization files
Grant certmonger "chown" capability
Chris PeBenito (42):
Merge branch 'bigon-geoclue'
Add additional comments in geoclue.
Merge branch 'bigon-virt-1'
Merge branch 'nm-1' of git://github.com/bigon/refpolicy-contrib into
bigon-nm-1
Merge branch 'bigon-nm-1'
Module version bump for virt and networkmanager patches from Laurent
Bigonville.
Merge branch 'master' of git://github.com/bigon/refpolicy-contrib
Module version bump for firewalld updates from Laurent Bigonville.
Module version bump for collectd update from Jason Zaman.
Module version bumps for user runtime fixes from Jason Zaman.
Boinc updates from Russell Coker.
rpcbind: Read /sys/devices/system/cpu/online from Russell Coker.
watchdog: Move line.
Module version bump for watchdog pidfile option from Russell Coker.
Systemd units from Russell Coker.
Module version bump for pulseaudio fc fix from Jason Zaman.
cpucontrol: revise cpucontrol_conf_t labeling, from Guido Trentalancia.
Module version bumps for patches from Guido Trentalancia.
Update the telepathy module:
Update the alsa module so that the alsa_etc_t file context (previously
alsa_etc_rw_t) is widened to the whole alsa share directory, instead of
just a couple of files.
alsa: Add compatibility alias for alsa_etc_rw_t.
Update the sysnetwork module to add some permissions needed by the dhcp
client (another separate patch makes changes to the ifconfig part).
Module version bump for various patches from Guido Trentalancia.
pulseaudio: Fix compile errors.
Merge branch 'master' of
https://github.com/SeanPlacchetti/refpolicy-contrib
Module version bump for webalizer dead type removal from Sean Placchetti.
Module version bump for Evolution SSL fix from Guido Trentalancia.
evolution: Read user certs from Guido Trentalancia.
cups: Move can_exec() line.
cups: Module version bump for hplip patch from Guido Trentalancia
pulseaudio: Move interface definitions.
Module version bump for mozilla patch from Guido Trentalancia.
Module version bump for gnome patch from Guido Trentalancia.
Module version bump for evolution patch from Guido Trentalancia.
gpg: Whitespace fix.
Merge branch 'feature/fix-networkmanager-varrun-macro' of
https://github.com/rfkrocktk/refpolicy-contrib
Module version bump for networkmanager fix from Naftuli Tzvi Kay.
Merge branch 'rfkrocktk-feature/syncthing'
Rearrange lines in syncthing.
webalizer: Rearrange a couple lines.
Module version bump for webalizer patch from Russell Coker.
Bump module versions for release.
Dominick Grift (18):
Module version bump for changes to the geoclue module by Laurent
Bigonville.
Module version bump for changes to various modules from Laurent
Bigonville.
geoclue: move kernel interface call to the appropriate position
Actually associate mailmain_domain attribute with mailman domains
Module version bumps for changes to various modules by Nicolas Iooss
Module version bump for changes to the cron module by Jason Zaman
Module version bump for changes to the redis module by Grant Ridder
Module version bump for changes to the raid module by Laurent Bigonville
Module version bump for changes to the networkmanager module by Laurent
Bigonville.
Module version bump for changes to the redis module by Grant Ridder.
Module version bump for changes to the mozilla module by Laurent
Bigonville.
Module version bump for changes to the geoclue module by Nicolas Iooss.
Add hwloc-dump-hwdata SELinux policy
Module version bump for changes to the varnishd module by Robert Moucha
Module version bump for changes to the puppet module by Thomas Mueller
Module version bump for changes to the varnishd module by Adam Tkac
Module version bump for changes to the certmonger module by Adam Tkac
Revert "dbus: allow system, and session bus clients to answer to dbus
unconfined domains"
Grant Ridder (2):
Add read/write perms for redis-sentinel
Allow tcp_connect to redis_port_t for redis_t
Guido Trentalancia (7):
Policykit module: add fs_getattr_xattr_fs()
Update the policy for module apm
Let gpg disable core dumps
Update the rtkit module
Update the pulseaudio module for usability and ORC support
cups: update permissions for HP printers (load firmware)
gpg: public key signature verification in evolution
Guido Trentalancia via refpolicy (3):
evolution: read SSL certificates
mozilla: let mozilla play audio
gnome: add support for the OIL Runtime Compiler (ORC) optimized code
execution
Jason Zaman (10):
cron: Allow locks to be lnk_files
collectd: update policy for 5.5
consolekit: allow managing user runtime
pulseaudio: fcontext and filetrans for runtime
ftp: Add filetrans from user_runtime
gnome: Add filetrans from user_runtime
mplayer: Add filetrans from user_runtime
userhelper: Add filetrans from user_runtime
wm: Add filetrans from user_runtime
pulseaudio: fix user runtime fcontext
Laurent Bigonville (13):
Add initial geoclue 2 module
Properly escape dot in the path to the geoclue daemon
Use auth_use_nsswitch() as we need DNS resolving and access nsswitch.conf
virt.fc: Add some debian contexts
networkmanager.fc: nm-dispatcher.action has been renamed to nm-dispatcher
Allow some domain to read sysctl_vm_overcommit_t
Allow mdadm read efivarfs files
Allow /var/run/firewalld/ directory to transition to firewalld_var_run_t
Add an interface to allow a domain to read firewalld_var_run_t files
Allow firewalld to create firewalld_var_run_t directory.
dontaudit firewalld attempt to relabel its own config files
Allow NM to execute arping
Debian now ships firefox-esr, properly label the executable
Luis Ressel (1):
New policy for tboot utilities
Naftuli Tzvi Kay (2):
Fix NetworkManager Read Pid Files Macro
Syncthing Policy
Nicolas Iooss (3):
Describe _initrc_domtrans interfaces differently from the _domtrans ones
Fix typos in several interfaces
Add Arch Linux path for geoclue module
Robert Moucha (1):
Fix trivial typo in varnishncsa name
Russell Coker (2):
watchdog reads pid files
named reads vm sysctls
Russell Coker via refpolicy (1):
webalizer patch for inclusion
Sean Placchetti (1):
-Remove unused declarations from webalizer type enforcement file
Thomas Mueller (1):
Allow puppet_t transtition to shorewall_t
doverride (3):
Merge pull request #8 from bigon/geoclue
Merge pull request #11 from bigon/overcommit-1
Merge pull request #12 from fishilico/typos
* Tue Dec 08 2015 Chris PeBenito <selinux@tresys.com> - 2.20151208
Alexander Wetzel (1):
add vfio support for libvirt
Chas Williams - CONTRACTOR (1):
afs: update labels, file contexts and allow access to urandom
Chris PeBenito (14):
Module version bump for hadoop_admin() fix from Jazon Zaman.
Module version bump for fc typo in radius from Sven Vermeulen.
Module version bump for patches from Jason Zaman.
Module version bump for init_startstop_service from Jason Zaman.
Module version bump for cron_admin interface from Jason Zaman.
Comment/whitespace fix in virt.te.
Module version bump for vfio support for libvirt from Alexander Wetzel.
Add systemd unit types.
Add systemd socket activations.
Merge branch 'pebenito-master'
Module version bump for systemd additions.
Merge branch 'bigon-systemd'
Module version bump for dbus systemd patch from Laurent Bigonville.
Bump module versions for release.
Dominick Grift (16):
Module version bump for courier fixes from Sven Vermeulen.
Module version bump for afs fixes from Chas Williams.
Redundant rules and afs_files_t is not a filesystem type
Various samhain fixes
Cachefilesd module updates
Module version bump for changes to the dnsmasq policy module by Jason
Zaman
Module version bump for changes to the snmp policy module by Jason Zaman
Module version bump for changes to the pulseaudio policy module by Jason
Zaman
cachefiles: It is cachefilesd_cache_t
Module version bump for update to the networkmanager policy module by
Stephen Smalley.
Module version bumps for "Remove run interface calls from admin
interfaces" changes by Jason Zaman.
Module version bump for changes to the pulseaudio module by Niklas Haas.
Changes to the git, hadoop and rsync modules by Jason Zaman.
Module version bump for changes to the virt module by Jason Zaman
Module version bump for changes to the mozilla module from Laurent
Bigonville.
Module version bump for changes to the wine module by Nicolas Iooss
Jason Zaman (19):
hadoop: remove _role from _admin interface
rpcbind: typo fix
git: make inetd interface optional
rpc: introduce allow_gssd_write_tmp boolean
rpc: allow setgid capability
virt: add virt_tmpfs_t type and permissions
introduce virt_leaseshelper_t
dnsmasq: allow exec shell for scripts
snmp: missing fcontext for snmpd
pulseaudio: filetrans for autospawn.lock
Use init_startstop_service in admin interfaces A-M
Use init_startstop_service in admin interfaces N-Z
Remove _run() interfaces from _admin()
Introduce cron_admin interface
rsync: remove rsync_run from admin interface
git: allow git_system_t to listen on tcp_sockets
hadoop: init_startstop_service() can not take attributes
virt: Allow creating qemu guest agent socket
virt: Add policy for virtlockd the Virtual machine lock manager
Laurent Bigonville (2):
Transition D-Bus system service out of the init_t domain when PID1 is
systemd
Label iceweasel plugin-container executable as mozilla_plugin_exec_t
Nicolas Iooss (1):
wine: remove use of nonexisting interface
Niklas Haas (1):
pulse: don't give pulseaudio_client full access to user_home_t
Stephen Smalley (1):
contrib: networkmanager: allow netlink_generic_socket access
Sven Vermeulen (6):
Locate authdaemon socket and communicate with authdaemon
Allow authdaemon to access selinux fs to check SELinux state
Grant setuid/setgid to courier_pop_t
Execute courier helper script after authentication
Courier IMAP needs to manage the users' maildir
Fix typo for radiusd /var/lib location
doverride (2):
Merge pull request #3 from haasn/pulse-nohome
Merge pull request #6 from bigon/mozilla-1
* Wed Dec 03 2014 Chris PeBenito <selinux@tresys.com> - 2.20141203
Chris PeBenito (26):
Whitespace fix in ntp.fc.
Module version bump for ntp fc entries from Laurent Bigonville.
Whitespace fix in shibboleth.te.
Module version bump for new shibboleth module from Martin Lang.
Module version bump for apt fix from Nicolas Iooss.
Module version bump for dnsmasq MTU fix from Sven Vermeulen.
Module version bump for apache content interfaces from Sven Vermeulen.
Module version bump for gitweb fc entry on Debian and ArchLinux from
Nicolas Iooss.
Module version bump for fc regex fixes from Nicolas Iooss.
Module version bump for various fixes from Laurent Bigonville.
Module version bump for ModemManager fc entry from Laurent Bigonville.
Add missing cron_admin_role() dependency.
Move sock_file filetrans to fcron_crond conditional.
Module version bump for cron and snort updates from Sven Vermeulen.
Module version bump for java icedtea fc entries from Sven Vermeulen.
Module version bump for apache/mlogc patch from Elia Pinto.
Remove name from ntp-kod ntp_drift_t filetrans.
Module version bump for ntp-kod file support from Jason Zaman.
Module version bump for init_daemon_pid_file use from Sven Vermeulen.
Module version bump for alsa and hiawatha fixes from Sven Vermeulen.
Module version bump for ftp and tftp fixes from Nicolas Iooss.
Move irc exec lines.
Module version bump for irc re-exec itself patch from Luis Ressel.
Module version bump for NetworkManager fc fix for ArchLinux from Nicolas
Iooss.
Module version bump for _admin fixes from Jason Zaman.
Bump module versions for release.
Dominick Grift (3):
Module version bump for changes to the loadkeys module by Nicolas Iooss
cron: that boolean identifier does not exist also require it
Module version bump for changes to the networkmanager modules by Lubomir
Rintel
Elia Pinto (1):
apache.te: Add labelling support for /var/log/mlogc
Jason Zaman (20):
Add filetrans for ntp-kod file
ccs: syntax errors in ccs_admin interface
condor: syntax error in condor_admin
distcc: syntax error in distcc_admin
ftp: syntax error in ftp_admin
kerberos: syntax error in kerberos_admin
kismet: syntax error in kismet_admin
nut: syntax error in nut_admin
prelude: syntax error in prelude_admin
psad: syntax error in psad_admin
quota: syntax error in quota_admin
rpcbind: syntax error in rpcbind_admin
rpm: syntax error in rpm_admin
systemtap: syntax error in stapserver_admin
svnserve: syntax error in svnserve_admin
uptime: syntax error in uptime_admin
zabbix: syntax error in zabbix_admin
remove pyzor_role() from pyzor_admin()
remove spamassassin_role() from spamassassin_admin()
rsync: syntax error in rsync_admin
Laurent Bigonville (7):
Add several fcontext for debian specific paths for ntp
Fix dbus_all_session_domain(), session_bus_type is an attribute
Allow gconfd to be started by the session bus
Fix the usage of dbus_spec_session_domain() interface
Properly label exim4 initscript under Debian
Add new gnome_spec_domtrans_all_gkeyringd() interface
Label /usr/sbin/ModemManager as modemmanager_exec_t
Lubomir Rintel (1):
Allow NetworkManager to create Bluetooth SDP sockets
Luis Ressel (1):
irc.te: Allow irssi to re-execute itself
Martin Lang (1):
Add a policy module for shibboleth authentication
Nicolas Iooss (7):
apt: remove non-existing permission set write_dir_perms
Label /usr/share/gitweb/static as httpd_git_content_t
Fix strange file patterns
ftp: fix labels in /var/lock/subsys/
Label /usr/bin/tftpd as tftpd_exec_t
Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/
Allow loadkeys to read usr_t files
Sven Vermeulen (17):
dnsmasq reads MTU sysctl
Support read/append/manage functions for various httpd content
Snort policy updates
fcron socket support
Fix typo in dnsmasq.if
Mark icedtea binaries as java_exec_t
Use init_daemon_pid_file for contrib modules
Enable asound.state.lock support
Add support for Hiawatha web server
Use logging_search_logs, not logging_search_log
Use logging_search_logs, not logging_search_log
Use files_search_etc, not logging_search_etc
Use files_search_etc, not logging_search_etc
Use files_search_etc, not files_search_config
Use corecmd_search_bin, not corecmd_searh_bin
Use fs_search_tmpfs, not files_search_tmpfs
Use domain_auto_trans, not auto_trans
* Tue Mar 11 2014 Chris PeBenito <selinux@tresys.com> - 2.20140311
Chris PeBenito (17):
Minor rearrangement of minidlna lines.
Module version bump for openvpn tmp files from Sven Vermeulen.
Update modules for file_t merge into unlabeled_t.
Module version bump for postfix showq fc from Laurent Bigonville.
Rename gpg_agent_connect to gpg_stream_connect_agent.
Module version bump for gpg agent interface from Luis Ressel.
Whitespace fixes in git.fc.
Module version bump for debian git fc entries from Laurent Bigonville.
Move bin_t fc to corecommands.
Move exec/transition lines in couchdb.
Add comment about couchdb_js policy.
Module version bump for couchdb updates from Luis Ressel.
Module version bump for pcscd fix from Luis Ressel.
Move screen dontaudit rule.
Module version bump for screen fix from Luis Ressel.
Module version bump for git fc fix from Nicolas Iooss.
Bump module versions for release.
Dan Walsh (28):
Allow irc_t to use tcp sockets
Add labels for apache logs under miq package
Allow smbcontrol to create content in /var/lib/samba
Allow ktalkd to bind to the ktalkd_port
Allow memcache to read sysfs data
Allow mdadm to getattr any file system
Allow cupsd_lpd_t to bind to the printer port
Allow rlogind to bind to the rlogin_port
Allow cvs to bind to the cvs_port
svirt domains neeed to create kobject_uevint_sockets
Lots of new access required for sosreport
Allow tgtd_t to connect to isns ports
openct needs to be able to create netlink_object_uevent_sockets
Allow glusterd to create sock_file in /run
Add support for tmp directories to openvswitch
Allow virt_domain with USB devices to look at dos file systems
Additional access for MLS
Additional access for MLS window manager
Additional access for MLS window manager
Additional access for MLS window manager
Allow rpcbind to use nsswitch
Allow gpg_agent to use ssh-add
Add apache labeling for glpi
Allow pegasus to transition to dmidecode
Allow mcelog to use the /dev/cpu device
Allow apmd to request the kernel load modules
Allow postfix programs to getattr on all executables
label mate-keyring-daemon with gkeyringd_exec_t
Dominick Grift (126):
Typo fix in ksmtuned_admin() by Shintaro Fujiwara
Fix monolithic built
Change file context spec for aide log files to catch suffixes
Module version bumps for changes in various policy modules by Sven
Vermeulen
Squid: Use a single pattern for brevity
Irc was already allowed to create tcp sockets, it only needed an
additional accept, and listen to be able to act as a proxy
Its probably a better idea to use the httpd_sys_ra_content_t type sid
for logs in these locations
Module version bump for changes to the tcsd policy module by Lukas
Vrabec
Module version bump for changes to various policy modules by Miroslav
Grepl
Module version bump for changes to the samba policy module by Dan Walsh
Module version bump for changes to the telepathy policy module by
Miroslav Grepl
We do not have a boinc domain type attribute Change boolean
description a bit
Additional rabbitmq couchdb support
Module version bumps for changes to various policy modules by Miroslav
Grepl
Additional git tcp networking rules
Additional ktalkd udp networking rules
Module version bump for changes to various policy modules by Dan Walsh
Addtional cups ldp tcp networking rules
Should be server packets because it is binding, and not connecting
Clean up telnet, and rlogin networking rules
Additional cvs tcp networking rules
Module version bump for changes to various policy modules by Dan Walsh
Addtional tgtd tcp networking rules
Additional polipo tcp networking rules
Fix asterisk files_spool_filetrans()
Module version bump for changes to the networkmanager policy module by
Lukas Vrabec
Additional fs_tmpfs_filetrans() for munin service plugin content on
tmpfs
Module version bump for changes to various policy modules by Miroslav
Grepl
Support rlogind, and telnetd as init daemon domains ( i think fedora is
campaigning to get rid of (x)?inetd )
Support mariadb logging, file context specification for mariadb specific
config location
Change logwatch boolean identifier to something more self-documenting.
Additional tcp networking rules
Module version bump for changes to various policy modules by Miroslav
Grepl
Fix inconsistencies in the pkcs policy module
Fix fetchmail inconsistencies
Module version bump for changes in various policy modules by Dan Walsh
Support for window managers to stream socket connect to pulseaudio
Logwatch does not need to be able to bind tcp sockets to generic nodes
since its only connecting
Adds userhelper_exec_consolehelper for window managers
Remove duplicate rules due to addition of auth_use_nsswitch()
We dont use the arbt domain types template. Use a more uniform boolean
discription
Clean up libstoragemngmt policy module We do not yet support systemd
Change type from etc_rw to conf for readability admin access to
condor_conf_t
Hit by a nasty optional policy nesting issue
We will find another way to run pa as a system server
Module version bump for changes to various policy modules by Miroslav
Grepl
Clean up hypervkvp policy module (seems incomplete)
Clean up initial redis policy module
Additional openvpn tcp networking rules
redis: allow redis to bind tcp sockets to redis_port_t type ports
bluetooth: bluetooth_t acquires org.bluez service on dbus system bus
wm: associate wm_exec_t to core command executable files so that initrc_t
(/sbin/start-stop-daemon) can access it (metacity)
logrotate restarts syslogd via init script in Debian
This file is called just man-db in Debian.
exim: exim owns directory /var/lib/exim4
accountsd: accounts-daemon lists /var/log
alsa: alsactl listing /dev/shm alsa: alsactl reading /dev/urandom alsa:
alsactl getting attributes of devtmpfs / (/dev) alsa: alsactl maintains
a pulseaudio tmpfs file
Cron: /sbin/runlevel reads /run/utmp cron: anacron (system_cronjob_t)
reading, writing inherited random crond tmp files (/tmp/tmpfk1VT2O)
dbus: allow system, and session bus clients to answer to dbus unconfined
domains
apt: Run apt system cronjobs in the apt_t domain apt: apt system cronjob
creates dpkg.status.* files in /var/backup
devicekit: upowerd reads own unix stream socket devicekit:
devicekit_power_t (runlevel) read /run/utmp
mandb: Make the man-db cronjob work on Debian
rtkit: traverse /proc to get to process state files
networkmanager: NetworkManager reads /run/udev/data/n2 file
avahi: create a avahi_initrc_domtrans for udev_t: udev runs a avahi dns
check script which does, i guess, a dns check. If needed it starts, or
stops avahi via its init script. I also created a
avahi_manage_pid_files() for udev_t because the script manages a file
called "checked_nameservers.*" in /run/avahi-daemon
Cleanups of various modules with regard to regular expressions and white
space
apt: As it turns out the /var/backups directory is labeled in the backup
module (which i incidentally did not have installed earlier). Instead
of creating this file with a file type transition to
apt_var_cache_t, allow apt_t to manage backup_store files
mta: this needs to be verified again, it should just have been running
in exim_t. I might have taken this from old logs
mandb: /etc/cron.daily/man-db executes dpkg, reads dpkg db on Debian
slocate: catch /usr/bin/updatedb.mlocate, and /etc/cron.daily/mlocate on
Debian
dpkg: catch /etc/cron.daily/dpkg on Debian dpkg: allow
/etc/cron.daily/dpkg to manage backup store files on Debian
cron: consistent usage of regular expressions cron: prelink no longer
runs in the system cronjob domain
alsa: alsactl wants to associate pulse-shm-.* to device_t type
filesystems. This happens early on but i do not understand how that
(/dev) relates to /dev/shm in this regard
devicekit: reads udev pid files modemmanager: reads udev pid files
vdagent: spice-vdagentd uses /dev/vport1p1 virtio console
tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes
/dev/pts/0 inherited from init script
revert regular expressions
wm: allow $1_wm_t to stream connect to $1_gkeyringd_t
mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and
to read exim var lib files.
mta: These are duplicates because system_mail_t is a user_mail_domain,
as it is based off of the mta_base_mail_template() which assigns that
type attribute
locate: extra rules needed by debian /etc/cron.daily/locate script
backup: in Debian /etc/cron.daily/passwd backs-up shadow, passwd etc to
/var/backups
avahi: create interfaces that will allow calles to create avahi pid dirs
and create specifc avahi pid objects with a type transition (for
udev, which runs: /usr/lib/avahi/avahi-daemon-check-dns.sh in
Debian
Initial gdomap policy module
Initial minissdpd policy module
alsa: due to a bug in gnome 3.4, in debian, alsactl does all kinds of
weird things related to pulseaudio
various: revert regex fixes: fcsort does not want this now
gdomap: gdomap_port_t is now available, gdomap binds tcp, and udp socket
to it
alsa: make alsa_t and pulseaudio_client so that pulseaudio_client rules
apply to it. alsactl does not actually run pulseaudio it seems though.
pulseaudio: allow all pulseaudio_client to send null signals to
unconfined_t, since unconfined_t is not actually a pulseaudio_client (
unconfined_t runs pulseaudio without a domain transition)
avahi: create avahi_setattr_pid_dirs() for udev (avahi dns check script
run by udev in Debian)
These { read write } tty_device_t chr files on boot up in Debian
colord: colord executable file locations in Debian
colord: reads /proc/1, reads /run/udev files
vdagent: read/write mtrr file
mandb: dpkg running in the mandb_t domain in Debian (mandb cronjob)
traverses /root
exim: traverses sysfs, uses system cronjob file descriptors (/dev/null) in
Debian (/etc/cron.daily/exim)
minissdpd fixes
devicekit: disk reads /proc/sys/vm/overcommit_memory
devicekit: edit devicekit_append_inherited_log_files to include get
attribute permission so that it can be also used for fsadm
devicekit: 95hdparm-apm (devicekit_power_t) gets attributes of /dev/sda
(fixed_disk_device_t)
networkmanager: added interfaces that fedora calls for dhcpc. In Debian it
was confirmed that at least dhclient manages
/var/lib/NetworkManager/dhclient-eth0.conf
firewalld: various fixes that i borrowed from Fedora but that also apply
to Debian (confirmed)
firewalld: interfaces created for iptables
irqbalance: getsched from Debian
colord: colord reads /proc/3412/cmdline (cupsd state files)
virt: libvirtd reads /run/udev/data/+input:input3
firewalld: traverses / on sysfs
rngd: needs ipc_lock capability, maintains /run/rngd.pid
tmpreaper: mountall-bootcl executes /bin/plymouth on Debian
minissdpd: deal with assertion violation (sys_module)
gdomap: missing networking rules, it traverses /tmp for some reason
ntp: create ntp_read_drift_files() for dhclient
dpkg: allow dpkg, and dpkg script to domain transition to initrc_t on any
init script file type rather than only the generic initrc_exec_t init
script file type
exim: exim4 reads online
apt: apt runs /usr/bin/apt-get apt: on_ac_power (apt_t) lists
/sys/class/power_supply
exim: exim_manage_var_lib_files created for init: init script runs helper
apps that create/manage /var/lib/exim4/config.autogenerated.tmp
gdomap/minissdpd: create read_config interfaces for initrc_t
exim: make exim init script create /var/run/exim4 with a proper context
pulseaudio: pulsaudio_t needs to be able to read user_tmpfs_files
(/run/shm/pulse-shm-.*)
dnsmasq: add support for /etc/dnsmasq.d/
Module version bumps for various policy modules
Module version bump for changes to the logrotate module by Luis Ressel
Git: git daemons can list and read git personal repositories
Module version bumps for changes to various policy modules by Fedora
redis, lsm: typo fixes
userhelper: append newline
James Carter (8):
- Fixed typo in contrib/avahi.if
- Fixed typo in contrib/glusterfs.te
- Fixed typo in contrib/jabber.if
- Fixed typo in contrib/keystone.if
- Fixed typo in contrib/mailscanner.if
- Fixed typo in contrib/qpid.if
- Fixed typo in contrib/readahead.fc.
- Fixed typo in contrib/rpm.if.
Laurent Bigonville (2):
Label /usr/lib/postfix/showq as postfix_showq_exec_t
Properly label git-daemon and gitweb.cgi on Debian
Luis Ressel (10):
Allow initrc_t to create /var/run/opendkim
Label /etc/cron.daily/logrotate correctly.
gpg: Create gpg_agent_connect interface
Minor updates to couchdb policy
couchdb: Add separate domain for couchjs
couchdb: Dontaudit denials caused by Erlang's disksup
Reformat couchdb.fc
pcscd.if: Permit access to pid files inside /var/run/pcscd/.
Allow gpg-agent's scdaemon to connect to pcscd.
Dontaudit screen asking for the sys_tty_config capability
Lukas Vrabec (8):
Allow tcsd to read utmp file
fix boinc policy
Add support for couchdb in rabbitmq policy
Fix transition rules in asterisk policy
Add fowner capability to networkmanager policy
Add policy for lsmd
Add policy for hypervkvpd
Add policy for redis-server
Mika Pflüger (1):
Correct typo in passenger module name
Miroslav Grepl (40):
Allow passenger to execute ifconfig
Allow mpd setcap which is needed by pulseaudio
Allow block_suspend cap for samba-net
Allow t-mission-control to manage gabble cache files
Allow nslcd to read /sys/devices/system/cpu
Add labeling for ~/.cache/telepathy/avatars/gabble
Allow firewalld to read NM state
Allow systemd running as git_systemd to bind git port
Fix labeling for fetchmail pid files/dirs
Fix polipo.te
Fix cupsd.te
Allow munin service plugins to manage own tmpfs files/dirs
Make ktalk as init domain
Allow mysqld_safe_t to handle also symlinks in /var/log/mariadb
Add logwatch_can_sendmail boolean
Allow rhsmcertd to read init state
Allow fsetid for pkcsslotd
Allow fetchmail to create own pid with correct labeling
Fix rhcs_domain_template()
Add support for abrt-upload-watch
Allow virtd to relabel unix stream socket
Fix lsm.fc for pid files
Also sock_file trans rule is needed in lsm
Update condor_master rules to allow read system state info and allow
logging
Add labeling for /etc/condor and allow condor domain to write it (bug)
Allow condor domains to manage own logs
Allow glusterd to read domains state
Add openvpn_can_network_connect() boolean
Fix minissdpd_admin()
Allow ctdb to getattr on al filesystems
Watchdog opens the raw socket
Allow watchdog to read network state info
Add setroubleshoot_signull() interface
Allow sosreport to send signull to setroubleshootd
Allow sosreport all signal perms
Allow sosreport to dbus chat with rpm
Allow zabbix_agentd to read all domain state
Allow smoltclient to execute ldconfig
Allow sosreport to request the kernel to load a module
Allow setpgid for sosreport
Nicolas Iooss (1):
git: fix file pattern after whitespace fixes
Sven Vermeulen (6):
Add minidlna policy
Allow openvpn temporary files
Add aide bin /usr/bin and mark /var/lib/aide
Provide alsa_write_lib interface
Run dmidecode after newrole or on terminals
Grant write privileges to squid on its log files
* Wed Apr 24 2013 Chris PeBenito <selinux@tresys.com> - 2.20130424
Chris PeBenito (18):
Rewrite of mcelog module from Guido Trentalancia
Remove unnecessary lines in mcelog.te.
Slight rearrangement in mcelog.te.
Module version bump for mcelog update from Guido Trentalancia.
Module version bump for ntp module fixes from Dominick Grift.
Module version bump for fc substitutions optimizations from Sven
Vermeulen.
Module version bump for postfix/mta misc fixes from Sven Vermeulen.
Module version bump for init_daemon_run_dirs usage from Sven Vermeulen.
Turn off all tunables by default, from Guido Trentalancia.
Module version bump for tunable default change.
Module version bump for saslauthd tcp mysql connections from Mika Flueger.
Move kernel request line in quota.
Module version bump for quota kernel module request from Mika Pflueger.
Module version bump for djbdns ports fixes from Russell Coker.
Remove stray + in keystone.te.
Whitespace fixes in cron.fc.
Module version bump for pulseaudio type_transition conflict fix from Sven
Vermeulen.
Bump module versions for release.
Dominick Grift (889):
Initial BIRD Internet Routing Daemon policy
oident daemon fixes
Introduce ntp_conf_t
Allow ntp_admin() to manage ntp_drift_t content.
List etc_t directories
Use "Role allowed access." for consistency
Use permissions sets for compatibility.
Remove getattr permision from ntp_admin()
Initial Sensord policy module
Various block_suspend capability2 support from Fedora
Gitolite3 support from Fedora
/var/lib/sqlgrey is greylist milter data from Fedora
Terminal related fixes for plymouthd from Fedora Support block_suspend
capability2 for plymouth
Support minimal polkit in new location
Support ldap for user authentication from Fedora
Sanlock sends kill signals to non-root processes from Fedora Various
other capabilities for sanlock from Fedora
Initial support for sqlgrey from Fedora
Tor reads network sysctls from Fedora
GPG agent reads /dev/random from Fedora
Freshclam reads system and network state from Fedora
Execute wpa_cli in the NetworkManager_t domain for wicd from Fedora
lpstat.cups reads fips_enabled from Fedora
Initial system tap compile server policy module
Systemtap server admin manages stapserver_var_lib_t content
Telepathy Idle reads gschemas.compiled from Fedora
Initial slpd policy module
Initial lightsquid policy module
Initial wdmd policy module
Initial mailscanner policy module and some depencies.
Support slpd log rotation
Initial numad policy module
Open log files for append only
CGClear reads CGConfig files from Fedora Cosmetic changes to cgroup
policy module File contexts of cgroup app executables files in
/sbin also apply to /usr/sbin Make cgroup_admin() a bit more
compact
Initial svnserve policy module
Various small changes to ucspitcp
Initial fcoe policy module
Initial lldpad policy module
fcoemon sends to lldpad with a dgram socket
Initial quantum policy module
Initial dspam policy module
Module version bump for Telepathy file context spec fixes from Laurent
Bigonville.
Initial isns policy module
Various changes to tcs policy module
Initial ctdb policy module
Various changes to the sblim policy module and its dependencies
Initial polipo policy module
Module version bump for networkmanager fixes
Fixes to the polipo policy module
Module version bump for smartmon fixes from Laurent Bigonville.
Module version bump for accountsd file context spec fix from Laurent
Bigonville.
Various changes to the raid module
Module version bump for rtkit file context spec fix from Laurent
Bigonville
Initial couchdb policy module
Changes to the bind policy module
Initial dnssectrigger policy module
Initial man2html policy module
Initial openhpi policy module
Bind sends/receives http server instead of client packets conditionally
Two file context regular expression fixes by Eric Paris
Type mdadm_t is no longer a unconfined type
Initial pkcs policy module
Initial cfengine policy module
Initial keystone policy module
Initial l2tp policy module
Initial mongodb policy module
cfengine whitespace cleanup
Changes to the accountsservice policy module
Changes to the acct policy module
Changes to the ada policy module
changes to the afs policy module
Changes to the accountsservice policy module
Changes to the aiccu policy module
Changes to the aide policy module
Syntax error in afs_admin()
Changes to the aisexec policy module
Changes to the alsa policy module
Changes to the amanda policy module
Changes to the amavisd policy module and relevant dependencies
Changes to the amtu policy module
Changes to the anaconda policy module
Changes to the abrt policy module and relevant dependencies
numad sends/receives msgs from Fedora
Amtu executable file in installed in /usr/sbin in Fedora
The (usr/)? expression does not work consistently so better not use it
at all
Changes to the httpd policy module
Merge branch 'master' of
ssh://dgrift@oss.tresys.com/home/git/refpolicy-contrib
Fixes to the apache policy module and dependencies
Changes to the apcupsd policy module
Role attributes for lightsquid application domain
Changes to the mailscanner module
Changes to the svnserve policy module
Changes to the quantum policy module
Changes to the dspam module
Changes to the ctdb policy module
Changes to the couchdb policy module
Changes to the openhpid policy module
Changes to the keystone policy module
Changes to the l2tp policy module
Changes to the apm module and relevant dependencies
Changes to the arpwatch policy module
Changes to the apcupsd policy module
Changes to the abrt policy module
Changes to the apache policy module
Changes to the asterisk policy module and dependencies
Changes to the authbind policy module
Changes to the automount policy module
Change acpid lock file context spec
Changes to the avahi policy module and dependencies
Changes to the awstats policy module
Changes to the bacula policy module
Changes to the bcfg2 policy module
Changes to the apt policy module
Changes to the apache policy module
Changes to the backup module
Changes to the bind policy module
Bird module clean up
Fix arpwatch connected_stream_socket_perms
Changes to the bitlbee policy module
Changes to the blueman policy module
Changes to the bluetooth policy module
Changes to the brctl policy module
Changes to the apache policy module
Changes to the bugzilla policy module
Changes to the calamaris policy module
Implement lightsquid_admin()
Changes to the apache policy module and dependencies
Initial boinc policy module
Initial callweaver policy module
Changes to the canna policy module
Changes to the ccs policy module
Changes to the cdrecord policy module
Changes to the certmaster policy module and various role attribute fixes
cdrecord needs to read and write callers unix domain stream socket not
create it
Changes to the certmonger policy module and its dependencies
Initial cachefilesd policy module
Changes to the certwatch policy module
Changes to the chronyd policy module
Changes to the cipe policy module
Changes to the clamav policy module
Various network clean up
Add dev_rw_cachefiles() to cachefilesd policy module
Changes to the clockspeed policy module
Changes to the clogd policy module
Changes to the cmirrord policy module
Changes to the cobbler policy module
Changes to the colord policy module
Changes to the comsat policy module
Initial collectd policy module
Initial condor policy module and relevant dependencies
Changes to the consolekit policy module and relevant dependencies
Changes to the corosync policy module and relevant dependencies
Clean up couchdb network rules
Changes to the courier policy module
Changes to the cpucontrol policy module
Changes to the cpufreqselector policy module
Changes to the cron policy module and relevant dependencies
Changes to the cups policy module and relevant dependencies
Changes to the cvs policy module
Remove redundant connect avperms
Changes to the cyphesis policy module
Remove redundant rules from apache_admin()
Changes to the cyrus policy module
Changes to the daemontools policy module
Changes to the dante policy module
Modify dbadm boolean descriptions
Changes to the dbus policy module and its dependencies
Changes to the dcc policy module
Changes to the ddclient policy module
Changes to the ddcprobe policy module
Changes to the denyhosts policy module
Changes to the devicekit policy module and relevant dependencies
Changes to the dhcpd policy module
Changes tothe dictd policy module
Changes to the discc policy module
Changes to the djbdns policy module
Changes to the dkim policy module
Changes to the dmidecode policy module
Module bump for Laurent Bigonville trousers init script file context
specification fix
Module bump for Laurent Bigonville libvirt init script file context
specification fix
Changes to the dnsmasq policy module and relevant dependencies
Changes to the dovecot policy module
Changes to the dpkg policy module
Changes to the entropyd policy module
Changes to the evolution policy module
Changes to the exim policy module and relevant dependencies
Changes to the cron policy module
Changes to the fail2ban policy module
fcoemon XML clean up
Changes to the fetchmail policy module
Changes to the fingerd policy module
Initial firewalld policy module
Changes to the firstboot policy module
Changes to the fprint policy module and relevant dependencies
Changes to the ftp module
Changes to the games policy module
Clean up evolution and cdrecord XML
Changes to the gatekeeper policy module
Changes to the gift policy module
Changes to the git policy module
Changes to the gitosis policy module
Changes to the glance policy module
Initial glusterfs policy module
Add gatekeeper newline
Deprecate glusterd_admin() use glusterfs_admin() instead
Portage module version bump for autofs support by Matthew Thode and
clean up
cfengine: This location is now labeled with a cfengine private type
Changes to the slpd policy module
Changes to the gnomeclock policy module and relevant dependencies
Changes to the gpg policy module
Changes to the gpm policy module
Changes to the gpsd policy module and relevant dependencies
changes to the guest policy module
Changes to the gnomeclock policy module
Deprecate various DBUS interfaces and relevant dependencies
Changes to the cachefilesd policy module
Remove file context specification for kgpg which is a GUI frontend to
GPG. Domain transition to gpg_t will happen when kgpg runs gpg.
(rhbz#862229)
Initial mandb policy module
Changes to the hadoop policy module
Changes to the hald policy module
Changes to the hddtemp policy module
Changes to the howl policy module
changes to the mandb policy module
Changes to the dbus policy module
Changes to the rpm policy module
Changes to the i18n_input policy module
Changes to the icecast policy module
Changes to the ifplugd policy module
Changes to the imaze policy module
Changes to the inetd policy module and relevant dependencies
Changes to the innd policy module
Changes to the irc policy module
Changes to the ircd policy module
Changes to the irc policy module
Changes to the dbus policy module
Changes to the avahi policy module
Changes to the bluetooth policy module
Changes to the aiccu policy module
Changes to the bacula policy module
Changes to the boinc policy module
Changes to the bugzilla policy module
Changes to the ccs policy module
Changes to the clamav policy module
Changes to the cobbler policy module
Changes to the cyphesis policy module
Changes to the dante policy module
Changes to the dbskk policy module
Changes to the ddclient policy module
Changes to the denyhosts policy module
Changes to the dnssectrigger policy module
Changes to the dovecot policy module
Changes to the drbd policy module
Changes to the evolution policy module
Changes to the fail2ban policy module
Changes to the firewalld policy module
Changes to the firstboot policy module
Changes to the games policy module
Changes to the gift policy module
Changes to the glance policy module
Changes to the hald policy module
Changes to the dbus policy module
Changes to the git policy module
Changes to the polipo policy module
Changes to the firewalld policy module
Changes to the gpg policy module
Tab clean up in ircbalance file context file
Changes to the irqbalance policy module
Tab clean up in iscsi file context file
Changes to the iscsi policy module
Tab clean up in jabber file context file
Changes to the jabberd policy module
Changes to the pyicqt policy module
Tab clean up in java file context file
Changes to the java policy module
Changes to the dbus policy module
Changes to the gnome policy module
Changes to the apache policy module
Changes to the accountsd policy module
Changes to the alsa policy module
Changes to the evolution policy module
Changes to the bluetooth policy module
Changes to the games policy module
Changes to the gift policy module
Changes to the gpg policy module
Changes to the hadoop policy module
Tab clean up in kdump file context file
Changes to the kdump policy module
Changes to the gpg policy module
Changes to the dbus policy module
Changes to the evolution policy module
Changes to the gpm policy module
Version bump for evolution file context fixes by Laurent Bigonville
Version bump for nut file context fixes by Laurent Bigonville
Changes to the kdumpgui policy module
Tab clean up in kerberos file context file
Changes to the kerberos policy module and relevant dependencies
Changes to the kerneloops policy module
Tab clean up in kerberos file context file
Changes to the kismet policy module
Clean up amavis XML header
Initial keyboardd policy module
Tab clean up in ksmtuned file context file
Changes to the ksmtuned policy module
Tab clean up in ktalk file context file
Changes to the ktalk policy module
Changes to the kudzu policy module
Initial iodine policy module
Initial dirmngr policy module
Changes to the iodine policy module
Changes to the kerberos policy module
Changes to the kdumpgui policy module
Update deprecated interface calls ( gnome_read_config ->
gnome_read_generic_home_content )
Changes to the mozilla policy module
Changes to the thunderbird policy module
Changes to the l2tp policy module
Tab clean up in ldap file context file
Changes to the ldap policy module
Tab clean up in likewise file context file
Changes to the likewise policy module
Tab clean up in lircd file context file
Changes to the lircd policy module
Changes to the livecd policy module
Tab clean up in loadkeys file context file
Changes to the loadkeys policy module and relevant dependencies
Tab clean up in lockdev file context file
Changes to the lockdev policy module
Tab clean up in logrotate file context file
Changes to the logrotate policy module and relevant dependencies
Tab clean up in logwatch file context file
Changes to the logrotate policy module
Changes to the logwatch policy module
Tab clean up in lpd file context file
Changes to the lpd policy module
Tab clean up in cron policy module
Changes to the lpd policy module
Changes to the consolekit policy module
Tab fix in cron policy module
Tab clean up in mailman file context file
Changes to the mailman policy module and relevant dependencies
Tab clean up in mcelog file context file
Changes to the mcelog policy module
Tab clean up in mediawiki file context file
Mediawiki XML clean up
Tab clean up in memcached file context file
Changes to the memcached policy module
Changes to the apache policy module
Tab clean up in milter file context file
Changes to the milter policy module and relevant dependencies
Changes to the modemmanager policy module
Tab clean up in mojomojo file context file
Changes to the mojomojo policy module and relevant dependencies
Changes to the gpg policy module
Changes to the mongodb policy module
Changes to the mono policy module
Changes to the monop policy module
Tab clean up in mozilla file context file
Changes to the mozilla policy module and relevant dependencies
Changes to the mozilla policy module
Changes to the apache policy module
Tab clean up in mpd file context file
Changes to the mpd policy module
Tab clean up in mplayer file context file
Changes to the evolution policy module
Changes to the mplayer policy module
Changes to the irc policy module
Tab clean up in mrtg file context file
Changes to the mrtg policy module
Tab clean up in mta file context file
Changes to the mta policy module and relevant dependencies
Changes to the mta policy module and relevant dependencies
Get rid of mozilla_conf_t as it is unused
Changes to the logrotate policy module
Changes to the logwatch policy module
Changes to the java policy module
Changes to the apache module and relevant dependencies
Tab clean up in munin file context file
Changes to the munin policy module and relevant dependencies
Tab clean up in mysql file context file
Changes to mysqld policy module
Changes to various policy modules
Changes to the munin policy module
Changes to the dovecot policy module
Changes to various policy modules
Changes to the mta policy module
Changes to the certmonger policy module and relavant dependencies
Tab clean up in nagios file context file
Changes to the nagios policy module and relevant dependencies
Changes to the modutils policy module
Tab cleanup in the nessus file context file
Changes to the nessus policy module
Tab clean up in the network manager file context file
Changes to the networkmanager policy module and relevant dependencies
Changes to the mozilla policy module
Changes to the cobbler policy module
Initial rngd policy module
Tab clean up in the nis file context file
Changes to the nis policy module
Tab clean up in the nscd file context file
Changes to the nscd policy module
Tab clean up in the nsd file context file
Changes to the nsd policy module
Tab clean up in the nslcd file context file
Changes to the nslcd policy module
Tab clean up in the ntop file context file
Changes to the ntop policy module
Tab clean up in the ntp file context file
Changes to the ntp policy module
Changes to the numad policy module
Tab clean up in the nut file context file
Changes to the nut policy module
Tab clean up in the nx file context file
Changes to the nx policy module
Changes to the oav policy module
Initial obex policy module
Tab clean up in the oddjob file context file
Tab clean up in gpg policy module
Changes to the oddjob policy module
Changes to the mozilla policy module
Initial pacemaker policy module
Tab clean up in the oidentd file context file
Changes to the oident policy module
Tab clean up in the openca file context file
Changes to the openca policy module
Tab clean up in the openct file context file
Changes to the openct policy module
Tab clean up in the openvpn file context file
Changes to the openvpn policy module
Tab clean up in the pads file context file
Changes to the pads policy module
Tab clean up in the passenger file context file
Changes to the passenger policy module and relevant dependencies
Tab clean up in the pcmcia file context file
Changes to the pcmcia policy module
Tab clean up in the pcscd file context file
Changes to the pcscd policy module and relevant dependencies
Tab clean up in the pegasus file context file
Changes to the pegasus policy module
Tab clean up in the perdition file context file
Changes to the perdition policy module
Tab clean up in the pingd file context file
Changes to the pingd policy module
Changes to the plymouthd policy module
Changes to the mozilla policy module
Changes to the plymouth policy module
Tab clean up in the podsleuth file context file
Changes to the podsleuth policy module
Tab clean up in the policykit file context file
Changes to the policykit policy module and relevant dependencies
Tab clean up in the portage file context file
Changes to the portage policy module
Tab clean up in the portmap file context file
Changes to the portmap policy module
Tab clean up in the portreserve file context file
Changes to the portreserve policy module
Tab clean up in the portslave file context file
Changes to the portslave policy module and relevant dependencies
Tab clean up in the postfix file context file
Changes to the postfix policy module and relevant dependencies
Fixes to various policy modules
Tab clean up in the postfixpolicyd file context file
Changes to the postfixpolicyd policy module
Tab clean up in the postgrey file context file
Changes to the postgrey policy module
Tab clean up in the ppp file context file
Changes to the ppp policy module and relevant dependencies
Tab clean up in the prelink file context file
Changes to the prelink policy module and relevant dependencies
Tab clean up in the prelude file context file
Changes to the prelude policy module
Tab clean up in the privoxy file context file
Changes to the privoxy policy module
Tab clean up in the procmail file context file
Changes to the procmail policy module
Tab clean up in the psad file context file
Changes to the psad policy module
Changes to the ptchown policy module
Tab clean up in the publicfile file context file
Changes to the publicfile policy module
Fix a fatal syntax error in mozilla_plugin_role()
Changes to the plymouth policy module
Changes to the policykit policy module
Module version bump for fixes in shorewall, fail2ban and portage policy
modules by Sven Vermeulen
Tab clean up in the puppet file context file
Changes to ther puppet policy module and relevant dependencies
Initial pwauth policy module
Tab clean up in the pxe file context file
Changes to the pxe policy module
Tab clean up in the pyzor file context file
Changes to the pyzor policy module
Tab clean up in the qemu file context file
Changes to the qemu policy module
Tab clean up in the virt file context file
Changes to the virt policy module and relevant depedencies
Changes to the virt policy module
Changes to the cron policy module
Changes to the qemu policy module
Changes to the virt policy module
Epylog wants sys_nice and setsched
Tab clean up in the qmail file context file
Changes to the qmail policy module
Tab clean up in the qpid file context file
Changes to the qpid policy module
Tab clean up in the quota file context file
Changes to the quota policy module and relevant dependencies
Initial rabbitmq policy module
Tab clean up in the radius file context file
Changes to the radius policy module
Tab clean up in the radvd file context file
Changes to the radvd policy module
Changes to the raid policy module
Tab clean up in the razor file context file
Changes to the razor policy module and relevant dependencies
Smokeping cgi needs to run ping with a domain transition Remove
redundant socket create already provided by
sysnet_dns_name_resolve()
Changes to the virt policy module
Changes to the apache policy module
Changes to the gnome policy module
Changes to the rdisc policy mpdule
Changes to the readahead policy module
Changes to the remotelogin policy module
Tab clean up in the resmgr file context file
Changes to the resmgr policy module
Tab clean up in the rgmanager file context file
Changes to the rgmanager policy module
Initial Realmd policy module and relevant dependencies
Fix resmgrd init script file context specification
Changes to the cups policy module
automount reads overcommit_memory
Changes to the networkmanager policy module
Freshclam manages amavis spool content
Changes to the tftp policy module
Changes to the cobbler policy module
Tab clean up in the rhcs file context file
Changes to the rhcs policy module and relevant dependencies
Tab clean up in the rhgb file context file
Changes to the rhgb policy module
Tab clean up in the rhsmcertd file context file
Changes to the rhsmcertd policy module
Tab clean up in the ricci file context file
Changes to the ricci policy module
Tab clean up in the rlogin file context file
Changes to the rlogin policy module
Tab clean up in the roundup file context file
Changes to the roundup policy module
Changes to the remotelogin policy module
Changes to the apache policy module
Changes to the awstats policy module
fix puppet_admin() need to require types that it uses
Replace wrong type in puppet_admin()
Fix a syntax error in ricci_domtrans()
Catch all rpcbind content in /var/run
Changes to the cups policy module
Tab clean up in the rpc file context file
Changes to the rpc policy module
Tab clean up in the rpcbind file context file
Changes to the rpcbind policy module
Tab clean up in the rpm file context file
Changes to the rpm policy module and depedencies
Changes to the rshd policy module
Changes to the virt policy module
Changes to the rssh policy module
Tab clean up in the rsync file context file
Fix a typo in apache XML
Changes to the rsync policy module
Changes to the rtkit policy module
Tab clean up in the rwho file context file
Changes to the rwho policy module
Reads /proc/sys/kernel/random/poolsize
Tab clean up in the samba file context file
Changes to the samba policy module and relevant dependencies
Tab clean up in the sambagui file context file
Changes to the sambagui policy module
Initial firewallgui policy module
Tab clean up in the samhain file context file
Changes to the samhain policy module
Tab clean up in the sanlock file context file
Changes to the sanlock policy module and relevant dependencies
Tab clean up in the sasl file context file
Changes to the sasl policy module
Chnages to the sblim policy module
Tab clean up in the screen file context file
Changes to the screen policy module
Tab clean up in the sectoolm file context file
Changes to firewallgui policy module
Changes to the sectoolm policy module
Tab clean up in the sendmail file context file
Changes to the sendmail policy module and relevant dependencies
Tab clean up in the setroubleshoot file context file
Changes to the setroubleshoot policy module
Tab clean up in the shorewall file context file
Changes to the shorewall policy module
Tab clean up in the shutdown file context file
Changes to the shutdown policy module and relevant dependencies
Tab clean up in the slocate file context file
Changes to the slocate policy module and relevant dependencies
These domains transition to shutdown domain now so they no longer need
direct access
Re-add missing network rule in screen policy module
fail2ban server sets scheduler
shutdown XML clean up
libvirtd sets kernel scheduler
mongod reads cpuinfo_max_freq
Changes to the slrnpull policy module
Tab clean up in the smartmon file context file
Changes to the smartmon policy module
Tab clean up in the smokeping file context file
Changes to the smokeping policy module
Tab clean up in the smoltclient file context file
Changes to the smoltclient policy module
Tab clean up in the snmp file context file
Changes to the snmp policy module
Tab clean up in the snort file context file
Changes to the snort policy module
Changes to the sosreport policy module and relevant dependencies
Tab clean up in the soundserver file context file
Changes to the soundserver policy module
Tab clean up in the spamassassin file context file
Changes to the spamassassin policy module and relevant dependendies
spamassassin_role callers create ~/.spamd with the spamd_home_t user
home type instead
Re-add sys_admin capability that was lost with porting from Fedora
Move mailscanner content to mailscanner module
Changes to the speedtouch policy module
Tab clean up in the squid file context file
Changes to the squid policy module
Changes to the sssd policy module
Tab clean up in the stunnel file context file
Changes to the stunnel policy module
Tab clean up in the sxid file context file
Changes to the sxid policy module
Tab clean up in the sysstat file context file
Changes to the sysstat policy module
Tab clean up in the tcpd file context file
Changes to the tcpd policy module
Changes to the tcsd policy module
Tab clean up in the telepathy file context file
Changes to the telepathy policy module
Tab clean up in the telnet file context file
Changes to the telnet policy module
Tab clean up in the tftp file context file
Changes to the tftp policy module
Tab clean up in the tgtd file context file
Changes to the tgtd policy module
Tab clean up in the thunderbird file context file
Changes to the thunderbird policy module
Catch /var/log/cron directory as well
Dovecot module version bump for fixes by Sven Vermeulen
Portage module version bump for fixes by Sven Vermeulen
Cron module version bump for fixes by Sven Vermeulen
Changes to the exim policy module
Entropyd reads /proc/meminfo
Blueman reads tmp_t directories
Do not audit attempts by cups config to read tmp_t directories
Do not audit attempts by fail2ban to read tmp_t directories
Do not audit attempts by firewalld to read tmp_t directories
Gnomeclock reads urandom and realtime clock
Kdumpctl needs sys_chroot capability
Various kdumpgui fixes from Fedora
Do not audit attempts by logwatch to read tmp_t directories
Catch all alias files
Refine aliases file transition with names
Realmd dbus chat policykit and networkmanager from Fedora
Do not audit attempts by tuned to read tmp_t directories
Changes to the timidity policy module
Tab clean up in the tmpreaper file context file
Changes to the tmpreaper policy module and relevant dependencies
Tab clean up in the tor file context file
Changes to the tor policy module
Changes to the transproxy policy module
Tab clean up in the tripwire file context file
Changes to the tripwire policy module
Tab clean up in the tuned file context file
Changes to the tuned policy module
Tab clean up in the tvtime file context file
Changes to the tvtime policy module
Changes to the tzdata policy module
Changes to the ucspitcp policy module
Tab clean up in the ulogd file context file
Changes to the ulogd policy module
Tab clean up in the uml file context file
Changes to the uml policy module
Make it so that irc clients can also get attributes of cifs, nfs, fuse
and other file systems
Changes to the updfstab policy module
Changes to the uptime policy module
Tab clean up in the usbmodules file context file
Changes to the usbmodule policy module
Changes to the usbmuxd policy module
Tab clean up in the userhelper file context file
Screen sends child terminated signals to all interactive fd domains
Changes to the userhelper policy module and relevant dependencies
Changes to the virt policy module
Module version bump for fail2ban changes by Sven Vermeulen
Changes to the rpm policy module
fix smartmon init script file context specification
Changes to the usernetctl policy module
Tab clean up in the uucp file context file
Changes to the uucp policy module
Changes to the virt policy module
Tab clean up in the uuid file context file
Changes to the uuidd policy module
Tab clean up in the uwimap file context file
Changes to the uwimap policy module
Tab clean up in the varnishd file context file
Changes to the varnishd policy module
Changes to the vbetool policy module
Tab clean up in the vdagent file context file
Changes to the vdagent policy module
Tab clean up in the vhostmd file context file
Changes to the vhostmd policy module
Changes to the vlock policy module
Tab clean up in the vmware file context file
Changes to the vmware policy module
Tab clean up in the vnstatd file context file
Changes to the vnstatd policy module
Tab clean up in the vpn file context file
Changes to the vpnc policy module
Tab clean up in the w3c file context file
Changes to the w3c policy module
Tab clean up in the watchdog file context file
Changes to the watchdog policy module
Changes to the wdmd policy module
Changes to the webadm policy modules
Changes to the webalizer policy module
White space fix in apache policy module
Changes to the wine policy module
Tab clean up in the wireshark file context file
Changes to the wireshark policy module
Tab clean up in the wm file context file
Changes to the wm policy module
Changes to the inn policy module
Move man cache file type to miscfiles
Changes to the inn policy module
More accurate dbadm boolean descriptions
mysql_admin() has access to ~/.my.cnf files
Tab clean up in the xen file context file
Changes to the xen policy module and relevant dependencies
Tab clean up in the xfs file context file
Changes to the xfs policy module
Changes to the xguest policy module and relevant dependencies
Changes to the xprint policy module
Changes to the xscreensaver policy module
Tab clean up in the yam file context file
Changes to the yam policy module
Tab clean up in the zabbix file context file
Changes to the zabbix policy module
Tab clean up in the zarafa file context file
Changes to the zarafa policy module
Tab clean up in the zebra file context file
Changes to the zebra policy module
Changes to the zosremote policy module
Changes to the mysql policy module
Tab clean up in the pulseaudio file context file
Changes to the pulseaudio policy module and relevant dependencies
Changes to the pulseaudio policy module
One chown too many
Changes to the mplayer policy module
The prelink cron script now runs in its own domain
Initial smstools policy module
Initial openvswitch policy module and relevant dependencies
Reads pcsd pid files
Reads random device
winbind manages smbd pid sock files from Fedora
Changes to the bind policy module
CG rules daemon reads all sysctls
Runs consoletype and searches nfs state data from Fedora
Support munin unbound plugin from Fedora
Zabbix sends signals from Fedora
Blueman sets scheduler and sends signals from Fedora
pcscd_read_pub_files is deprecated, use pcscd_read_pid_files instead
Module version bumps for fixes in portage and virt modules by Sven
Vermeulen
Policy module version bumps for various changes by Sven Vermeulen
Changes to the openvpn policy module
Module version bumps for various fixes by Sven Vermeulen
Changes to the mandb policy module
Changes to the tmpreaper policy module
Changes to the munin policy module
Changes to the rngd policy module
Changes to the awstats policy module and relevant dependencies
Changes to the apache policy module
Changes to various policy modules
Changes to the abrt policy module
Changes to the passenger policy module and relevant depedencies
Changes to the pegagus policy module
Changes to the mta policy module
Changes to the fetchmail policy module
Changes to the bitlbee policy module
Changes to the blueman policy module and relevant dependencies
Changes to the amavis policy module
Changes to the userhelper policy module
Changes to the blueman policy module
Changes to the squid policy module
Changes to the sblim policy module
Changes to the kdumpgui policy module
Changes to the mailman policy module
Changes to the realmd policy module
Changes to the raid policy module
Changes to the samba policy module
Changes to the various policy modules
Changes to the snmp policy module
Changes to the spamassassin policy module
Changes to the sssd policy module
Changes to the l2tpd policy module
Changes to the shorewall policy module
Changes to the xen policy module
Changes to the tftp policy modules
Changes to the accountsd policy module
Changes to the tgtd policy module
Changes to the corosync policy module
Changes to the kdump policy module
Changes to the openvswitch policy module
Changes to the mpd policy module
Changes to the mozilla policy module
Changes to the zarafa policy module
Changes to the boinc policy module
Changes to the setroubleshoot policy module
Changes to the dspam policy module
Changes to the rgrmanager policy module and relevant dependencies
Changes to the svnserve policy module
Changes to the virt policy module
Changes to the prelink policy module
Changes to the apache policy module
Changes to the gnomeclock policy module
Changes to various policy modules
Changes to the pegagus policy module
Changes to the shorewall policy module
Changes to the kerberos policy module
Changes to the rhcs policy module
Changes to the irc policy module
Changes to the clamav policy module
Changes to the mrtg policy module
Changes to the munin policy module
Changes to the amavis policy module
Changes to the ppp policy module
Initial jockey policy module
Module version bumps for "several named transition for directories
created in /var/run by initscripts" in various modules by Laurent
Bigonville
Module version bumps for fixes in various modules by Laurent Bigonville
Module version bump for changes to the consolekit policy module by
Laurent Bigonville
Changes to the stunnel policy module
Module version bumps for fixes in various modules by Sven Vermeulen
Changes to the virt policy module
Changes to the apache policy module
Changes to the wm policy module
Changes to the samba policy module
Changes to the certmonger policy module
Changes to the mozilla policy module
Changes to the corosync policy module
Changes to the pacemaker policy module
Changes to the tuned policy module
Changes to the cups module and relevant dependencies
Changes to the rhsmcertd policy module
Changes to the lpd policy module
Changes to the munin policy module
Changes to the ntp policy module
Changes to the tor policy module
Changes to the firewalld policy module
Changes to the dspam policy module
Changes to the setroubleshoot policy module
Changes to the condor policy module
Changes to the kerberos policy module
Changes to the passenger policy module
Changes to the ppp policy module
Changes to the the dkim policy module
Changes to the abrt policy module
Changes to the lircd policy module
Changes to the dkim policy module
Changes to the virt policy module
Changes to the munin policy module
Changes to the dovecot policy module
Changes to the cobbler policy module
Changes to the userhelper policy module
Changes to the logwatch policy module
Changes to the wdmd policy module and relevant dependencies
Changes to the nscd policy module and relevant dependencies
Changes to the dbus policy module
Module version bumps for fixes in various policy modules by Laurent
Bigonville
Changes to the cups policy module
Changes to the dbus policy module
Changes to the apcupsd policy module
Remove redundant net_bind_service capabilities in various modules
Changes to the virt policy module
Changes to the puppet policy module
Module version bumps for fixes in various policy module by Sven
Vermeulen
Module version bumps for file context fixes in various policy modules by
Laurent Bigonville
Make httpd_manage_all_user_content() do what it advertises
Add more networking rules to mplayer policy module for compatibility
Fix fcronsighup file context. Should be crontab_exec_t as per previous
spec
Module version bumps for changes in various modules by Sven Vermeulen
Move asterisk_exec() and modify XML header
Consolekit creates /var/run/console directories with a type transition
unconditionally
Module version bump in consolekit policy module for changes by Sven
Vermeulen
The imaplogin executable file should be courier_pop_exec_t according to
existing file context specification
Module version bump for changes to the fail2ban policy module by Sven
Vermeulen
Modules version bumps for changes in various policy modules by Sven
Vermeulen
Laurent Bigonville (28):
Add Debian locations for Telepathy connection managers
Label telepathy-rakia as telepathy-sofiasip
Allow smartd daemon to write in /var/lib/smartmontools directory
Add Debian location for smartd daemon initscript
Add Debian location for accounts-daemon daemon
Add Debian location for rtkit-daemon daemon
Add Debian location for tcsd init script
Add Debian location for libvirtd init script
Add Debian location for evolution executables
Add Debian locationis for nut executables and configuration files
Add several named transition for directories created in /var/run by
initscripts
Run packagekit under apt_t context on Debian distribution
Add proper label for colord daemon in debian
Allow the system dbus to search cgroup directories
Allow virtd_t context to read sysctl_crypto_t
Allow colord_t context to read sysctl_crypto_t
Add proper label for gconfd-2 daemon in Debian
Ensure that consolekit can create /var/run/console directory on Debian
Properly label nm-dispatcher.action on Debian
policykit.fc: Properly label polkit-agent-helper-1 on Debian
cups.fc: Properly label cups-pk-helper-mechanism on Debian
Allow pcscd the fsetid capability
Allow networkmanager_t to read crypto_sysctl_t
Allow virsh_t context to read sysctl_crypto_t
Allow cupsd_t to read cupsd_log_t
gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian
ptchown.fc: Properly label pt_chown executable in Debian
Label /usr/bin/kvm as qemu_exec_t
Matthew Thode (2):
added autofs support and nsswitch support
removing refrences to named_var_lib_t as it doesn't exist anymore for
bind.if
Mika Pflüger (3):
Allow saslauthd_t to talk to mysqld via TCP
Quota policy adjustments: * Allow quota_t to load kernel modules
Debian locations for dovecot deliver and dovecot auth.
Russell Coker (1):
Fix djbdns ports
Sven Vermeulen (75):
Update with new substitutions
Mark the pid directory as a pid directory
Add in transitions for queue types when the queues are created
Fix typo in interface postfix_exec_postqueue
Allow maildelivery to use dotlock files in the mail spool
Allow postfix local to change ownership of mailfiles
Use libexec location for postfix binaries
Allow initrc_t to create run dirs for contrib modules
Update logwatch location in file context
Sandbox is an inherent part of the portage inner workings
Fix startup issue with fail2ban-client
Be able to get output from fail2ban-client
Ignore searches when ran from the user home directory
Shorewall admins execute shorewall too
Shorewall needs sys_admin capability for manipulating network stack
Be able to display dovecot errors
Remove transition to ldconfig
Adding interfaces for handling cron log files
Fail2ban client checks state of log files before telling the server
Support mysql init script
Support initial creation of mysql database files
Portage fetch domain needs to access certificates
Make samba domtrans optional in virt
Fix typo in tunable declaration for fcron_crond
Introducing cron_manage_log_files interface
Introduce dontaudit interfaces for leaked fd and unix stream sockets
Dontaudit attempts by system_mail_t to use leaked fd or stream sockets
Support at service
Additional postfix admin requirements
Reintroduce postfix_var_run_t for pid directory and fowner capability
Postfix deferred queue should not mark mails as postfix_spool_maildrop_t
Running qemu with SDL support requires more xserver-related privileges
Fix typo in clockspeed comment
Support openvpn status file
Asterisk voicemail messages are generated from tmp
Make rtkit calls optional
Gentoo installs dovecot certs in /etc/ssl/dovecot
Moving sandbox code to sandbox section (v2)
Allow sandbox to log violations
Use rw_fifo_file_perms
Apache should not depend on gpg
Named init script creates rundir
Add ~/.maildir as a valid maildir destination
Support stunnel_read_config for startup
Updates on stunnel policy
More .maildir fixes
Mark make.profile entry as portage_conf_t (v2)
Move mta call (coding style)
Changes to puppet domain
Allow rpc admin to run exportfs
Grant sys_admin capability to puppet
Puppet module helper scripts are puppet_var_lib_t
Support netlink_route_socket creation for puppet
Puppet initscript creates /run/puppet
Puppet runs statfs against selinuxfs
mplayer streams HTTP resources
fcron and fcronsighup binaries are moved
Asterisk needs to search through logs
Denial in mail log on node bind
Fix typo in mcelog_admin (missing bracket)
Add in contexts for fcron rm.systab and systab.tmp
Remove pulseaudio filename_trans conflict
Allow asterisk admins to execute asterisk binary directly
Support tagfiles for consolekit
ConsoleKit needs to read the dbus machine-id
File context updates for courier-imap
Update on file contexts for OpenLDAP
Update on file contexts for wpa_supplicant
Allow IRC clients to read certificates
Allow reading /proc/self for fail2ban due to FAM support
Update file contexts for puppet
Support ~/.tmux.conf as tmux configuration file
Add setuid/setgid capability to ulogd_t
Support tmux control socket
Postfix creates defer(red) queue locations
|