Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-10-26 | add tuned from miroslav grepl. | Chris PeBenito | 1 | -0/+1 | |
2009-10-22 | add changelog entry for e4928c5f7954ea062815c8a37c9d37e3e3fa40df | Chris PeBenito | 1 | -0/+2 | |
2009-09-28 | add seunshare from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-17 | add dkim from stefan schulze frielinghaus. | Chris PeBenito | 1 | -0/+1 | |
2009-09-16 | add gnomeclock from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-15 | add rtkit from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-15 | clean up xscreensaver. | Chris PeBenito | 1 | -0/+1 | |
2009-09-14 | add modemmanager from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-14 | add abrt from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-08 | nslcd policy from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-03 | add gitosis from miroslav grepl. | Chris PeBenito | 1 | -0/+1 | |
2009-09-02 | add shorewall from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-02 | add kdump from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-09-01 | add hddtemp from dan. | Chris PeBenito | 1 | -0/+2 | |
2009-08-28 | deprecate userdom_xwindows_client_template | Chris PeBenito | 1 | -0/+1 | |
The X policy for users is currently split between userdom_xwindows_client_template() and xserver_role(). Deprecate the former and put the rules into the latter. For preserving restricted X roles (xguest), divide the rules into xserver_restricted_role() and xserver_role(). | |||||
2009-08-18 | module version bumps and changelog update for the previous 3 commits. | Chris PeBenito | 1 | -0/+1 | |
2009-08-18 | Debian policykit fixes from Martin Orr. | Chris PeBenito | 1 | -0/+1 | |
The policykit binaries on Debian live in /usr/lib/policykit so add file contexts for that. Also a couple of policykit rules. | |||||
2009-08-17 | Fix unconfined_r use of unconfined_java_t. | Chris PeBenito | 1 | -0/+1 | |
The unconfined role is running java in the unconfined_java_t. The current policy only has a domtrans interface, so the unconfined_java_t domain is not added to unconfined_r. Add a run interface and change the unconfined module to use this new interface. | |||||
2009-08-14 | Add missing x_device rules for XI2 functions, from Eamon Walsh. | Chris PeBenito | 1 | -0/+1 | |
> Whats the difference between add/remove and create/destroy? > > The devices are in a kind of hierarchy. You can now create one or more > "master devices" (mouse cursor and keyboard focus). The physical input > devices are "slave devices" that attach to master devices. > > Add/remove controls the ability to add/remove slave devices from a > master device. Create/destroy controls the ability to create new master > devices. | |||||
2009-08-12 | Add missing rules to make unconfined_cronjob_t a valid cron job domain. | Chris PeBenito | 1 | -0/+1 | |
Unconfined_cronjob_t is not a valid cron job domain because the cron module is lacking a transition from the crond to the unconfined_cronjob_t domain. This adds the transition and also a constraints exemption since part of the transition is also a seuser and role change typically. | |||||
2009-08-11 | Add btrfs and ext4 to labeling targets. | Chris PeBenito | 1 | -0/+1 | |
2009-08-10 | Fix infrastructure to expand macros in initrc_context when installing. | Chris PeBenito | 1 | -0/+1 | |
The initrc_context file uses the mls_systemhigh macro and needs to be properly expanded based on the build.conf settings. Add makefile support to do this. | |||||
2009-08-05 | Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. | Chris PeBenito | 1 | -0/+1 | |
2009-08-05 | Add missing compatibility aliases for xdm_xserver*_t types. | Chris PeBenito | 1 | -0/+2 | |
When collapsing all of the xdm_xserver*_t types into xserver*_t, aliases for compatibility were mistakenly not added to the policy. | |||||
2009-07-30 | release 2.20090730 | Chris PeBenito | 1 | -0/+1 | |
2009-07-30 | changelog entry for the previous gentoo fixes | Chris PeBenito | 1 | -0/+1 | |
2009-07-29 | add fprintd module from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-07-29 | add devicekit module from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-07-28 | Merge branch 'master' of ssh://oss.tresys.com/home/git/refpolicy | Chris PeBenito | 1 | -0/+1 | |
2009-07-27 | wm policy from dan | Chris PeBenito | 1 | -0/+1 | |
2009-07-27 | add cpufreqselector from dan | Chris PeBenito | 1 | -0/+1 | |
2009-07-23 | remove read_default_t tunable | Chris PeBenito | 1 | -0/+1 | |
2009-07-21 | add pulseaudio from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-07-20 | changelog for previous commit | Chris PeBenito | 1 | -0/+1 | |
2009-06-30 | trunk: pads from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-06-30 | trunk: varnishd from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-06-22 | trunk: add sssd from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-06-18 | trunk: Greylist milter from Paul Howarth. | Chris PeBenito | 1 | -0/+1 | |
2009-06-18 | trunk: Allow unix_update to change the security attributes associate with ↵ | Chris PeBenito | 1 | -0/+1 | |
files so that it can properly create the shadow file. Also allow it to read from urandom so that it can add salt to the password hash. | |||||
2009-06-18 | trunk: Misc fixes for unix_update from Brandon Whalen. | Chris PeBenito | 1 | -0/+1 | |
2009-06-18 | trunk: Add x_device permissions for XI2 functions, from Eamon Walsh. | Chris PeBenito | 1 | -0/+1 | |
2009-06-05 | trunk: MLS constraints for the x_selection class, from Eamon Walsh. | Chris PeBenito | 1 | -0/+1 | |
2009-06-02 | trunk: add gpsd from miroslav grepl | Chris PeBenito | 1 | -0/+1 | |
2009-05-07 | se-postgresql update from kaigai | Chris PeBenito | 1 | -0/+1 | |
- rework: Add a comment of "deprecated" for deprecated permissions. - bugfix: MCS policy did not constrain the following permissions. db_database:{getattr} db_table:{getattr lock} db_column:{getattr} db_procedure:{drop getattr setattr} db_blob:{getattr import export} - rework: db_table:{lock} is moved to reader side, because it makes impossible to refer read-only table with foreign-key constraint. (FK checks internally acquire explicit locks.) - bugfix: some of permissions in db_procedure class are allowed on sepgsql_trusted_proc_t, but it is a domain, not a procedure. It should allow them on sepgsql_trusted_proc_exec_t. I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid such kind of confusion, as Chris suggested before. - rework: we should not allow db_procedure:{install} on the sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted procedure implicitly. - bugfix: MLS policy dealt db_blob:{export} as writer-side permission, but it is required whrn the largeobject is refered. - bugfix: MLS policy didn't constrain the db_procedure class. | |||||
2009-05-06 | trunk: lircd from miroslav grepl | Chris PeBenito | 1 | -0/+1 | |
2009-05-06 | trunk: 5 patches from dan. | Chris PeBenito | 1 | -0/+1 | |
2009-04-21 | trunk: Milter state directory patch from Paul Howarth. | Chris PeBenito | 1 | -0/+1 | |
2009-04-20 | trunk: 5 modules from dan. | Chris PeBenito | 1 | -1/+6 | |
2009-04-07 | trunk: 5 patches from dan. | Chris PeBenito | 1 | -0/+2 | |
2009-03-31 | trunk: 6 patches from dan. | Chris PeBenito | 1 | -0/+2 | |