[selinux-policy/f14/master] (3230 commits) ...-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this acce
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Oct 12 20:13:06 UTC 2010
Summary of changes:
fd188ab... New repository initialized by cvs2svn. (*)
14a7a69... initial checkin (*)
457f7ec... initial checkin (*)
b4cd153... initial commit (*)
70dcf79... add boot_runtime_t (*)
5d78128... add interface to associate to filesystems w/o xattr. allow (*)
57d2365... move assert.te here (*)
1ea98d0... remove relabeling privilege for now (*)
7f89c7e... hold off on improving (*)
5496553... kernel can load modules (*)
88d14a2... bring over more targets from strict policy, and add more ch (*)
053f6a2... add dontaudit fs getattr (*)
7aebdb8... add rootfs dontaudits for use in init.te (*)
f057824... reorganize and add rootfs dontaudits (*)
b470e38... initial commit (*)
5050e50... use interface to send syslog messages (*)
8c77177... add interface to send syslog messages (*)
4ddc1ab... add all types for this module, and add klogd policy (*)
3ba13bb... add all types for this module (*)
c4890ef... add per-userdomain template, and shadow_t interfaces (*)
f0872d2... add cap sys_rawio to raw memory access interfaces (*)
67e2ff4... initial commit (*)
879b00f... initial commit (*)
0154356... initial commit (*)
e181fe0... add copyright statement (*)
099c8b2... remove unneeded genfs_contexts (*)
bd76460... more comments (*)
7c5d78f... more insmod work, bring in depmod and update_modules (*)
033c80e... rename files_manage_general_lock_files() to more appropriat (*)
bf9e1e3... logging and modutils updates (*)
5a95221... add devlog_t symlink to loggers (*)
32b5029... uncomment test file (*)
9eb5e81... exec and transition interfaces, plus include mod object sym (*)
1f7b37c... insmod can be run directly from kernel; fix update_modules (*)
0e730cc... complete corenetwork (*)
33bc0dd... clean up some filesystem assoc (*)
8a0da10... make getattr and setattr interfaces and make naming consist (*)
22e1131... fix te trans error (*)
343a231... reorg (*)
a266e3c... restructure kernel module to be consistent with other modul (*)
219bcf7... attack with sediff, make fs:getattr interfaces consistent, (*)
549180e... initial commit (*)
b303042... add missing transition dontaudits (*)
91a7ab6... add sysnetwork (*)
5f75f56... move modules_object_t back to bootloader (*)
94edcc5... fix tmp_domain (*)
960373d... add module statement macro and entrypoint executable attrib (*)
8beec89... add legacy lib use (*)
e064a64... move system_chkpwd to fix ordering issue with checkpolicy (*)
f9438fd... add search all dirs (*)
3016a9f... initial commit (*)
9e19eb3... add docs (*)
835b6ab... initial commit (*)
8119850... add console dontaudit (*)
bcd3599... daemon domain allows noatsecure siginh rlimitinh, not donta (*)
889c9a9... add init_t:fd use interface and initrc pty rw interface (*)
55f4564... start merging in rules from daemon domain (*)
b5ab18b... initial commit (*)
dfb86ad... initial commit (*)
4600e08... reorganize the policy (*)
4fbd2ee... remove entrypoint assertion (*)
55a46da... add console setattr if (*)
3009816... convert over optional policy to optional_policy macro (*)
b586061... missed that sysctl_dev is a dir too (*)
f9cfa19... minor fixes (*)
ee5772e... add bulk of selinux module policy, and add required interfa (*)
07efe96... initial local login commit (*)
a2d8246... make mountpoints work, plus misc (*)
86f02eb... add original strict policy source (*)
0fbfa54... initial commit (*)
a7ed44d... initial commit (*)
05a5cdc... add a few missing ports, and ppp_device_t (*)
7009881... add in missing devices (*)
4472f3e... doh (*)
e9a6fcb... fix privfd (*)
f48a2aa... many updates (*)
5eafc37... add append to /dev/null write (*)
85bd7f1... add in transition and execute interfaces, and newrole sigch (*)
fc83dba... domains not needed for execute interface (*)
1b90996... add in missing policy_module line (*)
c3c58c5... move in rule from hotplug (*)
ba7740d... handful of changes (*)
d0b6abe... add in use and ignore use init control channel interfaces (*)
9f2f9e6... add ignore read rootfs file (*)
dfaf6c2... add authlogin_read_pam_runtime_data and cleanup interfaces (*)
de2cee6... add tty_device_t and devpts_t chr_file interfaces (*)
67484fc... add ignore read system state (*)
f360f82... fix stupid _depend define errors (s/ifdef/define/g) (*)
25baab1... switch over to tunable_policy and optional_policy (*)
6b93833... initial commit (*)
3a9aef9... updates (*)
ab64c30... add newrole:fd use (*)
07d6e32... reorg run_init a little, and add a convert to a few new int (*)
428b57e... more updates (*)
4541a9d... move locks (*)
3ce6cb4... fill pam and utempter authlogin policy and fix up interface (*)
b2e0625... more conversion due to new interfaces (*)
75a10ba... add in pam console (*)
0d7ad32... start moving in dhcpc and ifconfig (*)
0bc32e0... a few more copied over (*)
f1578d0... stuff from sysnetwork (*)
bd202fe... clean up interfaces for new binary module optional structur (*)
1e5c2a4... more conversion (*)
849380b... add usermanage (*)
a01ab8c... updates (*)
f1470e5... rules picked up from sediff (*)
df431c8... add missing copyright and policy_module lines (*)
23af43b... fix depends (*)
f66a1af... move type delcarations after attribute delcarations to fix (*)
d0eddb6... add in system_domain (*)
4fc9153... initial commit (*)
bbd6a62... convert over to system_domain, plus a couple init cleanups (*)
ebf7600... cleanup (*)
0634b6e... fix per_userdomain_templates macro generation (*)
0fef98c... add legacy read locale (*)
2274f9a... initial commit (*)
44a43b6... interfaces needed for clock (*)
ec81ecb... add read fonts (*)
b2b38c7... initial commit (*)
8e02803... add lvm_vg interfaces and do a little cleanup (*)
15e3d8e... initial commit (*)
5d7e8ba... add sulogin (*)
c5b5a74... cleanup (*)
18f25af... start adding infrastructure for the constraint exceptions (*)
96b0000... start adding infrastructure for the constraint exceptions (*)
a1f94a3... clean up authentication attributes (*)
e843cc8... reorder restorecon and setfiles relabel rules for consisten (*)
a9a20dd... allow all domains to use /dev/{zero,null,tty} (*)
c18e825... unexpand can_kerberos (*)
cb28738... priv* attribute fixes for sulogin (*)
5c16219... move system_chkpwd to .te rather then using template, so th (*)
13e94c0... more authlogin handling (*)
465a5e1... more updates (*)
46be1f3... add printer_device_t (*)
35b2fb4... add v4l_device_t (*)
2812bfa... fix hotplug optional (*)
6f50b57... use ptys (*)
0f3be6d... initial commit (*)
279b555... reorder to fit file context style rules (*)
63a310c... leftover from modutils (*)
f8ec0ad... initial commit (*)
eeb2558... leftover from netutils (*)
b3416a3... initial commit (*)
6b67401... reorder for more consistency (*)
dec1686... oops (*)
1832271... reorder for more consistency (*)
118186e... make a reasonable lib_t interface (*)
3ec805f... add read and search for etc_t:dir (*)
24280a5... updates needed for cron (*)
23caa6d... initial commit (*)
0b1af28... fix logging_make_log_file use (*)
38e24ae... add files_make_temporary_file and remove type attribute fro (*)
d25dd9c... add make temporary_file and daemon_runtime_file (*)
b2dc7fb... several fixes (*)
fb1aee7... add iface creating private logs (*)
d18e3d7... add crontab (*)
70abf87... finish lock_domain, fix file_type_auto_trans (*)
fd9deeb... reorg and a fix (*)
075c4fd... additions for cron and mta (*)
36f72de... finish can_exec_any and fix a can_network_tcp_client (*)
1bde832... initial commit (*)
7bba9d3... pile of updates (*)
24a7ae1... add lvm.fc, and move relevant entries to devices.fc and sto (*)
ff31386... move make_{daemon,init,system}_domain to init to fix type_t (*)
c28c4b0... add privmail attribute and move make_{init,daemon,system}_d (*)
35519c1... drop transition from send_mail since its more then a transi (*)
c6a3a22... add more parts to send_mail and drop transition since its m (*)
b16c6b8... start adding user domains. fix ttynode and ptynode handlin (*)
650e75c... initial commit (*)
dd14d0d... change read_shared_libraries to use_shared_libraries, since (*)
c09d322... change read_shared_libraries to use_shared_libraries, plus (*)
7bbec33... add www module (*)
696b417... initial commit (*)
efa9947... reformat (*)
4d8ddf9... start adding admin template (*)
c3dff2e... add device_node:{ chr_file blk_file } getattr; (*)
76bff31... add admin template (*)
759ba0a... add get all filesystems quotas (*)
5817e3a... add renice all domains (*)
ef37340... add source policy interfaces (*)
1786071... rename some selinuxfs interfaces for more clarity (*)
914c9f7... remove bad file_type_auto_trans. rename selinuxfs interfac (*)
8623d5b... move run_init to selinux, as it is part of policycoreutils (*)
6d314fd... add xml doc generation (*)
494e988... fix xml (*)
2e77b29... add xml (*)
490639c... add a xml comment (*)
26c87e0... add userdomain:fd use (*)
bee546b... add context template to support mls (*)
daa0e0b... add xml comments to interfaces, convert over userdomain stu (*)
085faa0... add xml comments to generated sections, and add mls support (*)
0d0d2ba... add mls port support (*)
e32c0d3... add mls sensitivity to genfscon, initial sids and fs_use (*)
48e0dbd... add ldconfig (*)
c430976... add transitions (*)
3000a31... make transition on shell work (*)
1c9f9a5... add signull all domains (*)
46410fd... add tmpfsfile support (*)
162a57e... add missing xml (*)
15a9613... add ldconfig and rpm transitions (*)
3925517... move in stuff from rpm (*)
957e269... fix tmpfs associate infoflow (*)
57440fb... add dontaudit shadow_t getattr (*)
6b48fd0... stuff from rpm (*)
992aba5... initial commit (*)
6276f10... instead of using macros to drop out non-macro calls during (*)
dc771ff... another cleanup pass (*)
88c72f4... a few touchups (*)
c907b3e... cleanup for corenetwork interface generation (*)
547283e... more fixes (*)
e7fcdc6... fix the object class in process transition interfaces (*)
7d7a36a... initial commit (*)
6f3dab2... initial commit (*)
3b3bf87... cleanup (*)
cbeef67... cleanup (*)
10abae7... initial commit (*)
c9a26b3... add in appconfig files (*)
efd8ede... many fixes from cab testing (*)
c220381... initial commit (*)
d490eb6... fixes from cab (*)
dd31631... fix ordering and put in var_lib_t (*)
07da0af... tmpfs associate for redhat (*)
c6fd1f8... restructure users, and add signalling (*)
16e9b0c... rpmbuild_t is not a system domain. also mark it as most li (*)
32e53ac... cleanup inspired by sediff (*)
f5c42bd... many fixes from cab work (*)
08eb9d1... fix tmpfs assoc call (*)
4bf4ed9... permission set macro changes, plus more cab related work (*)
b4c3f54... initial commit (*)
b8fca44... initial commit (*)
3b857ea... add some file_t interfaces, and console write (*)
d115b24... more cab work (*)
1293184... last fixes for cab (*)
e32d52b... fix xml (*)
7555aab... initial commit (*)
134191b... move flask dir to top level, and update them from nsa cvs. (*)
f267dfb... fix module name in xml (*)
2926f9c... better handling of appconfig dir (*)
aa40608... remove copyright until licensing issues are resolved (*)
2fc84fd... move user_u and root to users (*)
3c62aa3... fix policy.xml to not have templates for generated interfac (*)
004db90... do dtd verification on xml. fix current xml to be valid (*)
0447352... use variable for dtd. move policy type to variant section (*)
6d9915d... add missing pieces of crond_t -> $1_crond_t transition (*)
de96491... move global.if to support_macros at top level (*)
98af6c7... remove extra whitespace (*)
f5d4efd... add missing system_crond_t transition pieces (*)
44cda51... add some comments. make install target install appconfig fi (*)
ca83afe... start breaking up support_macros into macros dir (*)
cabfa52... move fs_use and isids to respective modules (*)
d115660... change network verb in corenetwork to sendrecv (*)
4196997... add some indentation (*)
36e54b8... initial commit of xml->html conversion (*)
0c73cd2... change over to some perm set macros. add indentation (*)
b67488e... rework policy build options (*)
0969335... fix appconfig dir (*)
ef5e55c... move to logging (*)
eb7f9a3... move audit to logging (*)
a1d2e8a... add domain(_auto)_trans (*)
2d68932... fix broken macros (*)
43bc390... initial commit (*)
02b584a... initial commit (*)
0fbe15d... start adding module disable and tunable infrastructure (*)
89ec232... initial commit (*)
8fb301e... 32 is space. ascii <= 32 is all whitespace (*)
3a80ec2... initial tunable tool fixes (*)
254bbc7... start switching over to new tunable infrastructure (*)
9c25fdd... add updated dtd (*)
2224ed3... remove java (*)
6847e82... First cut at fixing fc_sort. (*)
758618b... initial commit (*)
ddea18b... more tunable work (*)
3865d6b... add xml (*)
b46609f... fix missing _socket in class (*)
a9ec541... add interface macro (*)
763c441... start renaming filesystem interfaces (*)
a719723... add can_exec (*)
84eb353... more fixes (*)
066d463... comment fix (*)
1694dee... interface renaming (*)
0c5a288... interface renaming (*)
9f72a26... renaming (*)
dc5daf8... overhaul (*)
eac7c31... make infoflow optional (*)
eb5e237... Renamed support macros for consistency. (*)
72bdc60... Moved and changed user_mls to gen_user. (*)
c2c00be... add aliases (*)
b29d23f... initial commit (*)
0350b1d... support_modules is finally gone, and modules.disable->modul (*)
7edd02d... aliasing (*)
f2e4ab3... make corenetwork generation explicit, rather then on-the-fl (*)
e12e573... better handling of generated files (*)
5552ed8... initial commit (*)
5d31560... genhomedircon entries (*)
80048ca... aliases (*)
dd82294... aliases (*)
fe040c9... renaming and xml (*)
0a10b1f... aliases (*)
dc67f78... aliases (*)
16e1cf4... make policy.xml depend on all if's being generated (*)
d90b274... for now, drop infoflow tags (*)
c6ebefd... rename (*)
7591e83... fix layer in module tag (*)
cc41a97... aliases (*)
5a3299b... updates (*)
eb437dd... initial commit (*)
fe3bd5a... more indentation for modules in the menu (*)
1601fb3... fixes and remove debug code (*)
20030ef... add back html page generation (*)
997bd99... fix bracket display for optional parameters (*)
eca5b2d... rename (*)
eda201e... more renaming and xml (*)
588ffae... kernel.if renaming (*)
5d94178... speed improvement (*)
d6b0f37... Fixed doc tool to order menus. (*)
a154cd4... reorder (*)
c75e65a... Templates for menu ordering change. (*)
1b8d67d... fix (*)
e3fd778... add can_exec (*)
cab7c00... make macro work (*)
e1db6e9... policy.xml is now in tmp/ (*)
2404082... fix can_exec (*)
0fd9dc5... renaming insanity (*)
d46f023... more updates from method (*)
bef4f00... Added missing interface. (*)
e214f62... html tag updates (*)
bec1100... make module description optional and interface summary opti (*)
12b559a... move policy.xml to doc, so it doesnt get deleted on a make (*)
f0c985c... Devices rename. (*)
b2bf0b5... overwrite the generated .te file instead of append (*)
c9428d3... renaming insanity (*)
d9507b1... fix xml (*)
fae6ff9... update from method (*)
3c6d78b... ul end tag fix, and css tweak (*)
61bbe53... add "this is a generated file!" comment to top of corenetwo (*)
8700497... Updates to documentation. (*)
5a45e70... rename setattr removable_device_t (*)
eec6739... make summary and description optional in interfaces until w (*)
94670f2... fix (*)
31908be... a few missed renames, and start fixing up tunables (*)
34c8fab... tunables work (*)
fa7bea8... rename requires_block_tempalte to gen_require (*)
c24ac9c... rename requires_block_template to gen_require (*)
92e928e... start making genhomedircon work (*)
65a27ee... Updates. (*)
3eed109... convert relevant conditionals into tunable_policy (*)
e75f786... initial commit (*)
d2d6c8c... fix makefile to only rebuild modules.conf and tunables.conf (*)
b57dd19... stray renames in distro_redhat (*)
1beba1c... fix up appconfig, and generate $(installdir)/booleans (*)
810f2b7... fix typo (*)
8ae194f... when a generated file is already generated, it shows up in (*)
8bd6789... move constraints interfaces to domain module. move sysfs a (*)
be4a801... move selinux to selinuxutil (*)
ff7bc14... move security_t to selinux module (*)
5e0da6a... finish renaming system/selinux to system/selinuxutil (*)
9f945bc... Various updates. (*)
a585f31... Updates. (*)
828e03f... initial commit (*)
8eaa723... put user line in col 1, since genhomedircon breaks otherwis (*)
c7b41e9... add CFLAGS, and drop -C from install since it doesn't exist (*)
f08f5a0... initial commit (*)
c592e52... add install-src target (*)
48159f0... add download page (*)
2dda6a7... more status info (*)
337e4af... for use until we have a full README (*)
102a59b... add comments for clean and bare (*)
660bf70... Initial revision (*)
faf0db6... move status into a table (*)
2d0e7a3... reword (*)
1c50089... Updates. (*)
3d76bef... initial commit (*)
347f406... add more example (*)
fe51b31... add rpm list (*)
815ff39... initialize description to None so missing descriptions dont (*)
4ce9bdf... fix (*)
45d25ff... fix interface description/summary (*)
5ba9f0b... Updates. (*)
9b57ae7... fix for sf (*)
5fa7825... spelling fixes (*)
9a453ff... readability fixes (*)
bd113c3... fix bad links (*)
8c2f3ac... have can_exec add a require block (*)
77c124c... eliminate _depend macros (*)
d35c621... add a couple more nfs and cifs interfaces, to cover most of (*)
562cc2b... reorder gpg tunable for alpha sorting (*)
0e72169... misc cleanup (*)
a7c3a1b... eliminate _depend macros (*)
139520a... review of system interfaces (*)
7f2e39b... review of admin interfaces (*)
5e6f9e5... services interfaces review (*)
c9b7f1a... add rw_term_perms (*)
bc1fbab... interface review, and remove net_raw from raw node sends. (*)
2ba9a79... interface review, and remove net_raw from raw node sends. (*)
7a2f20a... more work to clean up and complete current modules (*)
57869a6... XML: encapsulate modules in layers, rather then layer being (*)
e04b8e7... initial commit (*)
7fb9c1c... change doctool to bring in line with the xml tag change (la (*)
21871a5... work on newrole policy (*)
245ee31... kill cvsroot (*)
0404a39... initial commit of ssh. (*)
cbc9d69... remove remaining _depend macros to prep for switchover to i (*)
199895e... move all interfaces over to the interface macro. add trace (*)
9ccd96d... more work on ssh, plus import ssh-agent (*)
2a3478c... fixes pointed out by steve, plus fixes revealed by the adde (*)
007ca56... more setcurrent stuff (*)
d3b892e... convert a couple network macros (*)
261e0e6... shorten some xml tags (*)
7c2b84e... fix for shortened tags (*)
19ea99d... fix (*)
95db422... initial commit of segenxml. add support in Makefile (*)
4523996... move ssh tunables into global_tunables (*)
9916c69... update to new commenting style (*)
c3a0754... a couple output fixes (*)
aad5b98... more updates (*)
414e415... update for new documentation method (*)
e81f022... add template support, and add dummy parameters for interfac (*)
62a7b02... add/update comments (*)
73fbc77... initial commit (*)
f8838e6... better dummy xml entries (*)
e88003f... xml updates and nis stuff (*)
ab940a4... autofs_t and ypbind cleanup (*)
24bf11c... initial commit (*)
80436b9... changes to make inetd work (*)
58c3da5... add fstools, and more cleanup (*)
a4c639d... change modules.conf handling (*)
19db6ba... change modules.conf behavior to be in line with behavior wh (*)
cedae2e... better handling of whitespace (*)
783b383... more low hanging fruit cleanup (*)
cbca03f... add lost_found_t manage, rename fs_type attribute to filesy (*)
2d56fdc... preserve tunable values if tunables.conf exists (*)
896badc... add comments and error handling (*)
ceebe3b... change desc to summary (*)
effd58c... add templates (*)
96ce00a... add logrotate, more low-hanging fruit (*)
743b651... link fix (*)
8fd3673... another round of renaming, for consistency (*)
06c9680... make interfaces or templates section not shown if empty (*)
00172fb... change messages for missing docs (*)
d233bfc... make layer summary required (*)
e8d8faa... dont show interface/template hotlinks if the module doesnt (*)
ebdc3b7... clean up more todos (*)
fd89e19... more work on current modules (*)
5e1ed49... initial commit (*)
65c8613... ul has to be in a p (*)
a7a9799... convert can_kerberos() (*)
16e8e26... update for xml changes (*)
1fe082e... update for 20050701 release (*)
e3a8e3f... update for 20050705 release (*)
d78fdee... add tag for required modules (*)
2745476... add required tags (*)
44772e5... Minor doc updates. (*)
f0cc1ac... update for required tag (*)
e8b3e30... fix for new new modules.conf behavior (*)
e8f0055... fix quoting problem (*)
9726b31... add unconfined (*)
e17cb83... update appconfig for unconfined login (*)
ebb884d... - Removed OUTPUT_VERSION as default. - Added default name a (*)
a3fdceb... quiet the awk if modules.conf doesnt exist (*)
bb32544... add missing ssh file contexts (*)
ed1a92b... ksu moves to su (*)
14b25bc... validate file contexts (*)
83ce670... put back to strict. will have separate strict and targeted (*)
c98340c... support for targeted policy (*)
1aa5262... missing rules uncovered by sediff (*)
e5f8060... implement direct_sysadm_daemon (*)
dfa83e9... add changelog (*)
767266c... update for 20050707 release (*)
58c7777... tag for 20050707 release (*)
acb668e... * Added support for layer summaries. * Added a "Index" link (*)
c11958b... support for global booleans (*)
4d0d415... silly formatting fix (*)
a42ca7e... another round of TODO cleanup (*)
249d461... initial global booleans and tunables support. also fix ind (*)
4d7511b... add tun and bool descriptions (*)
34bbe50... improve display of tunables and booleans (*)
ae9e271... fix more TODOs. fix selinux.te to selinuxutil.te in option (*)
4051d15... fix xml (*)
20a2275... fix comments for templates to have same number of # as inte (*)
b24f35d... more cleanup of current TODOs (*)
25a0c61... add distro tunables. expand on a few comments (*)
df00b2e... * fix chroot exec interface * more TODO cleanup * move IPC (*)
493d6c4... add nscd (*)
8125c93... more updates (*)
11633bb... add ipsec (*)
c429cb5... fix up the xml (*)
e0d57fb... add pcmcia (*)
316553a... add pcmcia (*)
f136a94... reorder in alpha order of type, for sanity purposes (*)
50f6503... * break up files_getattr_all_files into correct interfaces (*)
157c694... add macro to expand object class sets for use in require bl (*)
d9fd8e7... more pcmcia cleanup (*)
50aca6d... add raid (mdadm) (*)
3b6174a... add missing context template (*)
9f103ce... fix to use context_template() (*)
a5f339f... more cleanup in system (*)
391edeb... fix assertions for framework (*)
8b0bbdd... fixes for targeted policy (*)
2ec4c9d... more cleanup (*)
ec848d2... more fixes for targeted (*)
21f4773... add new netlink socket class (*)
892266c... more targeted policy fixes (*)
8c3f438... corenet was missing from unconfined (*)
a28f6db... add in some rules from NSA CVS to make targeted policy work (*)
bd7e7a6... missed a line (*)
474f43d... should actually try compiling first :x (*)
689f6dd... fix typos and import some rules from NSA cvs to make target (*)
1e3f610... add missing dir and file perms for selinuxfs in unconfined (*)
0b28a23... user home dirs were missing file type in targ policy (*)
f82c6ac... bah typo (*)
d250634... reorder kernel policy, add attributes for sysctl and proc e (*)
9496fd5... unconfined can name_connect to all ports (*)
ef424c1... name_connect only on tcp_sockets (*)
53857c8... unconfined can pass all constraints (*)
ea7d571... /var/lib is now a mountpoint (*)
80526cc... add an example module config for a targeted policy (*)
7bb6108... massive updates (*)
953541a... update from privmail (*)
50527cf... make network_interface able to support multiple interfaces (*)
022f61c... add connect interface on ports to handle name_connect tcp p (*)
78d30cb... Fix handling of ordered and unordered HTML lists. (*)
01e30c9... initial commit (*)
14c0354... update version from last release (*)
c13146d... update (*)
e5590ea... work on user transition (*)
bbdbdb9... fix stray line that got out of TODO (*)
96a150d... move file context validation to install (*)
cd8fa41... fix comparison bug (*)
60abb5f... add missing (*)
7c347cd... more updates for release (*)
6db8e52... new release (*)
52a902b... new release (*)
959220d... dont do a, since it preserves perms and users, which doesnt (*)
d299d70... update for release (*)
369b504... warn against using on production systems (*)
8b1125a... update for release (*)
80a63c7... clarify tmp_domain() (*)
81343a6... * Rename ipsec connect interface for consistency. * Add mis (*)
046a21d... search sbin dirs to find the pgms (*)
42be7c2... add mysql (*)
7e40f17... add back uses_shlib (*)
3fd8336... misc cleanup (*)
9a66d4e... add acct (*)
ed78ea0... add tmpreaper (*)
7057c18... a few more ssh touchups (*)
f5e321b... fix xml tags (*)
dce68dc... add updfstab (*)
9465452... fix gen_user comment for more clarity (*)
9489149... add su (*)
b9d7d70... add template xml (*)
e784300... add sudo (*)
5a3895a... tabbing fix (*)
052c953... add quota (*)
e694b51... fix no interface module handling in segenxml (*)
4aa0dc2... add tcpd (*)
f7ebea0... finalize desc -> summary xml change (*)
d06f3c3... remove secdesc since desc is sufficient (*)
aae06c1... fix system spool file problem (*)
35b4947... fix some udev naming (*)
c5a6dcb... quiet file context validation (*)
f0b1efa... all dev nodes assoc to tmpfs, since most everyone is moving (*)
8843093... more comments (*)
21468a6... add loadkeys (*)
5f38a65... try to knock out more of the distro_debian bootloader stuff (*)
4806a05... fix broken xml of previous commit (*)
a573790... make default for optional modules to module instead of base (*)
2d803ed... more debian cleanup (*)
57a96cb... add firstboot (*)
886907c... add firstboot (*)
b51f2f3... add regression tester (*)
545b0c9... add rshd (*)
23ca91f... cleanup (*)
2961e79... add ldap (*)
f862c35... add gpm (*)
fb0a3a9... initial support for compiling loadable modules (*)
7abb9e3... change compile dir to /tmp since home dirs are ro to apache (*)
55b104a... change to point to tresys.com/selinux (*)
28f0329... for base module, only enable modules actually in it (*)
f6e28ab... moved to selinux module (*)
db93d70... mark userpace object classes (*)
c04f2ab... complete infrastructure support for building modules (*)
8b75b07... remove comment about monolithic only supported (*)
a6df70c... more comments (*)
4b8c548... move require to right position, for modular policy (*)
f9b11e9... add howl (*)
35ecf83... add rsync (*)
902be0a... add privoxy (*)
d83fdad... add bind (*)
82024f9... do bools until loadable modules support tunables (*)
3110dec... fix tunables (*)
e28aa68... reformat for use in rpm (*)
6d12276... fix quoting (*)
c6299b2... add rpm spec skeleton (*)
d4df0aa... remove bad changelog date (*)
2a94561... start adding in templated interfaces (*)
9439a25... update config, switch most to module (*)
37aa3ff... update for release (*)
c2ecf02... update for release (*)
9074a25... missed a few (*)
b3e0af0... more status update (*)
fd637c8... targeted status info (*)
698a4a5... remove status info on index, fix stale status on status pag (*)
e7498c4... a few fixes (*)
f3791fb... massive revision (*)
a19e346... doctool display for no interfaces or templates (*)
e5d4526... make corecommands required (*)
451c1e3... send user role to per userdomain templates. update templat (*)
246839f... fix up most of mta attribute insanity (*)
1d1d21c... add mta stuff, fix inetd (*)
6e61566... add comsat. clean up kerberos and nscd interfaces (*)
768283a... cosmetics (*)
6af06cd... fix typos (*)
0c3d170... add dbus (*)
631ee4d... finish remaining dbus bits (*)
c0d1566... move rhgb_domain into TODO so modules can compile as binary (*)
aa8995a... fixes. move rhgb into TODO (*)
9d3bdc2... fix bugs uncovered from sediff (*)
7c8fc35... add dhcpd (*)
0f707d5... add squid (*)
f344c0f... move dhcpd to dhcp (*)
fdae8e7... add hal (*)
ac0483a... add dictd (*)
ce1b44a... typo (*)
b11a75a... add ntp (*)
603f90a... misc fixes (*)
07b01c4... fix (*)
8d93523... add inn (*)
763a5e3... misc fixes (*)
e376adf... update for release (*)
541b7d5... new release (*)
9646810... update flask (*)
d913507... fixes (*)
9b06402... add missing rules of other domains using inn (*)
d17b4d2... add ktalk (*)
eb3cb68... add portmap (*)
9ff3003... add zebra. change ssh to default to initrc transition inst (*)
0fdf3ef... fix sshd to use initrc transition while typeattribute in co (*)
2e863f8... add first part of changes to make base module compilable (*)
712566e... fixes to make base module compilable (*)
082dcd9... add base mod changelog entry (*)
777d80f... fixes (*)
2705f9a... begin merging in upstream NSA CVS changes (*)
83515f1... fix wrong interface in lock_domain() (*)
0907bda... more merging of NSA CVS policy (*)
f5bf2e2... more status for modules (*)
e249813... add unused directory to module status (*)
a797f51... fix (*)
7bdc0b4... last changes (*)
25225bb... make priority request nicer (*)
3c8c1b2... add back missing rule from daemon_domain() (*)
71fe0fa... fixes for module compiling (*)
4479b31... require fix (*)
84c9223... add samba (*)
5a2649c... cleanup (*)
605ba28... more merging from nsa cvs (*)
98a8ead... more updates (*)
5493c20... more updates (*)
a082484... more merging from nsa cvs (*)
ccc5978... add snmp (*)
40adb57... add tftp (*)
a47ea60... fix can_network_server expansion (*)
cff75c9... more upstream merging (*)
cf6a7d8... more upstream merging (*)
41c4800... a few module compile fixes (*)
a1fcff3... final updates from nsa cvs (*)
3552066... update status 20050919 (*)
200f453... add stunnel (*)
c0e4fe2... add appconfig for mls and mcs (*)
343cd04... move stuff out of unused (*)
4fd5201... add rlogin and telnet (*)
9dfe4e2... telnet and rlogin done (*)
9210553... add cpucontrol (*)
93070cb... add cvs (*)
3774e4e... todo cleanup (*)
668be64... cvs and stunnel in (*)
0e15cdf... change monolithic_policy to self_contained_policy for clari (*)
11ba8e6... add priv_system_role (*)
142e9f4... targeted and redhat cleanups (*)
5fd4a1c... attribute fixes (*)
6e0542e... fix error with file common being output, not file class (un (*)
25c6746... loadable module compile fixes (*)
996ae37... fix for removed example targeted config (*)
08c5c97... fix for targeted (*)
1fb83a7... fix system.users now that the gen_user macro is in support (*)
90e497f... fix regex (*)
fb2817d... make system.users look nicer (*)
b53f93a... testing fixes (*)
f7ba4a8... add uucp (*)
44a4c23... update for 20050922 release (*)
5ecee5d... add missing line from var_run_domain (*)
6859519... move in uucp (*)
4855866... update for release (*)
5561135... update on targeted config (*)
1d85c7a... update with change to how classes are handled in gen_requir (*)
681c9a0... fixes from sediff (*)
0058418... remove classes from gen_requires, and disable net_raw for n (*)
8428592... add kudzu (*)
fa67570... add radvd, plus a few cleanups from sediff (*)
b9ae3aa... rework nis_use_ypbind since optionals dont work in conditio (*)
9edc289... add anaconda (*)
a23ffe6... add system_cron_entry and fix typo (*)
6d788d8... comment fix (*)
f0574fa... add mls privileges (*)
e4aed15... update reserved ports (*)
8f6cbfe... mls updates (*)
1f91e1b... a few conditional cleanups (*)
b03f960... add disable_trans support (*)
724a9fa... add in missing(!) rule for uses_shlib($1) (*)
20e306e... add dmidecode (*)
246a604... add in a few parts of ftp (*)
ca3c73d... status update (*)
6942484... add in a couple missing rules (*)
79cde31... add winbind (*)
a2868f6... start adding secure_file_type implementation (*)
ff85670... 20050928 update (*)
a5ec7cb... more pieces of ftp (*)
a996bdf... add most of apache (*)
114fc45... misc fixes (*)
f4d7fdc... add interfaces used in old anonymous_domain() (*)
5bc9f30... fix comment (*)
fc6524d... add ftp (*)
6e99a6c... more apache work (*)
e02c61c... rename context_template() to gen_context() (*)
473ea71... temporarily add libselinux (*)
4f9f30c... * Updated to sedoctool to read bool files and tunable fil (*)
99505c1... fix files_exec_usr_src_files (*)
9d3e339... partial mailman merge (*)
d4dca58... add finger and bluetooth (*)
4483ee8... add apm and arpwatch. fix implementation error on fs_getat (*)
f33561f... add webalizer and sasl (*)
fedd3ca... update INSTALL and start work on README (*)
e9199fe... add anonymous_domain (*)
799a0b4... add mailman (*)
891a847... mailman is done (*)
c2b18fa... more apache work (*)
be4690a... add in last bits of webalizer (*)
4c71994... add missing interface (*)
c4bf979... start adding perm sets with refpol names (*)
8df65f1... add sechecker targets (*)
b1421d8... add some docs, do some reordering (*)
f721a49... start moving around to prep for 1.27.1-15 update (*)
c0c7013... merging 1.27.1-15 (*)
77f6e2c... partial (most of it) merge of selinux-policy-strict-sources (*)
d8636fc... more merging from 1.27.1-15 (*)
f9d771d... merge 1.27.8 and 1.27.9 (*)
65a2523... more merging from 1.27.1-15 (*)
fe9d17f... more merging from 1.27.1-15 (*)
e08118a... add ppp (*)
1f11ac9... more merging (*)
4615d80... update 20051014 (*)
e749cd1... wrap up almost all of apache (*)
c3a05c9... fix error uncovered by sechecker (*)
97749e2... add more docs (*)
8431326... error out if trying to build a module thats off or base (*)
c381274... misc fixes (*)
5a3b360... merge 1.27.10 changes (*)
12ae755... piles of fixes for loadable modules (*)
90c3dde... fix requires (*)
0efe52a... fix last loadable module problems (*)
af4752b... targeted and distro fixes for loadable modules (*)
de76494... targeted policy fixes (*)
61feb22... add missing entry (*)
862a1e7... update for 20051019 release (*)
a4e8b79... release (*)
fdef437... complete build tools (*)
2b01ae7... make DISTRO=redhat imply DIRECT_INITRC=y (*)
4e69c1c... obj class typo for certs (*)
cf6141a... fix corenetwork generation and add distcc (*)
29ce000... add dovecot (*)
06a5362... add all target to build base and modules (*)
ea557a8... add cyrus (*)
fe7b943... fix (*)
3509484... add canna (*)
23a4442... add xdm (*)
ab58ad0... add 1.27.1-22 targeted policy (*)
da4fc9c... sediff fixes (*)
e6a2eaf... more fixes (*)
1f8a8bb... more sediff fixes (*)
959fca6... interlace monolithic and modular to catch errors in modular (*)
ae90172... expand gen_context() in file contexts (*)
ebed41b... woops, radius wasn't actually completed (*)
239db5e... add networkmanager (*)
10b1f32... add amanda (*)
ae1d9af... simplify since alias take care of it (*)
ad3b9d7... add lpd (*)
a636210... add dbskk (*)
230838e... add pegasus (*)
44fc06b... add radius and amanda, which I forgot to ci (*)
385dcd4... add radius (*)
f932d8e... add spamassassin (*)
04926d0... add postfix (*)
ef5ca0f... add cups (*)
f855442... nwmgr fixes (*)
60de986... add dan's config (*)
f8964c0... Added a file context for httpd.pid so that it is correctly (*)
2db2c7d... fixes from sediff (*)
43989f8... add rpc (*)
19b5555... more fixes (*)
710791f... more missing types (*)
3d37bca... Added an allow that permitted apache to read httpd_sys_cont (*)
bb67633... add initrc_su_t (*)
1dd86c4... sediff fixes (*)
fa16f25... Added rules to the smbd_t and the nmbd_t domains so that th (*)
34e722f... more sediff (*)
1480d3a... fix mls r_t (*)
15fefa4... remove bin policy and kern module assertions for now (*)
88e5d70... add (*)
9d343af... fixes from chad (*)
e64b338... fix (*)
37fe0ec... update ranges (*)
a3754ff... add configuration for testing (*)
162dfc3... corenet fixes (*)
57d8e6c... Added signal permissions to postgres so it can start (*)
dd57ca3... Added rules to the bind policy for the named server so that (*)
0354e30... Fixed a problem which was allowing processes to become unco (*)
9bbc757... more fix (*)
30705b6... fixes (*)
b4e1ebc... hopefully fix su (*)
7ebd6a9... add proc_net lnk (*)
9c4fcf6... Removed differences between refpolicy and targeted NetworkM (*)
bdfa8e7... Removed differences between refpolicy and targeted acct_t (*)
6716737... fix most of samba (*)
87ab639... woops (*)
c11417c... Reduced the number of differences in amanda between the tar (*)
f470a1e... Added a rule to allow apache to read httpd_sys_content_t so (*)
69dcd68... fix most disable_trans errors (*)
977b1d6... add nscd (*)
d2c5739... Fixed an allow that should have been a dontaudit (*)
40a1f3d... fix again (*)
52e1edb... fix acct (*)
ee7f66b... hide broken symtoms (*)
3df88de... hide broken symptoms (*)
2192d4b... Moved the dbus stuff inbetween networkmanager and bind to t (*)
88dd389... more postfix work (*)
9dd5002... homedir fixes (*)
28e730b... module build fixes (*)
60789e1... fixes (*)
2964dce... new semodule_package cmdline args (*)
a662d2b... make implicit work (*)
83e4512... fix up su (*)
240a3a9... appconfig side of su fix (*)
9aca490... some home dir fixes (*)
2c216c0... use the right interface (*)
b0bdeb0... syslog logs to itself? (*)
467602f... system_chkpwd can winbind (*)
51f5c6a... add dontaudit (*)
7b90f2d... testing fixes (*)
784a3bb... privhome implementation (*)
7eec657... add default_t read back (*)
2aec146... use our own interface to make maintenance easier (*)
e11d2e3... add missing nscd clients (*)
d49d524... initrc also uses nscd (*)
ee64ef4... typo (*)
2526a44... missing privloggers (*)
ccfd7b1... easy fixes (*)
b7e1825... privfd (*)
c3cf669... try to fix associations (*)
7a6d427... a few more strays (*)
e8d0a65... fixes from arpwatch testing (*)
f5e4f79... fix rpm transition (*)
33acca5... pile o fixes (*)
d1b9d92... another pile o fixes (*)
f13da83... Added search and getattr permissions to etc_mail_t dir for (*)
4614e83... more fixing (*)
5abea98... fixes from testing (*)
ce03837... rpc fixes from testing (*)
fc6198c... fixes from sediff (*)
a525f29... sediff fixes (*)
b281bf6... add some missing transitions from unconfined (*)
08c22f4... more transition work (*)
bc87f4d... testing configurations (*)
05c6f04... dont remove home dir templates from base.fc (*)
f1baed7... fix some /opt regexes (*)
2f33cd7... put all users back into the base module (*)
6894176... adding ldap configuration files and README. (*)
8fb15d8... change of file names. (*)
cf14e4b... Configuration for bind added. (*)
7e1e18d... dhcp configuration added. (*)
dd3544d... fixes from testing (*)
7e1c14d... fix quoting (*)
005a9aa... initrc fixes (*)
b7cb7a9... adding configuration for rsync. (*)
495a702... add missing range transition (*)
f0f18e0... typo (*)
bce06f1... updated modules.conf from dan (*)
cbdb4ae... clean up unused booleans (*)
375c241... ssh updates for targeted (*)
2d13f72... take care of missing types (*)
f1b0a8c... fix (*)
9cb7c2a... Adding configuration for stunnel test (using stunnel to tun (*)
dc8f170... fix up sendmail for targeted (*)
cac3eca... fix te_trans conflict (*)
f3936d3... nicer te_trans conflict fix (*)
6284179... fixes uncovered by sediff (*)
5777606... Added telnet configuration instructions. (*)
6ff85b5... fix perm set (*)
bea7b45... add missing tunable (*)
0500e01... * fixes uncovered by sediff * fix disable_trans support so (*)
9ca7e78... misc sediff fixes (*)
aba9c7a... add missing httpd_helper_t tty part (*)
305106e... Added a rule to allow dmidecode to use locallogin_t fd to m (*)
30910b3... more fixes (*)
b422aa9... initrc couldn't create/use its own pty! (*)
ce0ff19... more of the same (*)
dab808b... dbus obj class cleanup (*)
0b12fa4... more dbus cleanup (*)
7ac2258... tty and caps fixes (*)
31a1c2d... fix filesystem associations (*)
35adb6f... clean up socket (*)
ee08bc4... read certs (*)
168f5b3... tweak inconsistencies in old policy to make them consistent (*)
b9ea0fe... clean up last var_run_domain expansion errors (*)
b488014... hack (*)
73ef293... fixes just so sediff is easier to handle (*)
b909aca... adding configuration for spamassassin. (*)
8f882ff... Added rules so that tracepath, traceroute and ping work. (*)
e6f94f7... adding some config files for kerberos. (*)
9c6feb6... add stuff from distros.fc (*)
7afca0b... user tty fixes (*)
307e114... missing dir (*)
45aa10a... Added signal_perms to nscd_t. (*)
bc6dfa6... Changed a { create rw_dir_perms } to a create_dir_perms sin (*)
cd508d4... for now don't delete generated files. bring this back afte (*)
8967bf8... merge in some of dan's old policy changes (*)
76febd2... fix sendmail transition (*)
42fc9a8... Fixing configuration files. (*)
f683264... commented out cipher config options. (*)
725926c... pile of sediff fixes (*)
3e639ab... tty fixes (*)
d3f715d... more fix (*)
062e17a... add avahi (*)
4b9516c... add avahi (*)
2ab07eb... fixes for sorting (*)
e3d21df... fix to use real type rather than alias (*)
ce1e893... dont install booleans file anymore (*)
2ed0d18... install booelans file on monolithic (*)
59a00d8... add avahi (*)
33faf59... correct shlib_t alias (*)
51f3744... add missing /var/yp match (*)
5211b05... Added configurations for testing tcpd. (*)
c646a9f... add missing bin_t aliases (*)
c2e35b8... fc fixes (*)
c6825e9... missing matches (*)
1904b01... fix changed rules (*)
37c8521... use role dominance in targeted for compatability with stric (*)
70fe5a3... turn off stuff not in original targeted (*)
672a157... reorder to work around module compiler bug (*)
65b9361... missing matches (*)
3797efb... work around role dominance breakage in module compiler (*)
2e0a880... changed rules fixes (*)
e50d1d5... Configuration for mailman. (*)
55290ad... small fixes (*)
daff1dc... fix missing role statements (*)
a6e32d6... add initrc_tmp_t mountpoint (*)
3ad26d1... update rh broken symptoms (*)
33ff9b8... missing fc's (*)
4fe05f2... add debugging symbols (*)
43373af... fcsort integration moved to policy server repo (*)
5ae9081... fix ordering (*)
175b1cb... reverse last change (*)
7fefc1d... fix rpm (*)
17da253... fix ordering problem (*)
3be48fa... fix type transition conflicts (*)
af86646... hack (*)
15c235f... more broken symptoms (*)
0d5d74e... remove extra rule (*)
a8b62e7... more config files and updates. (*)
9e91381... change dmesg and loadkeys behavior to aliasing, and enable (*)
de0d265... temp genhomedircon hack (*)
3ed2b69... role hack for genhomedircon (*)
a0f5ff6... updated README (*)
7b062ea... add patch from dan (*)
c6d4c8f... clean up some hacks (*)
801b2a7... add in procmail (*)
3e6c816... add procmail (*)
1dad083... stray procmail execs (*)
58252e9... update status (*)
8b4eab1... missed mls cat update (*)
704327e... fix transitions in and out of unconfined. fix bugs uncover (*)
1354ca0... fix superfluous network rules pointed out by dan walsh, and (*)
37ff8fe... updates from dan (*)
1d697ce... add last bits from dan (*)
c5c3066... fix (*)
95f82b0... fixes from dan (*)
9cc2ccc... tweaks from dan (*)
31b7c05... add fc mls policy (*)
c767b14... merge makefile changes from branch (*)
c45fa5d... slew of updates and fixes (*)
af23450... patch from dan (*)
1328802... Change optional_policy() to refer to the module name rather (*)
2629c65... patch from dan to remove rhgb and gph:fd use (*)
cf0ff55... fix so empty modules.conf check works (*)
d828b5c... clean up networkmanager hacks (*)
f00434f... clean up rpc hack (*)
3f41889... add xfs (*)
09741b1... cleanup from sediff (*)
33d0871... remove rhgb_domain and update for optional_policy() behavio (*)
131e573... add yppasswdd to nis (*)
19ff64f... add rdisc (*)
f11f0c1... add timidity (*)
5d5ea8d... add irqbalance (*)
08cd98b... big cleanup of mta (*)
1504ff3... clean up most of the mta hacks (*)
70fb22d... bump rev (*)
574e63f... fix kerberos_use, which turned out to be a problem in dns_r (*)
ac9aa26... work on users (*)
9fd4b81... fix several modular build problems (*)
78510c5... patch from dan (*)
6820a39... add final bits of spamassassin (*)
4093c29... add i18n (*)
8e0ef1f... move build options out of Makefile into build.conf (*)
058f3ef... move files, corecommands, and domain to kernel layer (*)
7572070... loadable module build fixes (*)
6f81e1d... many loadable module build fixes (*)
f525b49... add back rules that were mistakenly removed (*)
d337ec9... add in daemon attrib (*)
0176d13... add check for duplicate interface/template definitions (*)
1470ffb... fix dupe interfaces (*)
fc0e8ce... clean up (*)
bdb2fac... merge systemuser back in to users (*)
35bb02a... updates (*)
ffd0484... fix (*)
3c8f6b1... policy-20051114.patch from dan (*)
439aaa2... fix module compile issues (*)
bd70373... add unlabeled association rules (*)
b9d3b24... add non ipsec asssoc rule (*)
67b8998... pre-release update (*)
3233e29... add fc5t2 targeted modules.conf (*)
cb1d1e9... remove testing configuration for release (*)
2d54b83... fix (*)
cd1b0b3... update for release (*)
885e753... update for release (*)
e2e9866... update for release (*)
8c1db6c... update (*)
c0626aa... fix typo (*)
686f134... update (*)
0f73fde... add sysstat (*)
9667c15... fix compile errors (*)
a089b6d... add fetchmail (*)
44656a1... configuration files for automount. (*)
8ba1bd8... make common template (*)
b64a0eb... credit dan for patches (*)
049e11a... policy-20051208.patch from dan, plus a few adjustments (*)
5ea24be... fix module versions (*)
7576fad... add automount (*)
d457d0e... bump vers (*)
cbe3275... add swat to samba, and fix an automount mistake (*)
f2e1f26... pax mistakenly marked as userspace (*)
a324ef1... rename texrel_shlib_t to textrel_shlib_t (*)
3b4da47... fix interface (*)
60caa30... fix ptracing of all domains (*)
0c4bf1c... fix comment (*)
4ac451f... fix errors reported on fedora-se ml (*)
bb43724... stuff from dan (*)
be1e6eb... fixes (*)
9cca1cd... policy-20051208.patch (*)
cd66769... another patch from dan (*)
39a17ec... give dan credit for adding vbetool module (*)
fc4054c... fix typo in require block (*)
871b685... add smartmon (*)
8710791... add ddcprobe (*)
56c1def... fix spacing problem (*)
0e8ec43... add openct (*)
6f11d6b... add readahead (*)
1d427ac... add slrnpull (*)
a317cd8... fix formatting (*)
765bd96... add setcontext to association class (*)
8cffa78... add irc (*)
bf080a4... part of dan's mega patch (*)
afd38b1... forgot to update changelog for ipsec permission addition. (*)
819ab67... update status (*)
5e98eaa... remove unneeded rule (*)
020cbef... add logwatch (*)
d163a43... minor cleanups (*)
b07eaef... add polyinstantiation. (*)
5a35c02... woops (*)
a77e652... patch from dan. (*)
c8ba683... add screen (*)
e831e41... fix role (*)
44f490b... add usbmodules (*)
7c10117... fix (*)
7e0fa55... add roundup. (*)
1ae2c31... add lockdev (*)
b8c7982... disable builtin targets except for .c (for fcsort) (*)
3c4d759... update (*)
2c24358... add prelink. (*)
50b0893... Petre Rodan will take care of some djbware (*)
de8af9d... add alsa (*)
de94087... rsync --daemon is long running, and can be run from an init (*)
e0a9001... fix expansion of interfaces from disabled modules. (*)
c5af97f... fix alignment (*)
3ffe298... add java (*)
4ec6941... add cdrecord (*)
038bd3f... fixes to make screen work (*)
460e051... fix comments (*)
22d2e25... interface-ize screen fixes (*)
8369293... fix comments, clean out object classes (*)
9d59498... rename create verb to filetrans for type transitioning ifs (*)
ce96df7... rename create verb to filetrans for type transitioning ifs (*)
ebc7dfe... update checkpolicy required version (*)
6a57b68... add slocate from dan (*)
44d5d93... add daemontools, djbdns, publicfile, and ucspitcp from Petr (*)
b7b1d23... add corenet patch from spencer (*)
f40b368... fix typos and formatting (*)
76b519d... fix module building problems. (*)
cc5df23... fix encapsulation problem (*)
93727e3... patch from dan 1/16/06 (*)
d3d2702... bump versions for release. (*)
22cb0be... update for release. (*)
26deab1... update for release (*)
8cc4947... add usernetctl. (*)
fe9b054... fix run_init constraint problem (*)
e1c4142... add portage from gentoo (*)
6b86ef0... move stray bin_t entry (*)
625caeb... fix compile errors (*)
6d14093... really fix the build problems (*)
7c2f5a8... add userhelper (*)
b94cc19... there is no initrc_var_run_t:dir (*)
68228b3... Change initrc_var_run_t interface noun from script_pid to u (*)
0a77288... fixes from dan (*)
2bcdbd8... add certwatch (*)
8dca6b9... add lpr policy to lpd (*)
2de03f3... give info message for make html (*)
92268c5... move certwatch to admin, its not a daemon (*)
a49e2bd... hopefuly final fix for run_init (*)
edb77e5... add execstack and execheap to unconfined domain exclusion (*)
c1904de... formatting fixes (*)
2ce6b04... login fixes and pieces of xserver (*)
488ec7b... add xserver (*)
55f1efa... forgot to bump version (*)
85c20af... fixes from serge (*)
a225f98... patch from Dan, sent Thu, 19 Jan 2006 14:16:26 -0500 (*)
924c0f2... identity changes from dan (*)
dace0b2... work on xdm (*)
acd87ca... add xauth and iceauth to xserver (*)
3b31130... last bits of xserver (*)
07620c0... more xdm work (*)
1e786ea... fix user pty type_change (*)
d14c0e7... add missing if (*)
f6abfdb... fix sshd (*)
6b1c8ee... remove unneeded dependency for generated_definitions.conf (*)
9083905... add home_domain() (*)
7dca64f... Collapse commands with grep piped to sed into one sed comma (*)
c43ecfc... fix EOL extra space (*)
6b5c92d... cleanup (*)
18d59e1... reverse last change (*)
ba35e4d... add fix for secadm_r. I dont like this, but it can be stra (*)
59d721e... fix xml (*)
a524921... patch from dan (*)
37227dc... Add ctags Make target from Thomas Bleher. (*)
a4fae7f... nicer way of doing fallback (*)
3f026a9... override doesnt do anything for +=, use ?= assignment to si (*)
5e4cbc7... remove newrole privs from su and sudo (*)
4ace0fa... add rolemap/per-userdomain infrastructure (*)
8c4989c... improve comments (*)
6259d8e... add text for rolemap (*)
9b3756b... add headers and outside tree building support (*)
5850761... add line number and file name to xml, from selide people (*)
270d428... from today's interface review meeting: s/kernel_use_unlabel (*)
51a89cc... patch from dan Fri, 27 Jan 2006 01:37:19 -0500 (*)
bd90921... fix (*)
575e269... update status (*)
9d5606e... missed status update (*)
6ada253... remove all class remaining lines with kernel object classes (*)
18cc016... remove kernel module reversed interfaces. (*)
0f5d13f... merge xdm into xserver (*)
1576102... fix documentation (*)
207c476... renaming from 20060131 interface review (*)
445522d... renaming from 20060131 interface review, round 2 (*)
9e04f5c... renaming from 20060131 interface review, round 3 (*)
4d851fe... renaming from 20060131 interface review, round 4 (*)
6796266... add mrtg, bug 1394 (*)
fe21026... fix xml (*)
bff1cef... fix for lineno and filename attributes (*)
6bb0da3... add example module. (*)
120988c... install-docs target, consolidate relabeling (*)
6bc40ea... genhomedircon stuff only for strict (*)
6018e9b... genhomedircon stuff only for strict (*)
5bd1a70... move example makefile to doc (*)
e52af25... remove unneeded gen_require_set() macro (*)
ffd5c34... forgot to add if renaming to changelog (*)
b77d019... merge tvtime to trunk bug 1391 (*)
8ff5530... fix a few fcs (*)
6a0b252... status update (*)
3284fb6... fix compile problem (*)
46112fc... fix optional in fc, move contexts to their proper modules (*)
1815bad... another slew of renaming (*)
ee9500e... fix userdom_create_sysadm_home (*)
9417cb7... clean up userdom_create_user_home() (*)
017bab0... remove lvm_vg_t (*)
cd07eae... remove redundant userdom_manage_generic_user_home_dir inter (*)
c66a3aa... fix kernel_relabel_unlabeled() (*)
f754793... a couple init renames (*)
37f15c5... fix sendto (*)
9550194... patch from dan Wed, 01 Feb 2006 08:33:30 -0500 (*)
5a975c1... work on xdm (*)
4ef7567... add rpm install instructions (*)
e0dfbdf... fix process object class assertion for hierarchy (*)
9778406... patch from Serge Hallyn Thu, 09 Feb 2006 13:42:36 -0600, pl (*)
885b83e... xml building changes, add desc tag to booleans, add summary (*)
0e686f1... a few fixes (*)
e60b983... do not remove intermediate files (*)
b0d2243... patch from dan Thu, 09 Feb 2006 13:39:41 -0500 (*)
807a777... clean up patch from Serge Fri, 10 Feb 2006 18:01:06 -0600 (*)
0062f96... update for serge's fix (*)
0a30b00... add x_client_domain implementation (*)
24a6379... implement x_client_domain replacement (*)
c9f20d5... merge external modules makefile changes (*)
3a68d09... add missing endlines (*)
d6cf05b... fix headers install path problem, segenxml.py variable prob (*)
81a18f8... make html target create tmp dir (*)
e2680fb... remove unneeded LOCAL_LAYERS variable (*)
90b331f... add users_extra support (*)
ddb9aaf... make default action build all packages, like the comment sa (*)
ace3688... add seusers support (*)
fcfe684... remove unneeded dep (*)
b389cd4... reverse (*)
988a441... remove unneeded dep (*)
5b45ffb... fix regression; remove unneeded ROOT and make BUILDDIR have (*)
8cf6714... patch from dan Tue, 14 Feb 2006 09:01:16 -0500 (*)
3d59806... fix dependency for install-headers (*)
ad8af23... add missing vpath and .pp build dir for modules in local la (*)
5b6ddb9... add uml, plus two renames in corenet (*)
7e86de9... status update (*)
fffba0b... add missing verbose to fc_sort and add target for generated (*)
8d1111f... fix default user line (*)
58b2a3c... nicen echoing (*)
1a7175a... fix build.conf inclusion for local policies, add xml build (*)
a395250... fix bad interface calls (*)
3eea551... Remove allow_execmem from targeted policy domain_base_type( (*)
b9e6c42... second colon not needed for mls-disabled policies. (*)
e1ee92b... fix up cron_crw_tcp_socket() (*)
4a02d30... clean up most of user subdir mess (*)
46c69cb... patch from dan Sun, 19 Feb 2006 08:16:18 -0500 (*)
0eba5d6... fix most templated interface calls outside of templates (*)
15722ec... another round of renaming (*)
4ca6d0d... fix tmp dir usage (*)
2283dc7... add gentoo integrated run init (*)
103fe28... another round of renaming (*)
6a73806... add default headerdir in case users try to make -C instead (*)
794a56c... try to be smarter about NAME (*)
02bcb8b... patch from dan Mon, 20 Feb 2006 17:19:34 -0500 (*)
675a0ee... add interfaces to eventually clean up the storage_create_fi (*)
0f27d98... patch from dan Thu, 23 Feb 2006 14:26:05 -0500 (*)
13a4943... make sure booleans get in to booleans.conf (*)
1c1ac67... make (almost) all interface parameters required. move boot (*)
e5a602a... move bootloader to admin (*)
72ed29b... fix typo (*)
87e73c5... add unconfigured modules to OFF_MODS, and change APPS_ON to (*)
32e6fc6... add missing rules (*)
2b3c99d... bump version numbers for release (*)
1e1d126... scripts are loaded by the interpreter rather than ran direc (*)
0fc3e1b... update for release (*)
af3dd8d... update api docs (*)
3d65201... update for release (*)
42e77a5... update for release (*)
a4bbe38... add a few missing bits (*)
ce3145e... add tor module from Erich Schubert (*)
8a0a994... add amavis and clamav from Erich Schubert (*)
56df236... contrib by erich schubert (*)
0c54fcf... add apt and dpkg from erich schubert (*)
1852726... add thunderbird (*)
3bb0a3b... fix typo (*)
338dbd7... thunderbird merged (*)
c8d5b35... add rhgb (*)
77b81c6... add mplayer (*)
63e0a1e... updated mls comments from chad hanson (*)
9105f90... add mozilla bug 1396 (*)
edf241c... add evolution, bug 1384 (*)
49b41cb... fix missing dep (*)
e78c775... fix temporary rules in portmap, bug 1467 (*)
3b39334... add comment so this bit can be fixed. (*)
3cfd487... add ssp patch and move some domain_(base_)?_type() rules to (*)
7400d12... remove unneeded rule (*)
0834f9b... add ethereal, bug 1383 (*)
efc94af... fix explicit dep of policy.conf (*)
405efe1... additional mls interfaces from chad hanson. (*)
aa5f871... add listen and accept to tcp_sock (*)
c28caf3... fix misname of template (*)
3abd5ee... Change build order to preserve m4 line number information s (*)
ce6c136... gentoo fixes (*)
35d0857... sort to get all attribute declarations above type declarati (*)
3dbceb8... fix most missing entries from bug 1567 (*)
b67fafc... move typealias statements up too (*)
fbc0a27... add games, bug 1386 (*)
f62f4c7... work around locale weirdness in FC that affects sort. (*)
7f74a41... add audioentropy, bug 1515 (*)
99c902f... add calamaris, bug 1518 (*)
7013167... add in full permission sets now that it will be used for re (*)
dcd174a... comment fix (*)
a3cf80d... patch from dan Fri, 17 Mar 2006 15:22:53 -0500 (*)
ac6cff2... fix vpn module declaration. (*)
7fd9a60... add hidd (*)
0db866c... enable optionals in base/monolithic (*)
bb7170f... deprecate module name as first parameter of optional_policy (*)
8b2d5ca... fixes from thomas bleher Fri, 24 Mar 2006 13:25:54 +0100 (*)
d42c7ed... Additional interfaces in corecommands, miscfiles, and userd (*)
096ae61... add cipe, bug 1519. (*)
ab23bb9... make interfaces expand now that they aren't ifdef'd away (*)
a5d5465... remove unneeded gen_require in can_exec (*)
1786478... add user fonts to xserver. (*)
3a1fb3c... cleanup (*)
a65611d... clean up to make files use its own interfaces. (*)
28567af... use device_node attribute instead of individual calls per t (*)
1ce7f6b... bump rev (*)
bcdcc55... add extra dep to init_t interfaces since init_t is in base (*)
41b25f5... cleanups (*)
8e788ed... clean up formatting (*)
d2a9030... change reiserfs from xattr to genfscon (*)
9779f09... Constrain transitions in MCS so unconfined_t cannot have ar (*)
55b1905... semodule needs to manage the file contexts (*)
da14da8... make fs use its own interfaces. (*)
be0b1b5... remove stray bit from old su-newrole (*)
f3ac5e9... move su_exec_t decl back to su module. (*)
fa2c744... bump rev (*)
7249255... patch from dan Wed, 29 Mar 2006 15:32:51 -0500 (*)
b192570... fix typo seen by jathey (*)
2f1a8fb... add distro rhel4 (*)
58a3822... add back newrole functionality in rhel4 (*)
1896311... add dante, bug 1521 (*)
0610998... update for past renames (*)
3b91474... TODO cleanup (*)
4a11802... fix typo pointed out by james (*)
baec643... fix some textrel libs on fc (*)
65e131f... add qmail (*)
7f9ebb2... add postgrey (*)
e551601... add snort, bug 1546 (*)
3411c3c... add pxe, bug 1540 (*)
27c34bb... really fix init out of base module problem (*)
70de70d... really fix (*)
a478b5e... add nessus, bug 1532 (*)
f1e604b... add nagios, bug 1531 (*)
fc70c9d... remove devfs_control_t (*)
0578bf8... make .te and .fc files optional by touching them if they ar (*)
413982c... move xconsole to xserver mod (*)
18fa7ac... big status update (*)
6aa357c... change wording of status (*)
185ab24... fixes for rhel4 genhomedircon. (*)
a3e785d... try 2 on rhel4 fixes (*)
5d92a20... try 3 on rhel4 fixes (*)
a7c960a... try 4 on rhel4 fixes (*)
3eec24b... add uwimap, bug 1552 (*)
5516db6... add xprint, bug 1553 (*)
b518fc2... move over to attributes for unconfined interfaces. (*)
f82f22c... fix assertions (*)
6f8cda9... add courier, bug 1520 (*)
2014458... fix up command line module settings (*)
03631a5... missed changelog entry, bug 1520 (*)
8cfa5a0... first part of dans patch Tue, 11 Apr 2006 09:25:24 -0400 (*)
c655ec4... second part of dans patch Tue, 11 Apr 2006 09:25:24 -0400 (*)
4e656a1... add uptime, bug 1551 (*)
dfd2c1e... add uptime, bug 1551 (*)
fa89516... add transproxy, bug 1549 (*)
5501be5... add speedtouch, bug 1548 (*)
0cc79fc... add perdition, bug 1537 (*)
61cf534... add jabber, bug 1529 (*)
26eac6d... massive rewrite for out of tree building of modules. (*)
7f3d157... fix up title (*)
2b10a6c... fix formatting, fix xml in example. (*)
df1c285... fix capitalization (*)
e38cb71... add semanage transition for unconfined (*)
b057be8... add resmgr, bug 1543 (*)
69d1af0... status update (*)
2ba3de9... add openvpn from petre rodan (*)
cdc86ee... first part of dans patch Fri, 14 Apr 2006 08:08:43 -0400 (*)
abc73a7... second part of dans patch Fri, 14 Apr 2006 08:08:43 -0400 (*)
86e869e... stabilize make conf output from erich, bug 1242 (*)
eeb8ea4... fix bad rules in samba, bug 1623 (*)
e3e37e8... add asterisk and ntop. (*)
dd6f828... update test scripts (*)
f8cd6f7... cleanup (*)
478f0ca... fix up openvpn port (*)
5f6fb4c... more completed modules (*)
5d03fc2... add gatekeeper, bug 1526 (*)
85a0f96... patch from dan Tue, 18 Apr 2006 23:16:15 -0400 (*)
fb63d0b... add concept of executables, and update policies which reall (*)
02f9b21... first cut of hierarchical policy (*)
82f1dfb... fixes (*)
0377627... misc cleanup (*)
8536924... add tripwire, bug 1550 (*)
57f233b... add backup, bug 1517 (*)
6cd6d7a... add gift, bug 1527 (*)
53bf559... fix stray texrel_shlib_t references (*)
9e725d8... add dnsmasq, bug 1524 (*)
9b244cb... add soundserver, bug 1547 (*)
4d73bb4... add imaze, bug 1528 (*)
5b4d099... more implemented modules (*)
70b8a72... add ddclient, bug 1523 (*)
5540e76... add rssh, bug 1544 (*)
0e1c461... more of patch from dan Thu, 20 Apr 2006 14:06:03 -0400 (*)
a6a638d... add vmware, bug 1389 (*)
b35d3f7... add vmware, bug 1389 (*)
5b7b2b0... fixes for testing with unconfined vms (*)
677de4d... add template doc (*)
03d797c... fixes for confined vmware sessions (*)
11a4a22... more status updates (*)
06e2775... add nrpe to nagios, bug 1533 (*)
b6b5747... add authbind, bug 1516 (*)
6a21cef... add nsd, bug 1534 (*)
e4166a1... another status update (*)
b6d37eb... add munin, bug 1530 (*)
f30e6ea... add yam, bug 1554 (*)
050f364... add ircd, bug 1658 (*)
d592b69... add watchdog, bug 1662 (*)
512e8cf... remove broad ldap access (*)
9f8c872... status update for today (*)
2788187... add missing entrypoint (*)
d40c0ec... fix up entrypoints (*)
3f1c086... add monop, bug 1659. (*)
e8bf4dc... fix optional (*)
b6cc2f9... add sxid, bug 1661 (*)
5706fac... make dupe interface and templates a fatal error. (*)
5bd9fd7... add openca, bug 1660 (*)
6714c26... split out filetrans part of files_manage_etc_runtime_files( (*)
2e9cd95... add oav, bug 1536 (*)
bc5211d... status update (*)
ea5333d... add target for validating module linking, bug 1276 (*)
e993594... patch from dan Tue, 02 May 2006 10:08:17 -0400, includes py (*)
8bf6f58... split type transition from auth_manage_shadow (*)
988930d... HOME_DIR only on strict (*)
6ba4d96... add dcc, bug 1522 (*)
f40b22b... add appletalk socket for cups (*)
c8229a9... add appletalk socket for cups (*)
48b1d0b... add afs, bug 1514 (*)
12cd9a0... add portslave, bug 1538 (*)
20e929e... add razor, bug 1542 (*)
858a1fa... dontaudit chroot, glibc compile is ok without it (*)
bf2f29a... fix broken macro calls (*)
46bec43... add clockspeed from petre rodan (*)
6bd4494... add nx, bug 1535 (*)
4c44b8d... ssh_keysign_exec_t should be a bin (*)
54d01c8... pyzor does not have a per userdomain template (*)
88d68f6... remove unreproducible notatsecure problem, bug 1411 (*)
f827eb6... fixes from testing (*)
eac0b8b... status update (*)
e58da02... document postfix templates, remove postfix_public_domain_te (*)
e8ffdfc... document postfix templates, remove postfix_public_domain_te (*)
727758a... make executable (*)
ac9db9b... document remaining interfaces w/o XML. turn on warnings fo (*)
88bc7af... fix sendmail_exec_t encapsulation breakage (*)
013d746... add apache_manage_all_content, bug 1602 (*)
e9a4084... clean up some apache networking perms (*)
21d173a... remove rules added to make sediff easier (*)
fc47b34... Add a copy of genhomedircon for monolithic policy building, (*)
28401d2... gentoo has passwd in /bin (*)
b0bdcba... update admin template docs (*)
75c1c26... add info on build options (*)
6c5614d... move old strict, targeted, and mls policies to archive (*)
165b42d... most of patch from dan Mon, 15 May 2006 11:58:01 -0400 (*)
b516e80... start cleaning up node binding and raw if/node access (*)
5f4b569... fix example.te (*)
46fc46c... fixes for gentoo (*)
87eb5c8... patch from dan Thu, 18 May 2006 11:56:22 -0400 (*)
9d45380... patch from russell Fri, 19 May 2006 20:28:29 +1000 (*)
41a0f8b... move selinux unconfined to attribute setup, clean up unconf (*)
2288381... cleanup init_t a little (*)
c55b6f2... add packet security class (*)
8fa4943... add back stray file descriptors dontaudit for rhel4 (*)
263721b... dontaudit just the kernel fd use, the others may indicate p (*)
e126047... no user contexts for strict policy (*)
a013b55... initial addition of packet policy, allow unconfined to send (*)
e37158e... initial support for packets (*)
6293bae... allow iptables to relabelto all packets (*)
d6c62e7... initial commit of netfilter config generator tool, still ne (*)
c890249... use network_port()s to declare packets, since packets match (*)
29a0519... add compute_av for doing rootok check (*)
d6d8b70... add command line arguments support, and mls/mcs support (*)
df15d00... fix chain declaration (*)
d24259b... fix handling of comments at the end of the line, and add co (*)
6b873c4... fix copyright years (*)
6962bb3... add makefile support for netfilter contexts (*)
e4b30fb... remove debugging statemnet (*)
c5657a2... add generic packet interfaces, and fix up unconfined handli (*)
378d5cd... initial packet rules (*)
f6e83a7... typo (*)
8745d93... packets from configuring cups from a web browser and printi (*)
1896941... reorganize the file (*)
7b64368... update ssh for packets (*)
2f8eec2... add client and server packet attributes (*)
4b01e21... comment out .SECONDARY since its broken in make 3.81, and r (*)
332bb3f... fix typos (*)
bfad886... packets for users (*)
006e998... packet updates for kernel, nscd, bind, ntp, spamassassin, a (*)
72fcec8... more packets (*)
b8373ee... updates for nfs, squid, and mta (*)
968ace9... apache packets (*)
5afdf0b... add gcc-config to portage (*)
35a4b34... break packet_t into server_packet_t client_packet_t, and co (*)
c0d8c41... add packets for apps (*)
9d0c9b3... packets for admin modules (*)
141cffd... packets for services (*)
9a879bd... packets for ftp (*)
42d0536... fill out networking perms (*)
3152d15... packets for inetd (*)
3d03a4f... packets (*)
97c57a1... missing net_bind_service cap for bind_all_ports interfaces (*)
6e76320... fix bad use of templates (*)
fc2dac6... improve warning message, with file and line numbers (*)
e51048a... fix execmod all files rule in wine (*)
522b59b... patch from dan Tue, 06 Jun 2006 22:50:46 -0400 (*)
9c1c08e... fix most bad rules in cups, bug 1771 (*)
5fe2095... shell scripts in the apr build dir (*)
c227050... another script in the apr build dir (*)
eeab571... fix up bad ifdefs and remove foo.te definition for modules. (*)
290a4a9... use domtrans from initrc for insmod (*)
8e86e4e... fix typo (*)
06b9bd1... add ifndef convenience macro (*)
d576ae1... fix to use ifndef convenience macro (*)
821f78b... fix dbus_user_bus_client_template (*)
4f447b0... Fix build system to not move type declarations out of optio (*)
c546864... remove some extra endlines (*)
2dbd382... patch from dan Mon, 12 Jun 2006 15:32:00 -0400 (*)
371097e... undo dans reversion (*)
75fbbb0... add ftpdctl from paul howarth (*)
884e3be... fix typos (*)
b68a85c... clean up usercanread (*)
7d1e368... fix typo (*)
9539535... fix typo (*)
eaa823e... remove redundant conditional (*)
e586ecc... fix typo (*)
cc0c00d... remove raw network, make mta optional, and a little cleanup (*)
1b11a1f... need send_msg for merging dbus (*)
123a990... patch from Dan Tue, 20 Jun 2006 16:19:13 -0400 (*)
2dd1d30... list dans patches (*)
fe3a1eb... add key support (*)
4a7b2c5... bump mod versions for key (*)
c72f53f... fix "no modules enabled" check (*)
906f108... change assignment of programs so they can be overridden on (*)
c467d98... temporarily add unlabeled packet perm to unlabeled associat (*)
81a016f... change eventpollfs labeling to task sid (*)
c11774e... fix initrc_context for targeted (*)
e2ae086... add support for toolchain testing (*)
2cc4072... make mta dep optional (*)
f35fed5... a few TODO fixes, and deprecate mount_send_nfs_client_reque (*)
29943b3... add vgetty log fc (*)
1f6524a... more TODO cleanup (*)
0950eeb... change to use validate target for module linking (*)
385e624... move non-policy dirs out of trunk (*)
3aab4a8... add audit_write and a little style cleanup. (*)
85311bf... add 3rd party interface for transition out of unconfined (*)
b6a9bc3... missing tcp connect for http cache (*)
17de1b7... remove extra level of directory (*)
2defa77... remove extra level of directory (*)
133000c... remove setbool auditallow, except for distro_rhel4. (*)
da9bbc6... fix up audit message perms now that audit_write denials are (*)
d822675... add access to keys for unconfined (*)
19ebf01... patch to fix escaping of . in file contexts from james athe (*)
8b9ebd3... some cleanup in the kernel layer (*)
ea3c1f5... add helpers for printing warning and error messages (*)
d617143... remove deprecated mount_send_nfs_client_request() from stun (*)
79f5f5e... add gdm Xsession fc (*)
528811e... clean up most of the remaining ssh TODO (*)
81aa67f... more ssh agent fixes (*)
4655103... patch from dan Wed, 26 Jul 2006 14:42:46 -0400 (*)
4b3b46d... add authlogin interface to abstract common login program pe (*)
85476e9... fix up mtrr interfaces. missing the file class on a few in (*)
9d3a3f8... add missing entry for dan's last patch (*)
80f928e... display warning if using loadkeys_domtrans() in targeted (*)
4846dc8... patch from Stefan for mrtg daemon operation. (*)
5a7c06f... add support for netfilter_contexts (*)
f5d1d0f... missed changelog entry for nc (*)
eb8a263... fix target deps for nc (*)
497da09... ps/ptrace dontaudit cleanup (*)
cfd5c5e... add variable for install, and do other helper pgm cleanup (*)
bd56da4... clean up constraints (*)
33c7e6b... remove dead selopt rules (*)
3573908... fix cron_system_entry() rules (*)
ba1a545... cleanup in authlogin (*)
e50a55b... clear executable bits (*)
4bc6e32... fix for netfilter_contexts (*)
e9b9e45... testing fixes (*)
2ed690d... fix typo in sxid (*)
3ef029d... add nscd_socket_use() to auth_use_nsswitch() since it cache (*)
5b4ff3a... fix ordering bug (*)
d15dd5a... more testing fixes (*)
98de871... more strict testing fixes (*)
de22282... fix gentoo /opt contexts (*)
e539a49... This patch enables to use xattr on jffs2 filesystem. (*)
ce6bf7c... more testing fixes (*)
a5e2133... patch from dan Wed, 23 Aug 2006 14:03:49 -0400 (*)
c634db2... fix makefile style so internal variables are lowercase (*)
eac818f... patch from dan Thu, 31 Aug 2006 15:16:30 -0400 (*)
9b45c60... This patch adds a polmatch avperm to arbitrate flow/state's (*)
5dbda55... patch from dan Fri, 01 Sep 2006 15:45:24 -0400 (*)
13d7cec... patch from erich Sat, 02 Sep 2006 03:37:44 +0200 (*)
686f11c... add corenetwork.if dependency on corenetwork.te.in, since i (*)
91dabf4... fix up usb.ids per distro (*)
75beb95... patch from dan Tue, 05 Sep 2006 17:06:06 -0400 (*)
bbcd3c9... add main part of role-o-matic (*)
95b8223... cleanups (*)
b1bf2f7... add last bit of role infrastructure (*)
376fbc0... clean up usercanread (*)
0d96ff3... misc fixes (*)
2cac32a... fix miscfiles_read_localization() (*)
73ca55d... patches from erich Wed, 13 Sep 2006 16:18:18 +0200 (*)
9dfbd81... forgot to bump policy vers (*)
1a79cf0... add -E to python commands (*)
2b571d6... common users list inotifyfs (*)
cf7af13... add mls fd constraints (*)
bf469d7... gentoo testing fixes (*)
a9e03b3... * add a macro for generating category declarations * fix us (*)
8708d9b... patch from dan Wed, 20 Sep 2006 12:12:49 -0400 (*)
693d4ae... patch from dan Fri, 22 Sep 2006 16:30:34 -0400 (*)
e2b84ef... patch from dan Mon, 25 Sep 2006 15:46:40 -0400 (*)
6c63996... fix build error (*)
49317e6... fix corenetwork so the ifdef enable_mls survives to regular (*)
f8cfddb... fix ticket #15. (*)
0021906... This patch adds a GConf policy to refpolicy. (*)
e070dd2... - Move range transitions to modules. - Make number of MLS s (*)
3c3c043... patch from russell, Thu, 5 Oct 2006 22:44:49 +1000 Allow un (*)
546c81c... more non .so lib files for acrobat (*)
830c12e... apply contested part of russell's last patch (*)
f76d070... fix some stuff that does not affect policy (*)
93ddc66... change transition from run_init to initrc to spec. (*)
85f0c35... make optional the inetd dependency in samba (*)
2128323... mkdir policy and file contexts dirs in make load of modular (*)
d508474... add load target to Makefile.devel (*)
8a2492a... fix makefile to install root default contexts (*)
14b1684... gentoo testing fixes. (*)
009b377... more realplayer entries (*)
0e5c544... fix term_tty() associations (*)
e45324d... gentoo integrated run_init rules in wrong build option. (*)
aeaae51... fix ticket #16 (*)
130f8a4... merge netlabel stuff from labeled-networking branch (*)
d4a48c4... make inetd optional (*)
b04eccd... fix duplicate /usr/bin/mplayer fc match for targeted (*)
a52b4d4... bump versions to release numbers (*)
248cccf... 20061018 release (*)
a8671ae... enhanced setransd support from darrel goeddel (*)
76bac89... make load target more friendly and add reload target (*)
d5ae683... add seutil_rw_config() (*)
5824380... fix up corecommands perm sets, add seutil_manage_config_dir (*)
d9845ae... patch from dan Tue, 24 Oct 2006 11:00:28 -0400 (*)
f497b8d... Christopher J. PeBenito wrote: > We could add another 'or' (*)
0f9a2be... add missing gentoo file contexts for initrc and lvm (*)
ed38ca9... fixes from gentoo strict testing: - Allow semanage to read (*)
59f8539... - Add a reload target to Modules.devel and change the load (*)
c6a60bb... On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote: > He (*)
d31d3c1... This modifies the mls constraint for polmatch in the associ (*)
fa45da0... add aide, ccs, and ricci (*)
c31f672... fix dontaudit interface that was allowing instead of dontau (*)
bff9071... fix dontaudit interface that was allowing instead of dontau (*)
563e58e... patch from dan for some missing gen_require()s (*)
d6d16b9... patch from dan Wed, 29 Nov 2006 17:06:40 -0500 (*)
c0868a7... merge policy patterns to trunk (*)
42c5c5f... bump versions for release. (*)
b001503... update version and changelog for release (*)
ff943a1... Clean up file context regexes in apache and java, from Eamo (*)
10e1209... Fix explicit use of httpd_t in openca_domtrans(), bug #22. (*)
4bd55eb... Fix explicit use of httpd_t in openca_domtrans(), bug #22. (*)
6b19be3... patch from dan, Thu, 2007-01-25 at 08:12 -0500 (*)
f1be09c... make ttys and ptys device nodes (*)
bcac3a5... Patch to remove incorrect cron labeling in apache.fc from R (*)
d114071... While using samba and SELinux with Debian GNU/Linux (etch) (*)
aeb54c6... Patch to allow apmd to telinit from Dan Walsh. (*)
4685213... Patch for misc fixes to nis ypxfr policy from Dan Walsh. (*)
66cf194... Patch to remove redundant mls_trusted_object() call from Da (*)
5c45eae... On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote: > (*)
3a39015... On Tue, 2007-02-20 at 12:30 -0500, Daniel J Walsh wrote: > (*)
a715dc0... add dccp_socket object class (*)
bbb7cc8... Patch to start deprecating usercanread attribute from Ryan (*)
5b06477... On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote: > (*)
f0eaed3... Patch for misc fixes to bluetooth from Dan Walsh. (*)
ca448bd... add init_exec() to init_telinit(). (*)
cd548f7... fix man page patch from dan walsh (*)
86d754e... Add support for libselinux 2.0.5 init_selinuxmnt() changes. (*)
bf39cdb... Patch for additional games file contexts from Dan Walsh. (*)
2aea366... Patch for an additional wine executable from Dan Walsh. (*)
09c56f5... Patch for kerberized ftp and other ftp fixes from Dan Walsh (*)
4900fdf... Patch for kerberized telnet fixes from Dan Walsh. (*)
ecc98e1... patches for file contexts in networkmanager, miscfiles, cor (*)
f2c69c4... lmtp and smtp are the same file require same context of set (*)
c5561c7... patches for lvm and ricci fixes from Dan Walsh. (*)
c23eb5b... Patch for gssd fixes from Dan Walsh (*)
7aca2aa... setroubleshoot has a plugin that checks the file context on (*)
7aefc69... trivial change from dan (*)
59bedc1... procmail uses /tmp files Wants to send signull to itself Ca (*)
cdc91b9... Patch for handling restart of nscd when ran from useradd, g (*)
b5a6c86... last bit of dans patch (*)
0cca516... fix for rh bug 203290 (*)
b50f2ee... It was just pointed out to me that the raw IP socket class (*)
6c20f77... patch from Dan for sudo: sudo should be able to getattr on (*)
c224d91... from Dan: This is a new policy for the User Switching capab (*)
e66689f... other part of consolekit addition (*)
86b28c9... trivial patch from dan for sysstat access to sysfs (*)
7200146... trivial patch for radius from dan (*)
9378492... add kvmfs support, from dan (*)
4832f0e... create user gpg keys dir patch from dan (*)
a5f5eba... Add dontaudits for init fds and console to init_daemon_doma (*)
efcf9df... kudzu will telinit to make init re-read the inittab after c (*)
cd3ee91... add fail2ban from dan (*)
d17bab0... stop adding netfilter contexts, as decided at the developer (*)
19fd930... patch from dan to have ricci modstorage transition to lvm (*)
cc9130b... one-liner from dan (*)
5f5b7a1... network fix from dan (*)
1852cda... deprecated pax class (*)
e9b0042... Output different header sets for kernel and userland from f (*)
ab514d6... remove disable_trans booleans (*)
8021cb4... Merge sbin_t and ls_exec_t into bin_t. (*)
56e1b3d... - Move booleans and tunables to modules when it is only use (*)
9e8f65c... six trivial patches from dan for iptables, netutils, ipsec, (*)
a26923c... Two patches from Paul Moore to for ipsec to remove redundan (*)
dde00d4... add refresh target to devel makefile which tries to reload (*)
f6ddd6b... bools in modules fix to require the boolean in optionals th (*)
f88ef60... emit "null" instead of NULL for userspace headers (*)
39d8dcd... fix http_script_domains, it was incorrectly applied to the (*)
98faba1... gentoo /lib can be a symlink on x86-64 systems (*)
f4e2b19... man page updates from dan (*)
9af48ee... six patches from dan (*)
ebc1e8b... from dan: (*)
19b2dee... confine ldconfig in targeted, from dan (*)
82e284b... last piece of dan's previous patch (*)
99064c9... more consolekit updates from dan (*)
6974890... 5 patches from dan. confine insmod and udev on targeted, m (*)
97e8156... add zabbix from dan (*)
4029f11... last piece of previous consolekit patch (*)
0251df3... bump module versions for release (*)
2733830... final release entries for 20070417 (*)
7a4bd42... Fix clockspeed_run_cli() declaration, it was incorrectly de (*)
b4dfdc7... Move program admin template usage out of userdom_admin_user (*)
cd16fe6... Replace the old lrrd fc entries with correct munin ones. (*)
d28e528... Fixes for RHEL4 from the CLIP project. (*)
b4beb0a... missed piece of clip patch (*)
7487a66... trivial fix from dan for bluetooth (*)
27c570f... trivial fix for netutils from dan (*)
f9029fc... Patch to allow slocate to getattr other filesystems and dir (*)
ae32fb7... trivial aide fix from dan (*)
747ab18... Patch to allow amavis to read spamassassin libraries from D (*)
6a29757... add rwho from Nalin Dahyabhai (*)
882186c... - Patch to allow insmod to mount kvmfs and dontaudit rw unc (*)
517618f... Patch to dontaudit logrotate searching avahi pid directory (*)
ed4b730... Patch to have avahi use the nsswitch interface rather than (*)
7f819d8... add missing rename_dir_perms (*)
0ef5d66... textrel lib update from dan (*)
4967aaa... Miscellaneous consolekit fixes from Dan Walsh. (*)
b129e20... Fixes for squid, dovecot, and snmp from Dan Walsh. (*)
78f17e6... add apcupsd from dan (*)
12217cc... Patch to begin separating out hald helper programs from Dan (*)
762d2cb... merge restorecon into setfiles (*)
38d0cf1... trunk: long overdue cleanup from when range_transitions wer (*)
c412be6... trunk: remaining pieces for apcupsd module (*)
a39a931... trunk: snmp tweak from dan (*)
17b9cb7... trunk: fix line in evolution to be strict-only; was being c (*)
7782966... add fc entry for make_reiser4 (*)
f6a590d... six simple patches from dan (*)
d534d35... trunk: 5 patches from dan (*)
6649aec... trunk: 3 patches from dan (*)
f7101c5... trunk: 7 simple patches from dan. (*)
262def1... trunk: version bumps for previous commit. (*)
d5b81a8... trunk: Add logging_send_audit_msgs() interface and deprecat (*)
a74d1ad... trunk: add amtu from dan (*)
d139413... trunk: 2 patches from dan (*)
41337aa... Memprotect support patch from Stephen Smalley. (*)
cb10a2d... trunk: Tunable connection to postgresql for users from KaiG (*)
6c8aba7... trunk: confine sendmail and logrotate on targeted (*)
788d88c... trunk: drop snmpd_etc_t. (*)
40df567... trunk: big samba update from dan (*)
99b5a56... trunk: radius one-liner from dan (*)
5bf9deb... trunk: 3 patches from dan (*)
92d1ade... trunk: trivial gentoo tweaks (*)
7f08978... trunk: xen updates from dan (*)
a90a256... trunk: procmail tweak from dan. (*)
02f2c3e... trunk: nagios update from dan (*)
22bff65... trunk: fix typo in vmware.fc (*)
2c3ac47... trunk: pyzor and clamav updates from dan (*)
1900668... trunk: Unified labeled networking policy from Paul Moore. (*)
7b61fe5... trunk: add rpcbind from dan (*)
f5842c1... trunk: minor amanda update from dan (*)
e5e55ac... trunk, strict-targeted-merge: add mmap_zero to xserver doma (*)
4231988... trunk: add templates to tags generation (*)
113b4fc... Fix incorrectly named files_lib_filetrans_shared_lib() inte (*)
116c1da... trunk: update module version numbers for release. (*)
970122c... trunk: updated version and changelog for release (*)
f80a0e4... trunk: Add debian apcupsd binary location, from Stefan Schu (*)
6929521... trunk: fix missed netlabel deprecation (*)
d46cfe4... trunk: add application module (*)
708aab1... trunk: fix targeted sshd. When the domain was unaliased fr (*)
924f3cc... trunk: add getserv and shmemserv nscd permissions. (*)
63acaf5... trunk: fix pipe permission set in domtrans_pattern(). (*)
371d11e... trunk: add 3rd party interface for apache cgi. (*)
c040ea1... trunk: several support macro fixes. (*)
939a428... trunk: 3 patches from dan (*)
3d6e962... trunk: filesystem patch from dan (*)
9760cbe... trunk: Database userspace object manager classes from KaiGa (*)
2d0c9ce... trunk: several MLS enhancements. (*)
f8233ab... trunk: Deprecate mls_file_write_down() and mls_file_read_up (*)
1779bef... trunk: fix gdm xsession scripts on redhat machines. (*)
80d5e02... trunk: Files and radvd updates from Stefan Schulze Frieling (*)
f65ca5f... trunk: add some info to the readme about building from head (*)
8d2c341... trunk: updates from dan on 9 modules (*)
2af7b42... trunk: switch daemons from inheriting from all levels to in (*)
d62c088... Update MLS constraints from LSPP evaluated policy. (*)
752ddf5... trunk: add missing commas in can_exec in daemontools that w (*)
a2f4448... trunk: patch to allow sendmail to read ssl/tls certificates (*)
6dd721a... trunk: 7 patches from dan, slocate, games, amavis, radius, (*)
85bec1a... trunk: fix example.if xml problems (*)
4922765... trunk: fix certwatch_run() interface, which had a typo in t (*)
ce2c80f... trunk: make coda nfs_t, ticket #39. (*)
0a0b807... trunk: 5 patches from dan. (*)
016e5c5... trunk: 4 patches from dan. (*)
8241b53... trunk: udev update and brctl module from dan. (*)
72f82c4... trunk: six patches from dan. (*)
abc8934... trunk: two tiny patches from Stefan Schulze Frielinghaus (*)
8a9d6f6... trunk: 6 patches from dan. (*)
134a799... trunk: 3 patches from dan. (*)
14add30... trunk: 3 patches from dan. (*)
8242f5a... trunk: add bitlbee from devin carraway and add tcpd_wrapped (*)
0cf6df5... trunk: add awstats from Stefan Schulze Frielinghaus. (*)
6f49b49... trunk: Patch to add missing requirements in userdomain inte (*)
ff4085d... trunk: one-liner from Shintaro Fujiwara. (*)
96fc0a4... trunk: Fix XML building for external reference builds and h (*)
4ddc7ba... trunk: xml doc one-liner from Stefan Schulze Frielinghaus. (*)
aef93a7... trunk: one-liner from Shintaro Fujiwara (*)
8acfcbc... trunk: Add support for setting the unknown permissions hand (*)
3480f3f... trunk: bump version numbers for release. (*)
94636e4... trunk: update sources rpm spec file. (*)
cb811cd... trunk: update version and changelog for release. (*)
350b6ab... trunk: merge strict and targeted policies. merge shlib_t i (*)
12e9ea1... trunk: module version bumps for previous commit. (*)
6c53a10... trunk: Patch to clean up unescaped periods in several file (*)
81d4c88... trunk: remove stale user_net_control reference in usernetct (*)
ef659a4... Deprecate some old file and dir permission set macros in fa (*)
cdf98fe... trunk: 10 patches from dan. (*)
bc01b35... trunk: 2 patches from dan. (*)
f487827... trunk: reorganize amanda and bind (*)
a27d1c6... trunk: gdm is in /usr/sbin on rawhide machines, from Eamon (*)
3662709... trunk: fix unconditional call to nscd from usermanage run i (*)
3a9096d... trunk: do not emit S_(0, 0, 0) in kernel headers for usersp (*)
651df3c... trunk: do not emit lines in the kernel version of av_inheri (*)
32c05cc... trunk: fix flask.py Flask class userspace dictionary usage. (*)
e83edee... trunk: fix do not userspace commons in kernel version of av (*)
a334d29... trunk: add infrastructure for managing user web content. (*)
2f27163... trunk: 3 patches from dan. (*)
3c99e59... trunk: add /var/lib search for system bus template. (*)
6bf8bf4... trunk: add exim from dan. (*)
8e2fb69... trunk: filesystem patch from dan. (*)
bd973e3... trunk: remove unused types from dbus. (*)
495df41... trunk: 11 patches from dan. (*)
164772b... trunk: Russian man page translations from Andrey Markelov. (*)
7d4161c... trunk: 3 patches from dan. (*)
3ece118... trunk: fix init_ranged_system_domain range_transition objec (*)
8bdb48d... trunk: 6 patches from dan. (*)
eaed904... trunk: 3 patches from dan. (*)
4605adc... trunk: add postfixpolicyd from Jan-Frode Myklebust. (*)
3b498a9... trunk: add gentoo hal fc entry. (*)
847937d... trunk: Patch to restructure user role templates to create r (*)
a56055e... trunk: rearrange the bottom of domain.if and fix domain_ips (*)
bdccbac... trunk: add labeled networking support to unconfined. (*)
9820351... trunk: add in polmatch for default spd. (*)
2999cea... trunk: remove duplicate specifiction for /usr/lib/devices o (*)
6c91189... trunk: 8 patches from dan. (*)
226c069... trunk: 9 patches from dan. (*)
eeef8dc... trunk: Add interface for libselinux constructor, for libsel (*)
389ad7b... trunk: reorganize selinuxutil. (*)
53da70c... trunk: deprecate seutil_manage_selinux_config() in favor of (*)
013783b... trunk: switch newrole and run_init over to use nsswitch. (*)
ccf6611... trunk: add unconfined_run_to(). (*)
6ab634a... trunk: fix dup specification for /var/spool/cups/* (*)
285d009... trunk: do not install netfilter_contexts on monolithic. (*)
8d1f9d9... trunk: add missing tcp_socket rules for xfs. (*)
0b6acad... trunk: More complete labeled networking infrastructure from (*)
0aa18d9... trunk: version bumps for previous commit. (*)
2f5c2f2... trunk: remove duplicate init_system_domain() call for setfi (*)
1483be1... trunk: handle early boot on debian, for /dev labeling. (*)
6138d3d... trunk: test fix for newrole. (*)
c2b87f2... trunk: test fix 2 for newrole. (*)
f98cfb5... trunk: version bump for newrole fixes. (*)
08dccef... trunk: add /dev symlink relabel since its not short circuit (*)
c0cf6e0... trunk: clean up nsswitch usage, from dan. (*)
5f63dd1... trunk: fix xconsole rw interface. (*)
74d920c... trunk: add setrlimit to debian cron. (*)
09e2168... trunk: another round of nsswitch from dan. (*)
dd9e1de... trunk: Improve several tunables descriptions from Dan Walsh (*)
9f6e2db... trunk: add openoffice locations in gentoo. (*)
02d968c... trunk: several fc updates from dan. (*)
1abafe3... trunk: Patch for debian logrotate to handle syslogd-listfil (*)
f7925f2... trunk: bump module versions for release. (*)
766617f... trunk: update help texts. (*)
cde477c... trunk: package versioning for release. (*)
6a37eba... trunk: fix variable whitespacing in build.conf. (*)
1a61ce0... trunk: fix .SECONDARY in modular makefile to work around a (*)
f3da31d... trunk: Labeled networking peer object class updates. (*)
7cbfeb9... trunk: uncomment set loginuid for functional login programs (*)
9323a50... trunk: add run_init domtrans to chk passwd. (*)
936f286... trunk: add mls constraints to dbus. (*)
c8d4c38... trunk: fix missing lo netif alias for standard and mcs conf (*)
d4623f3... trunk: add setfcap capabiltiy, from Serge Hallyn. (*)
b23e1c1... trunk: simplify appconfig file installation. (*)
13e4e6e... trunk: install securetty_types. (*)
320ea98... trunk: add 3rd party corenet interfaces for (secmark) packe (*)
ce8a529... trunk: 3 patches from dan. (*)
12cf805... trunk: add basic ubuntu support (*)
7a5e2d8... trunk: 12 patches from dan. (*)
8b9ffed... trunk: add capability2 class, from Stephen Smalley. (*)
f034333... trunk: labeled networking permission update from paul moore (*)
6e7a1fc... trunk: fix userdom_role_change_template() xml. (*)
4f01781... trunk: fix pppd admin interface. (*)
037fc0f... trunk: label /proc/kallsyms with system_map_t. (*)
f508567... trunk: 4 patches from dan. (*)
ee6608b... trunk: 8 patches from dan. (*)
51223bf... trunk: Cracklib update on Deban from Vaclav Ovsik. (*)
45b56b0... trunk: Backup update on Debian from Vaclav Ovsik. (*)
9fa023f... trunk: Pam and samba updates from Stefan Schulze Frielingha (*)
90c3c56... trunk: fc fix and if addtion from Stefan Schulze Frielingha (*)
834401f... trunk: dovecot fix from Stefan Schulze Frielinghaus. (*)
d57a094... trunk: Exim updates on Debian from Devin Carrawy. (*)
737fcf2... trunk: dontaudit init fds in loadkeys. (*)
01e8ff4... trunk: rpc update from Vaclav Ovsik. (*)
e065ac8... trunk: Apt updates for ptys and logs, from Martin Orr. (*)
210607b... trunk: Definitions for open permisson on file and similar o (*)
e276d50... trunk: Add iferror.m4 rather generate it out of the Makefil (*)
47333d8... trunk: Revise upstart support in init module to use a tunab (*)
91d6c92... trunk: a pair of tweaks from gentoo systems. (*)
6e2123f... trunk: add wireshark. (*)
2ed4f5a... trunk: small fixes for gentoo system. (*)
9e8c3aa... trunk: add type transition to fix mysql socket creation. (*)
9377a3e... trunk: fix winbind socket connection interface for default (*)
e828954... trunk: 4 patches from dan. (*)
2c12b47... trunk: add core xselinux support. (*)
0a14f3a... trunk: bump module version numbers for release. (*)
c565b44... trunk: release (*)
8152a78... trunk: 7 patches from dan. (*)
75da4b8... trunk: Patch to fix leaky interface/template call depth cal (*)
c07f9cc... trunk: Add file for enabling policy capabilities. (*)
2083db2... trunk: Cryptsetup runs shell scripts. Patch from Martin Or (*)
f12302a... trunk: hal xml doc fix pointed out by Rob Myers. (*)
7e11b74... trunk: make hald_log_t a log file. (*)
a0647af... trunk: add missing mplayer_etc_t require in role template. (*)
e9c6cda... trunk: Move user roles into individual modules. (*)
a68c30f... trunk: add secadm and auditadm bits to appconfig files now (*)
d923d54... trunk: X application data class from Eamon Walsh and Ted To (*)
a42ce93... trunk: Patch to allow gpg agent --write-env-file option fro (*)
8f3a0a9... trunk: a pile of misc fixes, mainly sync xml docs with inte (*)
b34db7a... trunk: another pile of misc fixes. (*)
4416c41... trunk: Module loading now requires setsched on kernel threa (*)
8db5085... trunk: temp workaround for toolchain breakage. (*)
e6fdb59... trunk: fix typo (*)
7d8fbdc... trunk: fix bad cifs interface. (*)
cbe82b1... trunk: start adding open perm to obvious places. (*)
9968e25... trunk: remove unneeded dependency on generated_definitions. (*)
ff79b83... trunk: add kismet from dan. (*)
782c10e... trunk: add kerneloops from dan. (*)
8926b25... trunk: tweak kerneloops. (*)
0ecd829... trunk: add additional portage log locations. (*)
308baad... trunk: Patch for labeled networking controls in 2.6.25 from (*)
b4921b5... trunk: fs update from dan. (*)
d87efee... trunk: fixes for gentoo targeted systems. (*)
147af4d... trunk: misc fixes. (*)
cdbd09f... trunk: add prelude from dan. (*)
4b28c2e... trunk: misc gentoo fc fixes. (*)
ef55a11... trunk: Patch for X.org dbus support from Martin Orr. (*)
67b6207... trunk: trivial kernel patch from dan. (*)
e8cb08a... trunk: add sepostgresql policy from kaigai kohei. (*)
8e7d43c... trunk: additional patch from kaigai to fix up some type tra (*)
fe5618e... trunk: add /usr/lib32 symlink labeling for debian. (*)
eb42163... trunk: add qemu and virt from dan. (*)
131634a... trunk: podsleuth and hal updates from dan. (*)
c54eb87... trunk: two small updates from dan. (*)
a713ad8... trunk: pull in most of dans vmware patch. (*)
b1a9036... trunk: add missing requires. (*)
7f4005e... trunk: fix up stored procedure naming patch from kaigai. (*)
8c6292b... trunk: Patch to handle postfix data_directory from Vaclav O (*)
c5cfd2d... trunk: Add unused interface/template parameter metadata in (*)
f7eaeeb... trunk: more xml doc fixes. (*)
5fe7de9... trunk: apache script connections to postgres, from kaigai. (*)
e311e23... trunk: Fix httpd_enable_homedirs to actually provide the ac (*)
6aa9918... trunk: drop workaround rules. (*)
cfcf500... trunk: bump versions for release. (*)
e64c38c... trunk: VERSION and Changelog update for release. (*)
4459a7c... trunk: update init_telinit() for upstart's datagram socket (*)
2b592aa... trunk: pam_mount fix for local login from Stefan Schulze Fr (*)
0bfccda... trunk: massive whitespace cleanup from dominick grift. (*)
6224fc1... trunk: 7 patches from Fedora policy, cherry picked by david (*)
dc1920b... trunk: Database labeled networking update from KaiGai Kohei (*)
556556c... trunk: 3 more cherry picked Fedora fixes from David Hrdeman (*)
d13f876... trunk: another patch from the fedora policy, cherry picked (*)
3338f23... trunk: Policy size optimization with a non-security file at (*)
b81bfc2... trunk: Samba/winbind update from Mike Edenfield. (*)
8a948ca... trunk: 11 more cherry picks from fedora policy, by david ha (*)
7aabe35... trunk: missed fixes on previous commit. (*)
e0ed765... trunk: 3 patches from the fedora policy, cherry picked by D (*)
cc1eee1... trunk: add an empty m4 string so the index macro is not inv (*)
9c4500b... trunk: Glibc 2.7 fix from Vaclav Ovsik. (*)
9acf481... trunk: fix from fedora policy, cherry picked from David Har (*)
6e32891... trunk: two small patches from dan. (*)
3e59876... trunk: 6 patches from the fedora policy, cherry picked by d (*)
770c015... trunk: 2 patches from dan. (*)
b4f23e6... trunk: man page updates from dan. (*)
93f445b... trunk: firstboot update from dan. (*)
32f8ff3... trunk: add w3c from dan. (*)
c11057f... trunk: fedora update cherry picked by david hardeman. (*)
e4171e8... trunk: fix unconfined mail sending out by postfix and qmail (*)
24af9b1... trunk: inetd update from dan. (*)
9bcfb6d... trunk: hplip uses dbus. (*)
6cc3f35... trunk: first part of init script labeling support. (*)
e40fa63... trunk: Logrotate and Bind updates from Vaclav Ovsik. (*)
a71e136... trunk: add cyphesis from dan. (*)
96851b1... trunk: fix bad require. (*)
cdac989... trunk: fail2ban update from dan. (*)
6a824f6... trunk: update mls constraints for x_application_data. (*)
5434181... trunk: fix fail2ban init script regex. (*)
859135d... trunk: fix bad apcupsd interface name. (*)
ae33863... trunk: networkmanager/ppp patch from dan. (*)
52ceaaa... trunk: Debian update for NetworkManager/wpa_supplicant from (*)
8786916... trunk: ntp and setrans update from dan. (*)
bc85e82... trunk: promote networkmanager debian fc entries out of buil (*)
36095d1... trunk: kudzu and mta patches from dan. (*)
21ea2b1... trunk: firstboot update from dan. (*)
a46b605... trunk: squid update from dan. (*)
48f6456... trunk: rename labeled init scripts with initrc convention. (*)
f5394cc... trunk: bind update from dan. (*)
cfafe4a... trunk: logging update from dan. (*)
64c5b99... trunk: add interface to transition to initrc_t on labeled i (*)
c9824ec... trunk: remove incomplete sshd_extern. (*)
fd49fef... trunk: last bit of wpa_supplicant update from martin orr. (*)
658f4d3... trunk: rpcbind update from dan. (*)
88c02e0... trunk: init script for setrans. (*)
4a47550... trunk: remove stale pax class comments as that class was re (*)
3daef69... trunk: cvs update from dan. (*)
bf9f348... trunk: readahead fix from dan. (*)
4bdf192... trunk: firstboot update from dan. (*)
6d8af27... trunk: fix dupe fc. (*)
73edbc9... trunk: add oident from dominick grift. (*)
12c61f3... trunk: 7 patches from dan, 1 from eamon. (*)
ed8ae5e... trunk: fix typo (*)
e87221c... trunk: 21 patches from dan. (*)
967fd1b... trunk: 8 patches from dan. (*)
04d2861... trunk: missing bits from dan's previous round of patches. (*)
06099da... trunk: 3 patches from dan. (*)
aa7c463... trunk: a pile of misc fixes. (*)
74993c4... trunk: 8 patches from dan. (*)
5d4f4b5... trunk: bump version numbers for release. (*)
40db860... trunk: version bits for the release. (*)
b19f862... trunk: Remove enableaudit target from modular build as semo (*)
aea3f28... trunk: Remove hierarchy from portage module as it is not a (*)
0b36a21... trunk: Enable open permission checks policy capability. (*)
88cf0a9... trunk: whitespace fix; collapse multiple blank lines into o (*)
2a98379... trunk: additional whitespace fixes. (*)
2cca6b7... trunk: remove redundant shared lib calls. (*)
6e68e6b... trunk: Move shared library calls from individual modules to (*)
82d2775... trunk: more open perm fixes. (*)
932c353... trunk: additional open fixes. (*)
296273a... trunk: merge UBAC. (*)
0003940... trunk: add missing ubac module. (*)
ba79698... trunk: tweaks from russell and martin orr. (*)
657c226... trunk: 7 patches from dan. (*)
6627570... trunk: fix monolithic building to correctly put USER lines (*)
27337d8... trunk: patch from Mike Edenfield to add udevadm fc entry. (*)
5843d06... trunk: 10 patches from dan. (*)
99282e6... trunk: add omapi port for dhcpcd. (*)
73c77e2... trunk: 2 fixes from martin orr. (*)
23d5ab8... trunk: fix disable ubac condition for process perms. (*)
7a4c282... trunk: fix logging admin interfaces. (*)
7f49194... trunk: Xserver MLS fix from Eamon Walsh. (*)
659c865... trunk 2 patches from dan. (*)
01e9e7d... trunk: 4 patches from dan. (*)
fcee22a... trunk: 5 patches from dan. (*)
b3b607e... trunk: a fix on the previous commit. (*)
b9e5238... trunk: add milter module from Paul Howarth. (*)
b3eb124... trunk: Debian file context fix for xen from Russell Coker. (*)
14c0edc... trunk: 2 patches from dan. (*)
fb4826f... trunk: 3 patches from dan. (*)
a057e04... trunk: fix missing xml parameter. (*)
6073ea1... trunk: whitespace fix changing multiple spaces into tabs. (*)
ff8f0a6... trunk: whitespace fixes in xml blocks. (*)
f657cb1... trunk: fix role change constraint. (*)
9ff89c4... trunk: 2 patches from dan. (*)
3196971... trunk: Fix consistency of audioentropy and iscsi module nam (*)
17ec8c1... trunk: bump module versions for release. (*)
e66a0ca... trunk: check in version and changelog for release. (*)
347a701... trunk: Add kernel_service access vectors, from Stephen Smal (*)
59d5996... trunk: fix certwatch version number. (*)
668b309... trunk: change network interface access from all to generic (*)
c126214... trunk: Remove node definitions and change node usage to gen (*)
f0435b1... trunk: add support for labeled booleans. (*)
9e7a338... trunk: su fixes from clip. (*)
64daa85... trunk: add sysadm_entry_spec_domtrans_to() interface from c (*)
019dfaf... trunk: Add support for network interfaces with access contr (*)
466e22a... trunk: Add db_procedure install permission from KaiGai Kohe (*)
805f34e... trunk: btrfs from Paul Moore. (*)
7722c29... trunk: Enable network_peer_controls policy capability from (*)
c1e5011... trunk: add context contains to setrans. (*)
f793142... trunk: 6 patches from dan. (*)
f3fcadf... trunk: Patch for RadSec port from Glen Turner. (*)
81fa19e... trunk: remove unused udev_runtime_t type. (*)
156204a... trunk: Drop write permission from fs_read_rpc_sockets(). (*)
e1a70f1... trunk: add MLS constrains for ingress/egress permissions fr (*)
c45fdad... trunk: filesystem patch from dan. (*)
60c395b... trunk: man page fixes from dan. (*)
b4ad699... trunk: add nlmsg_tty_audit permission. (*)
be5aaeb... trunk: corecommands patch from dan. (*)
7b76207... trunk: devices patch from dan. (*)
2c664e7... trunk: storage patch from dan. (*)
11c944f... trunk: fix typo in devices file contexts. (*)
da04234... trunk: 5 patches from dan. (*)
e21bd28... trunk: add mysql db lnk_file transition. (*)
c90440a... trunk: 4 patches from dan. (*)
79a5a80... trunk: 2 patches from dan. (*)
d3cdc3d... trunk: add open perm to sock_file. (*)
3c9b2e9... trunk: 6 patches from dan. (*)
244b45d... trunk: 3 patches from dan. (*)
8f800d4... trunk: 14 patches from dan. (*)
42d567c... trunk: 6 patches from dan. (*)
d6605bc... trunk: 3 patches from dan. (*)
09125ae... trunk: module version bump for previous commit. (*)
153fe24... trunk: 5 patches from dan. (*)
a5ef553... trunk: 5 modules from dan. (*)
0cf1d56... trunk: Milter state directory patch from Paul Howarth. (*)
3392356... trunk: 5 patches from dan. (*)
c0f5fa0... trunk: whitespace fixes. (*)
da3ed06... trunk: lircd from miroslav grepl (*)
350ed89... se-postgresql update from kaigai - rework: Add a comment of (*)
a47eb52... trunk: whitespace fix for squid.fc. (*)
80348b7... trunk: 4 patches from dan. (*)
a01a4a7... trunk: OK, the attached patch adds the following types for (*)
e0ea7b1... trunk: The attached patch fixes incorrect behavior in sepgs (*)
996779d... trunk: The attached patch allows unprivileged clients to ex (*)
22894e3... trunk: add libjackserver.so textrel fc. (*)
63f0a71... trunk: 9 patches from dan. (*)
e127fb6... trunk: missed UBAC change: update securetty_types for merge (*)
cca4a21... trunk: add gpsd from miroslav grepl (*)
16fd1fd... trunk: MLS constraints for the x_selection class, from Eamo (*)
731008a... trunk: 2 patches from dan. (*)
a65fd90... trunk: 6 patches from dan. (*)
30425aa... trunk: 1 patch from dan. (*)
4551555... trunk: 10 patches from dan. (*)
95ea7d6... trunk: Add x_device permissions for XI2 functions, from Eam (*)
df28a0c... trunk: Misc fixes for unix_update from Brandon Whalen. (*)
c7dc1c7... trunk: Allow unix_update to change the security attributes (*)
c9c0d84... trunk: Greylist milter from Paul Howarth. (*)
26410dd... trunk: remove unnecessary semicolons after interface/templa (*)
c017ee1... trunk: add sssd from dan. (*)
c989807... trunk: nis patch from dan. (*)
20272c2... trunk: 7 patches from dan. (*)
3f67f72... trunk: whitespace fixes (*)
267d9c6... trunk: varnishd from dan. (*)
46e2fa6... trunk: prelude patch from dan. (*)
50824a9... trunk: pads from dan. (*)
45b975d... trunk: add missing varnish port. (*)
bb88161... trunk: 3 patches from dan. (*)
9ac9739... trunk: update policycaps comments for sock_file open perm. (*)
84d88df... trunk: fix typo in guest role decl. (*)
10b03f3... three debian patches from manoj (*)
ce6fee6... 5 patches from dan (*)
f2583aa... Remove duplicate distro_redhat context (*)
7694abd... module version bump for f2583aa83b4f5c0081ac4caebffcc0a2940 (*)
b67201e... fix bad varnishd interface names (*)
9e90ce3... add policykit from dan. (*)
dc0ab0f... changelog for previous commit (*)
edb7b90... add kismet and pulseaudio ports. fix sorting of ports. (*)
adea587... 4 patches from dan. (*)
af5374d... policykit.if whitespace fix (*)
93d3008... dhcp patch from dan (*)
8f17f7c... dnsmasq patch from dan. (*)
4aa0752... kerberos patch from dan (*)
7395f80... ppp patch from dan (*)
9b1907b... add pulseaudio from dan. (*)
5271dd3... module version bump for 9b1907b217cb4c4d508b5130fcb6267e381 (*)
e4f73af... gpg patch from dan (*)
d882246... fix policykit interface (*)
1847443... ricci patch from dan. (*)
92f08c7... mailman patch from dan. (*)
ad0aea5... clamav patch from dan. (*)
b93a7da... bluetooth patch from dan. (*)
13306f5... afs client patch from dan. (*)
5bb5ec1... podsleuth patch from dan. (*)
09516cb... remove read_default_t tunable (*)
f4962ab... add cpufreqselector from dan (*)
06625d3... mozilla patch from dan. (*)
5be35f2... tmpreaper patch from dan. (*)
e044388... dbus patch from dan (*)
fe1205a... avahi patch from dan (*)
9de7c17... hal patch from dan. (*)
fa50187... kerneloops patch from dan (*)
708a74a... oddjob patch from dan. (*)
5f6c30f... wm policy from dan (*)
ebf3ec9... snort patch from dan. (*)
c7ae9ae... Merge branch 'master' of ssh://oss.tresys.com/home/git/refp (*)
4083191... add missing userdom interfaces (*)
83f0b50... readahead patch from dan. (*)
41ea887... sudo patch from dan. (*)
423a4a3... fix dbus type transition conflict. (*)
9155002... vmware patch from dan. (*)
4be3e11... pull in apache_admin() from fedora (*)
8f3bddf... cups patch from dan. (*)
3332229... automount patch from dan. (*)
4e7c0a9... consolekit patch from dan. (*)
677c4c2... add devicekit module from dan. (*)
20c3cce... add fprintd module from dan. (*)
363e8fb... pull in part of fedora mta changes (*)
105e85a... /dev/fuse should be s0 not mls_high (*)
0c89174... pull most of fedora changes to samba. (*)
50458c8... pull most of fedora changes to rpc. (*)
6a192f7... Update apt/aptitude policy to add support for lock/log file (*)
b5aaa7b... clean up 6a192f70d42013fcbd4eefe1f35cab3de313cedb (*)
2a4740c... whitespace fixes in apt. (*)
3162277... alsa file location update for debian, from Manoj. (*)
efa0acc... gentoo init script system sends audit messages. (*)
cfdbf36... gentoo init script system uses tmpfs for state data (*)
4c92f08... openrc unfortunately mounts a tmpfs at /lib/rc (*)
78a9c28... add bin_t labeling for gentoo dhcpcd-run-hooks location (*)
64c7061... changelog entry for the previous gentoo fixes (*)
915dfa6... release 2.20090730 (*)
9c47227... fix ordering of interface calls in sudo. (*)
2acba7b... fix ordering of interface calls in authlogin. (*)
08638af... fix ordering of interface calls in clock. (*)
79ca728... fix ordering of interface calls in fstools. (*)
5b5300c... fix ordering of interface calls in getty. (*)
14d2822... fix ordering of interface calls in hostname. (*)
464ffa5... fix ordering of interface calls in init. (*)
e6985f9... fix ordering of interface calls in iptables. (*)
8cd1306... fix ordering of interface calls in locallogin. (*)
568efbe... fix ordering of interface calls in lvm. (*)
54327d4... fix ordering in modutils. (*)
f0e959b... fix ordering in mount. (*)
4b218bd... fix ordering in pcmcia. (*)
48bf639... fix ordering in raid. (*)
d69616c... fix ordering in sysnetwork. (*)
9570b28... module version number bump for release 2.20090730 that was (*)
e335910... Add missing compatibility aliases for xdm_xserver*_t types. (*)
02e594d... Handle unix_chkpwd usage by useradd and groupadd; fixes tic (*)
e51390d... fix refpolicy ticket #48. (*)
90286f4... Fix infrastructure to expand macros in initrc_context when (*)
0f5e26b... Add btrfs and ext4 to labeling targets. (*)
97e4211... remove redundant xen_append_log() call in hostname. (*)
2a77737... Add missing rules to make unconfined_cronjob_t a valid cron (*)
4254cec... Add missing x_device rules for XI2 functions, from Eamon Wa (*)
0bf2bc9... Fix Makefile info message for installing policy headers (*)
b264824... Fix unconfined_r use of unconfined_java_t. (*)
9099220... Debian policykit fixes from Martin Orr. (*)
58cc990... Missing comma in policykit (*)
755c52b... portage need capability sys_nice (*)
0d700b0... Gentoo dbus in libexec (*)
62c80e2... module version bumps and changelog update for the previous (*)
0484277... reorganize dbus.fc. (*)
6934745... split dev_manage_dri_dev() into a manage and a filetrans in (*)
dbb7dd9... Merge branch 'master' of ssh://oss.tresys.com/home/git/refp (*)
e27827b... split dev_create_cardmgr_dev() into a create and a filetran (*)
fef5dcf... Remove excessive permissions in logging_send_syslog_msg(). (*)
93c49bd... deprecate userdom_xwindows_client_template (*)
4279891... patch from Eamon Walsh to remove useage of deprecated xserv (*)
333494f... refpol: Add the "tun_socket" object class flask definitions (*)
9dc3cd1... refpol: Policy for the new TUN driver access controls (*)
bd75703... reorganize tun patch changes. (*)
0be901b... rename admin_tun_type to admindomain. (*)
aaff2fc... module version number bump for tun patches (*)
a9e9678... kismet patch from dan. (*)
2a79deb... nscd cache location changed from /var/db/nscd to /var/cache (*)
6774578... module version number bump for nscd patch. (*)
da4332a... man page update from dan. (*)
a3dd149... pulseaudio patch from dan. (*)
aac56b1... add ptchown policy from dan. (*)
aa83007... add hddtemp from dan. (*)
b515ab0... mrtg patch from dan. (*)
b2324fa... certwatch patch from dan. (*)
1a79193... awstats patch from dan. (*)
a4b6385... cdrecord patch from dan. (*)
71965a1... add kdump from dan. (*)
625be1b... add shorewall from dan. (*)
93be4ba... Webalizer does not list inotify, this was caused by leaked (*)
f2f296b... openvpn patch from dan: Openvpn connects to cache ports and (*)
ca7fa52... gpg patch from dan. (*)
72b834c... remove stale screen_dir_t references (*)
6fdef06... screen patch from dan. (*)
f613717... add an additional vmware host program. (*)
634a13c... cpufreqselector patch from dan. (*)
dbed953... add gitosis from miroslav grepl. (*)
f67bc91... term_write_all_terms() patch from Stefan Schulze Frielingha (*)
81bca10... nslcd policy from dan. (*)
163ddfa... prelink patch from dan. (*)
c61b350... cron patch from dan. (*)
937b2c4... nscd patch from dan. (*)
c1e5b19... readahead patch from dan. (*)
6af53d0... rearrange readahead rules. (*)
e3a90e3... add abrt from dan. (*)
c141d83... add modemmanager from dan. (*)
31f9c10... SELinux xscreensaver policy support (*)
1d3b9e3... clean up xscreensaver. (*)
ed70158... add rtkit from dan. (*)
21b1d10... add gnomeclock from dan. (*)
5a6b1fe... add dkim from stefan schulze frielinghaus. (*)
4be8dd1... add seunshare from dan. (*)
808341b... revise MCS constraints to use only MCS-specific attributes. (*)
e4928c5... Add separate x_pointer and x_keyboard classes inheriting fr (*)
7ca3f55... add open to search_dir_perms. (*)
c596730... add changelog entry for e4928c5f7954ea062815c8a37c9d37e3e3f (*)
5b6bd09... Fix a typo of SElinux to SELinux. (*)
a92ee50... Implement screen-locking feature. (*)
a1a45de... reorganize a92ee50 (*)
cee508b... Install the seusers file for monolithic policy. (*)
b04669a... add tuned from miroslav grepl. (*)
f267f85... X Object Manager policy revisions to xserver.te. (*)
5242ecc... X Object Manager policy revisions to xserver.if. (*)
b624268... X Object manager policy revisions to x_contexts. (*)
5025a46... Drop the xserver_unprotected interface. (*)
9448ca6... restore removed aliases. (*)
0bca409... RESET tgtd daemon. (*)
222d5b5... clean up 0bca409 and add changelog entry. (*)
f272825... one further rearrangement of tgtd. (*)
e877913... adding puppet configuration management system (*)
e6d8fd1... additional cleanup for e877913. (*)
ed3a1f5... bump module versions for release. (*)
a404bc3... update VERSION and Changelog for release. (*)
deb5272... Add module_request permission, from Dan Walsh. (*)
53c73dc... Add storage patch, from Dan Walsh. (*)
e276b8e... Add kernel patch from Dan Walsh (*)
b51e8e0... Add devices patch from Dan Walsh. (*)
d6c3ed8... Add terminal patch from Dan Walsh. (*)
f4b9dc3... Filesystem patch from Dan Walsh. (*)
290aa8a... Corecommands patch from Dan Walsh. (*)
910b1d8... Files patch from Dan Walsh. (*)
9dfdd48... Miscfiles patch from Dan Walsh. (*)
bd34ef7... LVM patch from Dan Walsh. (*)
0a119a0... Setrans patch from Dan Walsh. (*)
0f982da... ISCSI patch from Dan Walsh. (*)
dccbb80... Whitespace cleanup. (*)
5ed0617... Application patch from Dan Walsh. (*)
832c1be... IPSEC patch from Dan Walsh. (*)
837163c... UDEV patch from Dan Walsh. (*)
e21162e... Kdump reads the kernel core. (*)
77c71b5... Fstools and Xen patches from Dan Walsh. (*)
c8d563f... Permission set updates from Dan Walsh. (*)
0cad9a7... RAID patch from Dan Walsh. (*)
d913e79... Kismet and tzdata patches from Dan Walsh. (*)
7491a9e... Iptables and modutils patches from Dan Walsh. (*)
962d6fb... Calamaris patch from Dan Walsh. (*)
36ded4b... GPG patch from Dan Walsh. (*)
b77daab... Mozilla patch from Dan Walsh. (*)
6394ea6... Podsleuth patch from Dan Walsh. (*)
d7776f5... Screen patch from Dan Walsh. (*)
46b0373... Seunshare patch from Dan Walsh. (*)
e331a05... Merge branch 'master' into xselinux (*)
7fc72a0... Changelog and version bump for X object manager changes. (*)
3fe6f6a... Typo in policy/users (*)
b84d6ec... smartmon patch from Dan Walsh. (*)
41c139d... afs patch from Dan Walsh. (*)
7e81399... apm patch from Dan Walsh. (*)
32f27a7... asterisk patch from Dan Walsh. (*)
5894c3e... Amavis patch from Dan Walsh. (*)
a7d6068... Bitlbee patch from Dan Walsh. (*)
bd21cb1... Certmaster patch from Dan Walsh. (*)
ce8a71a... Fail2ban patch from Dan Walsh. (*)
d7b98c8... GPM patch from Dan Walsh. (*)
7d05af7... Irqbalance patch from Dan Walsh. (*)
e1b8b54... Kerberos patch from Dan Walsh. (*)
6aa333b... Kerneloops patch from Dan Walsh. (*)
a322266... Memcached patch from Dan Walsh. (*)
0000b79... Milter patch from Dan Walsh. (*)
d3c612f... Modemmanager patch from Dan Walsh. (*)
80f0587... Mysql patch from Dan Walsh. (*)
2d59a82... Nslcd patch from Dan Walsh. (*)
6df09cf... PCSCD patch from Dan Walsh. (*)
1232a50... Prelude patch from Dan Walsh. (*)
b36ae97... Privoxy patch from Dan Walsh. (*)
733f494... Radvd patch from Dan Walsh. (*)
ff785b9... Rpcbind patch from Dan Walsh. (*)
b11dcd4... Tuned patch from Dan Walsh. (*)
f37b7bd... gpsd patch from Dan Walsh. (*)
82cdffc... ntp patch from Dan Walsh. (*)
207c4d1... Snmp patch from Dan Walsh. (*)
f3890b2... Sssd patch from Dan Walsh. (*)
2650ca5... Tftp patch from Dan Walsh. (*)
9c40673... MTA patch from Dan Walsh. (*)
96831fe... Move rules from mta mailserver delivery from interface to . (*)
c5155ac... Bluetooth patch from Dan Walsh. (*)
192fb87... Clamav patch from Dan Walsh. (*)
30958fb... Cyrus patch from Dan Walsh. (*)
dcabb11... DCC patch from Dan Walsh. (*)
14c7865... Ddclient patch from Dan Walsh. (*)
4dd84bb... Dovecot patch from Dan Walsh. (*)
84a45c9... Exim patch from Dan Walsh. (*)
ef6ea56... Fetchmail patch from Dan Walsh. (*)
00808a9... Fprintd patch from Dan Walsh. (*)
c292cb9... Avahi patch from Dan Walsh. (*)
d2acef7... Inetd patch from Dan Walsh. (*)
07ba151... Courier patch from Dan Walsh. (*)
8a8b24a... Lircd patch from Dan Walsh. (*)
3624ef7... Mailman patch from Dan Walsh. (*)
c155e04... Sendmail patch from Dan Walsh. (*)
fee5bb7... Uucp patch from Dan Walsh. (*)
cde1507... SSH patch from Dan Walsh. (*)
82b5d29... PPP patch from Dan Walsh. (*)
edc2f7d... Fix home_ssh_t usage. (*)
22a2874... Add dbadm, from KaiGai Kohei. (*)
4ebfec7... Add pyicqt from Stefan Schulze Frielinghaus. (*)
e526fca... Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl (*)
2d74365... Userdomain patch from Stefan Schulze Frielinghaus. (*)
1031ee6... Implement cobblerd policy. (*)
7d2f967... Module version number bump for 1031ee6. (*)
27eab81... Misc fixes for 1031ee6. (*)
16412e2... Merge branch 'master' of git+ssh://cpebenito@oss.tresys.com (*)
12dc618... Add changelog entry for 1031ee6. (*)
aa9e3b4... Ktalk patch from Dan Walsh. (*)
3079cbc... Virt/svirt patch from Dan Walsh. (*)
21673b2... Hal patch from Dan Walsh. (*)
ca5dc2f... Consoletype patch from Dan Walsh. (*)
ed03a5b... Sudo patch from Dan Walsh. (*)
c3c753f... Remove concept of user from terminal module interfaces deal (*)
1322a1a... Remove redundant conditional user_ping terminal rules. (*)
6246e7d... Non-drawing X client support for consolekit. (*)
0ab2c1e... Clear xserver TODO. (*)
3fb2b72... Ccs patch from Dan Walsh. (*)
a513794... Chronyd from Miroslav Grepl. (*)
6f30d7e... Pulseaudio patch from Dan Walsh. (*)
c06a445... Xguest patch from Dan Walsh. (*)
05bd2f9... Portage fixes for installing SELinux-aware programs. (*)
15d80e3... Misc portage fixes. (*)
aadcb96... Move netlink route sockets from nsswitch to DNS name resolv (*)
679a63d... Mount usbfs fix from Gentoo. (*)
72c8a37... Setfiles fix from Gentoo. (*)
2c05132... Utmp fix from Gentoo. (*)
d08a3df... Ssh key creation fix from Gentoo. (*)
8b85019... Clean up leaked portage file descriptors. (*)
2f84a77... Syslog fixes from Gentoo. (*)
6a9da24... Useradd home dir creation fix from Gentoo. (*)
4796d07... Wine patch from Dan Walsh. (*)
29b580c... Add sectoolm by Miroslav Grepl. (*)
72295e9... Qemu patch from Dan Walsh. (*)
8a1c9c5... Rearrage qemu.if. (*)
a777957... Rename qemu_unconfined_t to unconfined_qemu_t. (*)
1e0f483... Mono patch from Dan Walsh. (*)
4fd0889... Java patch from Dan Walsh. (*)
6ae29c7... Vbetool patch from Dan Walsh. (*)
fa03ecc... Shorewall patch from Dan Walsh. (*)
1049180... Automount patch from Dan Walsh. (*)
68cda59... Add MySQL Manager to MySQL policy module (*)
1021460... Minor tweaks and module version bump for 68cda59. (*)
6306637... mysqlmanagerd_var_run_t is not a domain type. (*)
534e57b... Various afs fixes. (*)
2040268... Module version bump for 534e57b. (*)
cd17345... Various abrt fixes. (*)
d124921... Module version bump for cd17345. (*)
611bc93... Improve documentation on miscfiles_read_localization(). (*)
fca4a96... Improve documentation on files_read_etc_files(). (*)
6e48775... Improve documentation on logging_send_syslog_msg(). (*)
6dadd39... Rearrange files interfaces. (*)
fd81345... Add additional documentation to files_type(). (*)
7a0c0b4... Improve documentation on kernel_read_system_state(), kernel (*)
81a0fb4... Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_ (*)
d688717... Improve sysnet_read_config() documentation. (*)
13f000d... Improve the documentation of: init_script_file() init_daemo (*)
3a744d1... Improve documentation of corecmd_exec_bin() and corecmd_exe (*)
45185c0... Improve the documentation of logging_log_file() and logging (*)
14e543c... Improve the documentation of unconfined_domain(). (*)
42eb0f1... Improve the documentation of corenetwork interfaces corenet (*)
5fb5bf2... Additional docs for logging_log_filetrans(). (*)
7cf2858... Improve the documentation of files interfaces: files_pid_fi (*)
03dd57f... Fix auth_domtrans_chk_passwd to use read_file_perms to surp (*)
42f1b11... Module version bump for 03dd57f. (*)
12f73d8... Improve filesystem interfaces: fs_getattr_xattr_fs() fs_get (*)
4e12649... Improve the documentation of devices interfaces: dev_node() (*)
888d9e4... Improve the documentation of ubac_constrained(). (*)
88daf12... Improve the documentation of domain interfaces: domain_type (*)
c46376e... Improve documentation for userdomain interfaces: userdom_us (*)
4cb24ae... Fix userdom_write_user_tmp_sockets to use write_sock_file_p (*)
0bbb165... Improve the documentation of nis_use_ypbind(). (*)
d24a7df... Improve the documentation of auth_use_nsswitch(). (*)
b58db31... Improve the documentation of application_domain(). (*)
bf530f5... Various permission set fixes. (*)
a6bafb5... Module version bump for bf530f5. (*)
4a4436a... Add examples to documentation of common corenetwork interfa (*)
b675cec... Improve documentation of seutil_sigchld_newrole(). (*)
402bbb9... Improve documentation of udev_read_db(). (*)
88340b9... Various amavis fixes. (*)
3b81489... Fixed typo in gen_require for amavis_initrc_domtrans (Appea (*)
eda6417... Create apcupsd initrc domtrans. Call apcupsd initrc domtran (*)
6eed0aa... Modified apcupsd_initrc_domtrans interface summary to match (*)
d783374... Various arpwatch fixes. (*)
6665c3c... Changed arpwatch_initrc_domtrans domain summary to match st (*)
a739053... Changed amavis_initrc_domtrans domain summary to match styl (*)
6a9ef9e... gen_require typo fix in dbadm.if from Dan Walsh (*)
15ae77b... Domain transition for apmd to vbetool from Dan Walsh (*)
9a1f0d2... Seems reasonable that exim may need to manage these files w (*)
4d2680e... hotplug transition to brctl from Dan Walsh (*)
4931c57... Add additional comments for e1e78df. (*)
812f30a... Module version bump for a005018. (*)
c4faa1d... Module version bump for 96b7e9f. (*)
cb6385d... Module version bump for cf5e81d. (*)
b7070a9... Module version bump for 52b215f. (*)
ec0205f... Module version bump for e1e78df. (*)
1112a5b... Module version bump for be47d75. (*)
c9ab770... add write to manage_lnk_file_perms. (*)
eeb7616... Corenetwork patch from Dan Walsh. (*)
183f79e... Fix cobbler_admin interface to require cobblerd_initrc_exec (*)
febc7fd... Storage patch from Dan Walsh. (*)
0535173... Devices patch from Dan Walsh. (*)
4b23c67... Corecommands patch from Dan Walsh. (*)
9c709c4... Corenetwork patch from Dan Walsh. (*)
09b92dc... Guest patch from Dan Walsh. (*)
4af2b3f... Add back missing s0 on network_port(). (*)
cf3da95... Allow cdrecord_t to execute bin_t from Dan Walsh growisofs (*)
3fcdc39... shorewall log file from Dan Walsh (*)
42fa15b... Logwatch looks for content in homedirs, reads samba shares (*)
e2e1b67... Minor style fixes. (*)
5dac509... Module version bump for cf3da95. (*)
b193389... Module version bump for 3fcdc39. (*)
6f9c3c4... Module version bump for 42fa15b. (*)
bd063de... Fix another corenetwork typo. (*)
ddae1cc... Creates sock files in /tmp, reads network state. - From Dan (*)
547d62e... Module version bump for ddae1cc. (*)
d0a6df5... Miscfiles patch from Dan Walsh. (*)
939eaf2... Fstools patch from Dan Walsh. (*)
30496b1... Iscsi and tgtd patches from Dan Walsh. (*)
2f0e3a4... Raid patch from Dan Walsh. (*)
12a6a53... mysql policy from Dan Walsh (*)
1d3d00b... Manage alsa writable config files interface from Dan Walsh (*)
e172614... Whitespace cleanup on mysql.if. (*)
9e506eb... Rearrange lines in alsa an mysql. (*)
7af0e9b... Filesystem patch from Dan Walsh. (*)
ce0570d... Module version bump for e172614. (*)
37e2499... Module version bump for 1d3d00b. (*)
3137148... Run interface for ptchown from Dan Walsh (*)
257a278... Policy for smolt sendProfile client from Dan Walsh (*)
74b51e6... Firstboot sends dbus messages from Dan Walsh (*)
f7d413a... fail2ban_stream_connect and fail2ban_rw_stream_sockets from (*)
1484157... mcelog policy from Dan Walsh (*)
ba1c453... Module version bump for 3137148. (*)
6bc64c4... Whitespace fixes for smoltclient. (*)
580279d... Module version bump for 74b51e6. (*)
bf140fc... Rearrange interfaces in fail2ban. (*)
fce868d... Module version bump for f7d413a. (*)
fad6e76... Whitespace fix for mcelog. (*)
ae07c9e... Screen needs to setattr on user_ttydevice_t from Dan Walsh (*)
591af7b... file context updates from Dan Walsh (*)
d7ec247... File context update for certmaster from Dan Walsh (*)
d12f18e... Change kernel_load_module to kernel_request_load_module fro (*)
935151a... Change kernel_load_module to kernel_request_load_module for (*)
1656bf7... Whitespace fixes in mailman. (*)
ce693cb... Module version bump for ae07c9e. (*)
9570fc1... Module version bump for 591af7b. (*)
9a59893... Module version bump for d7ec247. (*)
c6491af... Module version bump for d12f18e. (*)
5911f3d... Module version bump for 935151a. (*)
e8871c2... Add additional documentation to kernel_request_load_module( (*)
414a570... fetchmail executes programs in bin (uname), from Dan Walsh (*)
2a62db7... Module version bump for 414a570. (*)
38fc1bd... Likewise policy. (*)
827060c... Style fixes and module version bumps for 38fc1bd. (*)
6a03548... amavis uses uptime which reads utmp, and reads certs - from (*)
7b50b70... Module version bump for 6a03548. (*)
1f6d975... Domain patch from Dan Walsh. (*)
0417386... Kernel patch from Dan Walsh. (*)
d13c675... Modutils patch from Dan Walsh. (*)
90e65fe... Ipsec patch from Dan Walsh. (*)
7a8807b... Logging patch from Dan Walsh. (*)
a124c0a... Udev patch from Dan Walsh. (*)
4fbcd77... Iptables patch from Dan Walsh. (*)
153ed87... Authlogin patch from Dan Walsh. (*)
ddd786e... Init patch from Dan Walsh. (*)
1fa92b8... Sysnetwork patch from Dan Walsh. (*)
b60df9f... Getty patch from Dan Walsh. (*)
0d86ea1... Xen patch from Dan Walsh. (*)
bc31d12... Libraries patch from Dan Walsh. (*)
bed0a44... Zebra patch from Dan Walsh. (*)
788ba75... Uucp patch from Dan Walsh. (*)
47293bd... Tftp patch from Dan Walsh. (*)
d3b5907... openvpn needs ipc_lock capability, connects to http ports, (*)
9681df1... postgresql patch from Dan Walsh: "File context for /etc/sys (*)
ac19f1a... rtkit patch from Dan Walsh: rtkit_daemon_system_domain inte (*)
584dfac... icecast policy from Dan Walsh (*)
340af11... Minor tweaks on icecast. (*)
32103f2... Module version bump for d3b5907. (*)
c7a4cf3... Module version bump for 9681df1. (*)
e13a9ef... Module version bump for ac19f1a. (*)
064d1b4... Rename rtkit_schedule() to rtkit_scheduled(). (*)
7630200... Virt patch from Dan Walsh. (*)
461b53e... Tuned patch from Dan Walsh. (*)
98ac3f5... Telnet patch from Dan Walsh. (*)
08d7c73... Sysstat patch from Dan Walsh. (*)
449d206... Snmp patch from Dan Walsh. (*)
cf7eb08... Sasl patch from Dan Walsh. (*)
75c8a69... gitosis read/manage lib interfaces from Dan Walsh (*)
df29613... Module version bump for 75c8a69. (*)
1d348bd... Afs needs sys_admin, sends signals, and resolves hostnames (*)
6c40309... Module version bump for 1d348bd. (*)
1b22152... Rdisc patch from Dan Walsh. (*)
390b8a8... Radvd patch from Dan Walsh. (*)
c37d843... bind patch from Dan Walsh some fixes in interfaces, added b (*)
be83112... Minor bind XML tweaks. (*)
7656af7... Module version bump for c37d843. (*)
c586c1b... Give dcc setgid from Dan Walsh (*)
dcbb332... chronyd patch from Dan Walsh (*)
4c05dff... avahi patch from Dan Walsh (*)
84ce9c3... Bluetooth patch (sys_admin and debugfs) from Dan Walsh (*)
2b012ba... Prelude patch from Dan Walsh (*)
d279dd6... ksmtuned policy from Dan Walsh (*)
1868383... pulseaudio patch from Dan Walsh (*)
f3c346c... Smokeping policy from Dan Walsh (*)
ad0071b... Tweaks on pulseaudio 1868383, ksmtuned d279dd6, and smokepi (*)
bf54d5b... Module version bumps for c586c1b, dcbb332, 4c05dff, 84ce9c3 (*)
6d4dbd2... Vhostmd from Dan Walsh. (*)
ee2d2dd... Add usbmuxd from Dan Walsh. (*)
2b93b88... Sssd patch from Dan Walsh. (*)
25d81d2... Tor patch from Dan Walsh. (*)
83caba3... First part of apache patch from Dan Walsh: file context cha (*)
60def66... Second part of Apache patch from Dan Walsh. (*)
170a46d... memcached patch from Dan Walsh (*)
f8b3b7f... Nut policy from Dan Walsh (*)
a49a82c... snort patch from Dan Walsh (*)
b7d3db1... Tweak for 170a46d. (*)
da0608b... Module version bump for 170a46d, f8b3b7f, and a49a82c. (*)
20fa703... Whitespace fixes on Apache. (*)
372acd0... Rpc patch from Dan Walsh. (*)
38db49c... PPP patch from Dan Walsh. (*)
b577852... Portreserve patch from Dan Walsh. (*)
6d9925c... Fix requires for apache tmp interfaces. (*)
91b12ad... Move kernel_request_load_module(gssd_t) to the proper place (*)
e399e3a... Add devtmpfs labeling. (*)
5d3214f... gpsd path from Dan Walsh (*)
795b733... pcscd patch from Dan Walsh: manage pub files and fifo files (*)
23ad802... Module version bump for 5d3214f and 795b733. (*)
ec8d32c... [BUGFIX] lack of type transition on dbadm domain (Re: dbadm (*)
85e71c8... Fix network_port() in corenetwork to correctly handle port (*)
3829eec... Clean up output of generated corenetwork.te. (*)
46e16a2... Use port range notation in corenetwork where it makes sense (*)
01bfe1d... kerberos patch from Dan Walsh (*)
d86d4f6... Move optional policy to correct location for style (*)
9875971... Module version bump for 46e16a2. (*)
4f7b413... Ntop policy from Dan Walsh (*)
e6e2a76... Remove excess white space from ntop.te Move ntop ports decl (*)
86ff008... Module version bump for 4f7b413. (*)
33793ec... certmonger policy from Dan Walsh (*)
0e5494a... Fix some whitespace and style issues. (*)
da59404... Additional whitespace fixes in certmonger. (*)
4b121a5... nis patch from Dan Walsh (*)
f49fc19... Style changes (*)
4687992... Additional whitespace fix in nis. (*)
5c3274d... Module version bump for 4b121a5. (*)
8c38fba... allow syslog-ng to setrlimit (*)
78352db... Module version bump for 8c38fba. (*)
194d61f... modutils patch for update-modules (*)
4a8bd01... Module version bump and extra comments for 194d61f. (*)
44b3808... Djbdns patch from Dan Walsh. (*)
e07fbc0... Add DenyHosts from Dan Walsh. (*)
05a2e3e... Lircd patch from Dan Walsh. (*)
9b3e798... bootmisc init script, 2nd try (*)
34838aa... Samba patch from Dan Walsh - signal interfaces - fusefs s (*)
d7ebbd9... Module version bump for 34838aa. (*)
a53c6c6... FTP patch from Dan Walsh. (*)
45696ab... Add missing secmark rules in ntop, from Dominick Grift. (*)
87a9469... Add networking rules for spamd to connect to mysql/postgres (*)
3b72786... Add trusted object condition to unix socket connectto/sendt (*)
857d37e... GPG patch from Dan Walsh. (*)
61738f1... Devicekit patch from Dan Walsh. (*)
98ac986... Dbus patch from Dan Walsh. (*)
b0076a1... Arpwatch patch from Dan Walsh. (*)
a3108c6... Consolekit patch from Dan Walsh. (*)
03a6e03... Add kernel access to devtmpfs. Also add workround while de (*)
d5932a6... Fix a typo in support/genhomedircon. (*)
baea7b1... Networkmanager patch from Dan Walsh. (*)
d8eb3c7... Dovecot patch from Dan Walsh. (*)
4804cd4... Clamav patch from Dan Walsh. (*)
fb3fc9e... Cyrus patch from Dan Walsh. (*)
a2524cf... cobbler patch from Dan Walsh (*)
aeb7a4e... Whitespace fixes on cobbler. (*)
27afb97... Minor fixes on a2524cf. Module version bump. (*)
1607040... RPM patch from Dan Walsh. (*)
24e0b9b... Munin patch from Dan Walsh. (*)
ada61e1... Asterisk patch from Dan Walsh. (*)
bcc6e65... SETroubleshoot patch from Dan Walsh. (*)
299db70... CVS patch from Dan Walsh. (*)
84940a0... Java patch from Dan Walsh. (*)
2e4e39d... Loadkeys patch from Dan Walsh. (*)
b0c2cae... Hal patch from Dan Walsh. (*)
e9e43f0... Plymouthd policy from Dan Walsh. (*)
1b2f08e... Abrt patch from Dan Walsh. (*)
d56b33a... Create new interface and type for managing /etc/udev/rules. (*)
e2c9450... Remove excessive permission in udev_manage_rules_files() an (*)
4e698b0... Cups patch from Dan Walsh. (*)
088b65e... SSH patch from Dan Walsh. (*)
e19b8d1... MTA patch from Dan Walsh. (*)
b276e36... Procmail patch from Dan Walsh. (*)
9ea85ea... Sendmail patch from Dan Walsh. (*)
9fe1b54... Prelink patch from Dan Walsh. (*)
d9e4cbd... Postfix patch from Dan Walsh. (*)
316cdb1... nx patch from Dan Walsh (*)
fb543d0... remove rules for nx_server_home_ssh_t since they are alread (*)
d86c098... squid patch from Dan Walsh (*)
599e8ff... Create type and allow squid to manage its own tmpfs files (*)
99bbe34... Nagios patch from Dan Walsh (*)
4ac0cd3... Remove nagios_rw_inherited_tmp_files interface (*)
44dc1b9... netutils patch from Dan Walsh (*)
7605d27... Remove call to nagios_rw_inherited_tmp_files (*)
8daddcf... tmpreaper patch from Dan Walsh (*)
2483d7a... Replace apache_delete_cache with apache_delete_cache_files (*)
37194ac... dnsmasq patch from Dan Walsh - cron_manage_pid_files call r (*)
fdc0d0f... vpn patch from Dan Walsh (*)
b8c9879... logrotate patch from Dan Walsh (*)
538cf9a... Redhat Cluster Suite Policy from Dan Walsh (*)
21d23c8... Removed unnecessary comments Removed 'SELinux policy for' f (*)
7a8e6a8... whitespace fixes for cluster suite patch (*)
6055ab8... clogd policy from Dan Walsh (*)
6430c79... whitespace fix for clogd (*)
dcb7227... Module version bump for 51ad76f. (*)
a107f87... Remove redundant optional and libs_* calls in clogd. (*)
ff1cae1... Move line in logrotate; module version bump. (*)
fe74f71... Fix deprecated interface usage that crept into lvm.if. (*)
d8642ca... readahead patch from Dan Walsh (*)
d53a972... Module version bump for cb1df6a. (*)
c789f82... Module version bump for d5170e5. (*)
63583f4... Module version bump for f61ef24. (*)
213d35a... Module version bump for 9e28f74. (*)
bdf5e19... Module version bump for 383bd32. (*)
ca28376... Module version bump for 7942f7f. (*)
7934ac1... Module version bump for 1184392 and more. (*)
3d95ca2... Module version bump for 904f3d8. (*)
91cbcc6... Fix deprecated interface usage in rhel4 block in su.if. (*)
f9bdd1e... Add missing changelog entries. (*)
29af4c1... Bump module versions for release. (*)
03e653b... Changelog and version update for release. (*)
2a29628... Fix duplicate lines in kudzu. (*)
5c2b95e... Add missing cluster suite modules that were missing from th (*)
8f0de5d... Storage patch from Dan Walsh. (*)
46c0e57... Corecommands patch from Dan Walsh. (*)
fb7cadd... Devices patch from Dan Walsh. (*)
60f04fc... Kernel patch from Dan Walsh. (*)
c0c635b... cgroup in filesystem. (*)
ddf8213... add libcg policy. (*)
73f0985... How libgroup init scripts interact with libcgroup. (*)
e2b9add... How users interact with cgroup. (*)
04dcd73... Whitespace fixes in cgroup and init. (*)
860c05d... Rearrange cgroup interfaces in filesystem. (*)
0041a78... Remove cgroup_t usage in cgroup_admin() since it is not own (*)
53f9abb... Clean up cgroup. Rename cgconfigparser to cgconfig. (*)
c54e7d6... Module version bump for cgroup patchset. (*)
98652c6... Add missing changelog entry for cgroup. (*)
135b1b4... Terminal patch from Dan Walsh. (*)
48e0aa8... Files patch from Dan Walsh. (*)
b521229... Abrt patch from Dan Walsh. (*)
5c942ce... AFS patch from Dan Walsh. (*)
48f99a8... Whitespace change: drop unnecessary blank line at the start (*)
4db7790... Acct patch from Dan Walsh. (*)
88a574d... Alsa patch from Dan Walsh (*)
0e30bca... Consoletype patch from Dan Walsh. (*)
e89f04f... Mcelog patch from Dan Walsh. (*)
10c0104... Kismet patch from Dan Walsh. (*)
9a4d292... Netutils patch from Dan Walsh. (*)
a9ef84b... Prelink patch from Dan Walsh. (*)
5116faa... Quota patch from Dan Walsh. (*)
b9be5cc... Shorewall patch from Dan Walsh. (*)
f7e3410... Su patch from Dan Walsh. (*)
3835c39... Sudo patch from Dan Walsh. (*)
e08ac5a... Vbetool patch from Dan Walsh. (*)
a99f69f... Loadkeys patch from Dan Walsh. (*)
ae1b7de... Cpufreqselector patch from Dan Walsh. (*)
3c1e8ff... Mozilla patch from Dan Walsh. (*)
8a24097... Mplayer patch from Dominick Grift through Dan Walsh. (*)
1ff703f... Podsleuth patch from Dan Walsh. (*)
1fd3a80... Pulseaudio patch from Dan Walsh. (*)
2c207df... Qemu patch from Dan Walsh. (*)
eab2cc8... Slocate patch from Dan Walsh. (*)
3c79f95... Rearrage interfaces in filesystem. (*)
0cec649... WM patch from Dan Walsh. (*)
a00fc1c... hddtemp fixes. (*)
113d2e0... Minor tweaks and module version bump for a00fc1c. (*)
0001e26... Increased default number of categories to 1024, from Russel (*)
155635e... Create_lnk_perms fix from Russell Coker. (*)
b5d89d0... vpn patch from Dan Walsh (*)
ab4f820... Module version bump for b5d89d0. (*)
5f04c91... gitosis patch from Dan Walsh (*)
caf1666... Module version bump for 5f04c91. (*)
7e5463b... fix cgroup_admin (*)
a7521af... firstboot patch from Dan Walsh (*)
ab62f3f... Module version bump for a7521af. (*)
cad4224... Guest patch from Dan Walsh. (*)
3bcfe5b... Usermanage patch from Dan Walsh. (*)
a3b0dc5... GPG patch from Dan Walsh. (*)
1db1836... Remove improper usage of userdom_manage_home_role(), userdo (*)
bca0cdb... Remove duplicate/redundant rules, from Russell Coker. (*)
3c4e9fc... Make spamassassin optional for milter, from Russell Coker. (*)
08690c8... Remove ethereal module since the application was renamed to (*)
b841dff... Add livecd from Dan Walsh. (*)
7e265a8... Add shutdown from Dan Walsh. (*)
2d839c6... Whitespace fixes in RPM. (*)
b70dfcd... RPM patch from Dan Walsh. (*)
f1618ff... Whitespace fix in userhelper. (*)
072857c... VMWare patch from Dan Walsh. (*)
c14aebd... Remove old rbacsep role statements. (*)
f7ffe6c... Add missing ubac constraints on pulseaudio. (*)
fa1847f... Add files_poly_member() to userdom_user_home_content() Remo (*)
4b76ea5... Module version bump for fa1847f. (*)
48c3c37... Remove some redundant attributes from user_home_t. (*)
29f3bfa... Fix JIT usage for freshclam. (*)
21fdee9... Increase bindreservport range to 512-1024 in corenetwork, f (*)
b0a6f1b... anaconda patch from Dan Walsh (*)
5563d4c... Removing seutil_domtrans_setsebool from anaconda patch - it (*)
64ef2df... Module version bump for 5563d4c. (*)
b3f7203... Take virtio disks into account. (*)
27eeb64... Virtio disk file context update from Mika Pfluger. (*)
a72e42f... Interface documentation standardization patch from Dan Wals (*)
9d4395a... MojoMojo from Lain Arnell. (*)
a7ee7f8... Docs standardizing on the role portion of run interfaces. (*)
c4834a0... accountsd policy from Dan Walsh (*)
d0eebed... Move accountsd to services. (*)
8da8897... Accountsd cleanup. (*)
12ab395... Changelog entry for accountsd. (*)
03b8666... apps: domain { allowed to transition, allowed access, to no (*)
77e4b55... Admin layer xml fixes. (*)
19ff039... Fix usermanage_kill_passwd() parameter doc. (*)
705f70f... Kernel layer xml fixes. (*)
97b990f... Fix corecmd_dontaudit_exec_all_executables doc. (*)
288845a... Services layer xml files. (*)
a0546c9... System layer xml fixes. (*)
61d7ee5... Confine /sbin/cgclear. (*)
d687db9... Whitespace fixes on cgroup. (*)
00ca404... Remove unnecessary require on cgroup_admin(). (*)
c87e150... roles patch from Dan Walsh to move unwanted interface calls (*)
68e615e... system-config-samba dbus service policy from Dan Walsh (*)
5d6bf45... Changelog entry for sambagui. (*)
46fc0d3... Policy for system-config-kdump gui from Dan Walsh (*)
a9539a0... Additional kdumpgui cleanup. (*)
ab8f919... Part of gnome patch from Dan Walsh. (*)
c62f1be... Dbadm updates from KaiGai Kohei. (*)
d6e1ef2... Move devtmpfs to devices from filesystem (*)
2fc79f1... Early devtmpfs access (*)
0d24805... Trivial tweaks to devtmpfs patches. (*)
76a9fe9... Module version bumps and changelog for devtmpfs patchset. (*)
3eaa993... UPdate for f14 policy (*)
83eff06... Latest f14 (*)
a947daf... Update f14 (*)
9afb2b1... Go with upstream (*)
a61cba6... Rebase constraints (*)
e5e9b7b... F14 (*)
f9c5576... F14 (*)
0aa4ecc... F14 (*)
e15d0e7... Modify amanda (*)
09154bd... Reset base (*)
8f4ec14... Modified amanda (*)
507000a... reset (*)
18549c2... Fix policy (*)
2968e06... Update f14 (*)
aae38f0... whoya (*)
46c24a3... ditto (*)
4765a59... Fixes for f14 (*)
9561b0a... Update f14 (*)
08e567d... Latest fixes (*)
ac498fa... More fixes (*)
2d4a79a... Policy fixes (*)
c71f02c... More fixes (*)
73f7d4f... Fix spelling mistake (*)
8c8a10f... Dontaudit socket leaks when running semanage code (*)
ddcd5d6... Dontaudit signals from sandbox domains to domains that tran (*)
898c0de... merge latest upstream (*)
079779a... Allow hald to transition to netutils Block signal via mcs s (*)
5537e55... Apply Dominick Grift typo fixes (*)
3fdb12d... Allow prelink to read dbus config/Broken nsplugin_config wa (*)
5fb4db5... Add Miroslav Grepl patch for jabberd, adding new type for j (*)
4fccad9... Allow qmail to use uucpd Fixes found by Tom London for devi (*)
c6fa935... Fix sandbox tcp_socket calls to create_stream_socket_perms (*)
623e4f0... 1/1] Make the ability to mmap zero conditional where this i (*)
0352752... firstboot is leaking a netlink_route socket into iptables. (*)
09686dc... Allow all X apps to use direct dri if user_direct_dri boole (*)
a1b4205... Fix mmap_zero assertion violation in xserver. (*)
785ee79... Module version bump and changelog entry for conditional mma (*)
02fb4a0... define /sys/fs/cgroup as a <<none>> file system (*)
cbadf72... Merge branch 'master' of http://oss.tresys.com/git/refpolic (*)
3a2e888... cleanup mmap_low merge with upstream (*)
a668127... Allow certmaster to read usr_t files. All python apps are (*)
b631f26... Fix mmap_zero patch (*)
b7ceb34... Do not try to relabel the contents of the /dev/shm director (*)
5675107... Libcgroup moved the cgroup directory to /sys/fs/cgroup. (*)
e411968... Implement alsa_home_t for asoundrc. Clean up Alsa module. (*)
eca7eb3... Rearrange alsa interfaces. (*)
28d96f0... Module version bumps for b7ceb34 5675107 e411968 eca7eb3. (*)
ef98a37... Allow gpg_pinentry_t to use fifo files of apps that transit (*)
cdda8fe... Merge branches 'master', 'master' and 'master' of http://os (*)
f00ba23... Merge with upsteam (*)
f5b49a5... Allow iptables to read shorewall tmp files Change chfn and (*)
db87998... Fix pootle (*)
c16ffd1... Allow apps that use pam to connect to init_t (*)
8187343... Any app that executes service command will not do a getattr (*)
4192c80... Eliminate extras alsa_read_home interface (*)
36d83cb... cleanup alsa patch to match upstream (*)
0745e42... fix typo in xserver_stream_connect (*)
e51122d... add sametime port definition (*)
aa760a2... Fix gnome interface definitions (*)
f79af26... fix bad patch in xserver (*)
689bfef... Fix apache interface (*)
4432db4... add sametime port definition (*)
5dd0c28... Cleanup warnings (*)
dfe675b... Mozilla_plugin needs to getattr on tmpfs and no longer need (*)
a75a591... Allow virt_domains to exec qumu_exec_t, add boolean to allo (*)
b36c20b... Allow sudo domains to manage /var/db/sudo Allow init_t and (*)
ee4b1e0... Allow crond to manage user_spool_cron_t link files Allow in (*)
d46a2b0... allow sudo to create sudo_db_t dirs (*)
4c38170... add policy for ajaxterm (*)
5f5963b... add policy for ajaxterm (*)
8296eb2... Clean up Amanda module. (*)
e021463... Clean up Amtu module. (*)
36c6e47... Clean up Anaconda policy. (*)
9c2c774... Remove unallocated tty access in amanda since it was origin (*)
da07333... Allow mozilla_plugin to create nsplugin_home_t directories (*)
8e47c02... fixes for openvpn suggested by dgrift (*)
e81afdf... raid tools now store pid file and sock_file in /dev/md for (*)
8fbea56... Module version bump for 8296eb2. (*)
1a82786... Allow hugetlbfs_t to be on device_t file system Allow sudo (*)
8340621... Implement miscfiles_cert_type(). (*)
e9d6dfb... Fix missed deprecated interface usage from the cert patch. (*)
da12b54... Module version bumps for cert patch. (*)
0b8f4cf... More fixes for mozilla_plugin_t Allow telepathy domains to (*)
d7544f0... rename mdadm_map_t to mdadm_var_run_t (*)
cab9bc9... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
366396d... Fix cert calls in telepath, boinc, kerberos Add sys_admin t (*)
d7de04f... - Add passenger policy (*)
3a32126... Allow dovecot-deliver to create tmp files Allow tor to send (*)
1a40cbf... Fix boolean descriptions (*)
536f28a... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
94820e4... Move passenger policy to services (*)
3034a8d... Fix some names in passenger policy (*)
5ef740e... Fix gnome_setattr_config_home Allow exec of sandbox_file_ty (*)
4251ae1... Add labels for /lib/readahead. Add back gnome_setattr inter (*)
c2dae98... Allow a couple of sandbox issues. Remove postgresl managing (*)
323c9f1... Fixes for vmware-host policy (*)
d7f2020... - Allow all domains that can use cgroups to search tmpfs_t (*)
43a0339... add labeling for /root/.debug (*)
6dfe56b... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
941e3db... Access for confined users to oidentd user home content is u (*)
25d796e... Unconditional staff and user oidentd home config access fro (*)
c17ad38... openct patch from Dan Walsh (*)
5271920... nut patch from Dan Walsh (*)
2a2b6a7... nslcd patch from Dan Walsh (*)
01c4413... icecast patch from Dan Walsh (*)
c4fbfae... fetchmail patch from Dan Walsh (*)
a831710... style change to djbdns.te (*)
67effb0... dcc patch from Dan Walsh (*)
483be01... courier patch from Dan Walsh (*)
c6c63f6... certmonger patch from Dan Walsh (*)
b0d8d59... canna patch from Dan Walsh (*)
5b082e4... arpwatch patch from Dan Walsh (*)
b8097d6... amavis patch from Dan Walsh (*)
689d954... smoltclient patch from Dan Walsh (*)
5afc3d3... firstboot patch from Dan Walsh (*)
f3c5e77... certwatch patch from Dan Walsh (*)
a59e50c... prelude patch from Dan Walsh (*)
cf87233... postgrey patch from Dan Walsh (*)
17759c7... postgresql patch from Dan Walsh (*)
dc1db54... pcscd patch from Dan Walsh (*)
e9bf16d... certmaster patch from Dan Walsh (*)
4f95198... awstats patch from Dan Walsh (*)
bf40792... zebra patch from Dan Walsh (*)
622c63b... zabbix patch from Dan Walsh (*)
c20842c... stunnel patch from Dan Walsh (*)
dc7cc4d... snort patch from Dan Walsh (*)
792d448... radvd patch from Dan Walsh (*)
fee4864... Module version bump for c17ad38 5271920 2a2b6a7 01c4413 c4f (*)
3b0a9c7... Allow iscsid to manage tgtd semaphores (*)
9461b60... Add the ability to send audit messages to confined admin po (*)
8c0a06a... Type print_spool_t is not required here. (*)
cb76ff4... Type xenstored_var_run_t is required here. (*)
0540e22... Use ps_process_pattern to read state. Permission to seach p (*)
d8d33a1... Permission to search generic pid directories is included wi (*)
beb9c35... Types crontab_exec_t, cron_spool_t and user_cron_spool_t ar (*)
5ecaaca... Type system_cronjob_var_run_t is not required here. (*)
47cf98d... Permission to get attributes of target devicekit_t, devicek (*)
cf152b4... Replace some type statements by comma delimiters. (*)
b36824e... Permit fetchmail_admin to ptrace and signal the fetchmail_t (*)
7d36c9f... Permission to search proc_t directories is required to be a (*)
4b81a55... This is redundant since base user can search generic proc d (*)
aa5baa9... Allow icecast_admin to ptrace and signal the icecast_t doma (*)
7d34935... Memcached_admin is required to search generic pid directori (*)
0ab4152... Redundant: mpd_search_lib already includes files_search_var (*)
0ba923e... Source is required to search generic tmpfs directories to b (*)
c5e7db7... Allow mpd_admin to manage mpd tmpfs content. (*)
f386b90... Use the stream_connect_pattern. (*)
eb12bc3... Source is required to search generic pid directories to be (*)
b6d0a79... Use admin_pattern. Allow nslcd_admin to search parent direc (*)
dcbbeea... Access to get attributes of target accountsd_t domain is in (*)
d183137... XML summary fix. (*)
1215dfb... Allow pads_admin to search parent directories to be able to (*)
39e118b... Use ps_process_pattern to read state. Access to get attribu (*)
4eaffd2... Access to get attributes of target pppd_t domain is include (*)
87cd6ee... Reduntant: Is already included with userdom_search_user_hom (*)
ad42454... Use ps_process_pattern to read state. (*)
ac13ad9... Use stream connect pattern. (*)
4ec4a49... Add missing admin_patterns to rpcbind_admin. (*)
83029ff... Use relabel permission sets where possible. (*)
4d71bc3... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
2e2a24e... Use stream_connect_pattern. (*)
60d27bf... Tunable, optional, if(n)def block go below. (*)
2d102f8... Whitespace, newline and tab fixes. (*)
5ebd1a5... Use domtrans_pattern because it include permission the sigc (*)
d0b7562... Do not audit interface should not provide permission to rea (*)
a87e8f7... Redundant: domtrans_pattern includes these. (*)
f416df7... Redundant: This is included with userdom_search_user_home_c (*)
50e8575... Allow users to ptrace and send any kind of signal to their (*)
9a2fd7d... Redundant: This is included with userdom_read_user_home_con (*)
a3d20a3... Use relabel permission sets where possible. (*)
b0e9aaa... This is not a role capability. (*)
c5caddd... This type is not required here. (*)
4ff4ddf... Allow users to ptrace and send any kind of signal to spamas (*)
f926621... Search parent directory to be able to interact with target (*)
b35d259... XML summary ffixes. (*)
ba6db03... Redundant: mta_sendmail_domtrans calls domtrans_pattern whi (*)
59c0340... Use permission sets where possible. (*)
dcf8746... Whitespace, newline and tab fixes. (*)
819518c... The ps_process_pattern includes permission to get attribute (*)
2de2341... Use ps_process_pattern to read state. (*)
2f94f46... Replace type and attributes statements by comma delimiters (*)
23ac318... Requires system_r role. (*)
0dacd04... Whitespace, newline and tab fixes. (*)
9c9e4c8... This is a role capability. (*)
a55bb56... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
14ffaf8... Merge upstream (*)
be5142f... Fixes for cluster policy (*)
0a394bf... Add vnstat policy allow logrotate to mail syslog files Allo (*)
8c47ad0... Remove accedentlay added ~ files (*)
c53b75b... Change this functionality to our implementation of this fun (*)
bbdbce3... No need for httpd_builtin_scripting to be set for httpd_t t (*)
1b1f7d0... This is a leftover from refpolicy implementation of this fu (*)
c5eae5f... Whitespace, newline and tab fixes. (*)
7fa5a68... Boolean declarations go above. (*)
9b26005... Clean up (network) connect DB. (*)
0293695... Use stream connect pattern. (*)
eb0e0bc... Use domtrans_pattern. (*)
2d6615c... Class is supposed to be fifo_file according to summary. (*)
dd0d453... Allow users to ptrace and send any signal to their bluetoot (*)
89bb445... This is not a role capability. (*)
1e92803... Search parent directory to be able to interact with targets (*)
618ce85... Use can_exec. (*)
b5d5518... Add file context specification for HOME_DIR/\.gitaliases. M (*)
28fdb87... Move system type alias statements to system declarations. (*)
b11ba46... Use entry_file as entry_point to domain transition. (*)
f6bcb24... Tunable and optional policy goes below. (*)
25e284d... This is a role capability. (*)
6bb4d40... Replace type and attributes statements by comma delimiters (*)
86f9f96... The ps_process_pattern includes permission to get attribute (*)
3c484f5... XML summary fixes. (*)
4b1644f... Whitespace, newline and tab fixes. (*)
9fa4def... Use permission sets where possible. (*)
92f6d7c... cyphesis patch from Dan Walsh
a492b22... Fix whitespace in cyphesis.
ab33cc0... I made a mistake in 618ce85f8644651501724947b134855e9e827a7 (*)
bece7c4... Use stream connect pattern. (*)
74d74b9... Reduntant: unused, use hal_read_state instead if possible. (*)
1c45e20... Reduntant: stream_connect_pattern already permits this. (*)
c0ad94b... Reduntant: getattr_sock_files_pattern already permit this. (*)
e8ea772... Allow users to ptrace and send any signal to their lpd agen (*)
1976ddd... Whitespace, newline and tab fixes. (*)
d017064... Missing required type. (*)
4e8c698... This type is not required here. (*)
dc47bf2... Onlt distro redhat currently implements admin_home_t. (*)
ce87242... Search parent directory to be able to interact with targets (*)
db775a3... Redundant; unused interface plus ypbind_t is not a pid file (*)
f66acfd... Use permission sets where possible. (*)
f9c2fa5... Wrong type required. (*)
c4786dd... Implement oident admin. (*)
3cc747a... Allow piranha domains to create their pid directory with th (*)
6c99405... This permission is included with mmap_file_perms. (*)
23952de... Use ps_process_pattern to read state. (*)
f6bed42... This is not a role capability. (*)
8f0b746... Replace type and attributes statements by comma delimiters (*)
624f2f4... Whitespace, newline and tab fixes. (*)
8ab34f0... XML summary fixes. (*)
55c2e0e... This is a role capability. (*)
61f4064... Use list instead of search in admin interfaces. (*)
8e3f53a... Whitespace, newline and tab fixes. (*)
7a37620... These are duplicates and redundants. (*)
cbd9541... Added for use in admin interfaces with admin_patterns for l (*)
a053765... Redundant: This is already permitted by included manage_dir (*)
6ec59cc... Redundant: This is already allowed by included admin_patter (*)
d15b40a... Fixed badly chosen type of interface for some interfaces (*)
30bbb6a... This is not a role capability. (*)
b46b3ad... Tunable, optional and if(n)def blocks go below. (*)
2528a2d... Replace type and attributes statements by comma delimiters (*)
3507be9... Move this to were the other is and where it should be. (*)
2a72457... Whitespace, newline and tab fixes. (*)
6cd6ed3... Use ps_process_pattern to read state. (*)
b85c14f... Allow users to ptrace and send any signal to their pyzor ag (*)
d696185... Use stream connect pattern. (*)
5a98a53... Missing required type. (*)
ddbd71a... Search parent directory to be able to interact with targets (*)
7bc4e83... Redundant: Included files_search_var_lib already permits ac (*)
e130679... This is a role capability. (*)
5ce19e3... Type zarafa_server_t is not a file type. (*)
69d1431... Use permission sets where possible. (*)
0eef2ca... Use brace extension where possible. (*)
6123464... XML summary fixes. (*)
f262674... Replace type and attributes statements by comma delimiters (*)
fc0d3d5... Merge branch 'base' (*)
b0a5fc3... Allow boinc projects to execute java (*)
72ba80b... Use permission sets where possible. (*)
9c7f2af... Redundant: Is already permitted by included rw_chr_file_per (*)
9a0f799... Whitespace, newline and tab fixes. (*)
1dfc76f... Use permission sets where possible. (*)
edcc8aa... Redundant: Included init_daemon_domain already has this. (*)
59c544a... Redundant: All deamons are already allowed this access by d (*)
82c9715... Youre not allowed to directly use external types. (*)
0bdd855... This is not required here. (*)
68ac47d... Whitespace, newline and tab fixes. (*)
ef521e9... Tunable, optional and if(n)def blocks go below. (*)
b952f95... This is a duplicate declaration. (*)
d542026... The capability IPC goes on top of the local policy. (*)
02687a7... Move calls to external interfaces below policy that governs (*)
38039ab... These interface calls are more suitable here. Also should r (*)
08c4bb0... Search parent directory to be able to interact with targets (*)
96d3c0d... Make git daemon executable file an application executable f (*)
8bde5ef... Redundant brace nothing to expand here. (*)
44f8aa1... Use stream connect pattern. (*)
3a3e7db... Use filetrans_pattern. (*)
148e08d... XML summary fixes. (*)
6ed3f15... Allow domains with different mcs levels to send each other (*)
5d82597... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
a8fbd94... Reduntant: Included init_daemon_domain already has this. (*)
46d4106... Looks like /usr/bin/git-shell and /usr/libexec/git-core/git (*)
6d18557... Location /usr/libsexec/sesh does not exist. sesh is in /usr (*)
9bd8847... Redundant: All domains are allowed this access by default. (*)
f6e8660... These are not declarations move them to local policy sectio (*)
a7b40a9... Internal interaction goes before external interface calls. (*)
11ad1da... Source is postdrop and not local. Moving to postdrop local (*)
8725d63... This permission is already allowed by included mmap_file_pe (*)
1b39dec... The process and capability IPC goes on top of local policy. (*)
c2b2d22... Reduntant: Included init_daemon_domain already has this. (*)
0f7c400... Use permission sets where possible. (*)
18f2a72... Whitespace, newline and tab fixes. (*)
cefe9f9... Replace type and attributes statements by comma delimiters (*)
ac5201e... Use permission sets where possible. (*)
f4dc198... Make hal a dbus_system_domain Allow dovecot to append all l (*)
a5ea149... Merge branch 'base' (*)
78ea2ab... Search parent directory to be able to interact with targets (*)
730ec51... This is git system content. (*)
7c94a3a... Allow consolehelper to read fonts and config files in user (*)
55bffb7... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
fad6297... fix typo (*)
e027e93... More typos (*)
54590ac... Replace type and attributes statements by comma delimiters (*)
86225e1... These interface calls are more suitable here. Might want to (*)
1507cc2... Internal interaction goes before external interface calls. (*)
09873e5... These were duplicate TE rules. (*)
39178aa... This is no declaration. Moving to local policy. (*)
1e2abee... Whitespace, newline and tab fixes. (*)
3c4ffa3... Use domtrans_pattern where possible. (*)
9444a13... Consistent ordering of declarations. (*)
5492a18... There is already an optional policy block for daemontools. (*)
fae9473... Support network connect mysql DB. (*)
ce6df09... Redundant: Included inetd_service_domain has this. (*)
8b858f2... Reduntant: Included init_daemon_domain already has this. (*)
aaf8a67... Whitespace, newline and tab fixes. (*)
6aa632a... Remove stray semi-colon. (*)
daed45f... Redundant: Included userdom_user_home_content already has t (*)
568349b... The process and capability IPC goes on top of local policy. (*)
e2d9aa2... Source is x_domain and not xserver_t. Moving to x_domain lo (*)
4781493... Tunable, optional and if(n)def blocks go below. (*)
a25335e... Redundant brace nothing to expand here. (*)
7832131... XML summary fixes. (*)
7d1f564... Use permission sets where possible. (*)
71f455a... miscfiles_manage_cert_files is deprecated: Use miscfiles_ma (*)
ff9b16d... Merge branch 'base' (*)
df488ed... Move c2s to run in jabber_router_t domain Other fixes for j (*)
7cfb935... Allow rpc.quota to do quotamod Allow mozilla_plugin to exe (*)
f7307c6... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
fb52482... Allow firewallgui to sys_rawio which seems to be required t (*)
24ea653... Allow guest to run ps command on its processes by allowing (*)
e66aa74... Allow haze to connect to yahoo chat and messenger port tcp: (*)
5212892... Rearrange firewallgui policy to be more easily updated to u (*)
fd595eb... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
4e6b3f6... Fixes to allow mozilla_plugin_t to create nsplugin_home_t d (*)
79bff2b... Allow mozilla_plugin to manage all gnome config files Allow (*)
f6e966f... Allow nsplugin to sendto itself dgrams Fix /root/.ssh label (*)
20f707c... dontaudit attempts by xdm_t to write to bin_t for kdm (*)
db774a5... Add support for custom build options.
329138b... Move oident manage and relabel home content interfaces to c
413aac1... Allow common users to manage and relabel Alsa home files.
e29f6bf... Module version bump and Changelog for 329138b and 413aac1.
b45aaab... Allow sudo to send signals to any domains the user could ha (*)
ddd1cca... Allow unconfined_t to transition to alsa_t to make sure lab (*)
d1c6ba2... Start adding support for use_fusefs_home_dirs Add /var/lib/ (*)
0def274... Add policy for mediawiki (*)
1369273... Alllow vpnc to be able to read /root/.cert (*)
d4d13d2... Fix version of mediawiki policy (*)
ace98b7... bootloader: search parent.
9e41622... Remove comment due to ace98b7.
eac0de8... bootloader: unused.
23f4caa... bootloader: permission set.
e5c4150... Module version bump for Dominick's bootloader cleanups.
8f43f02... brctl: search parent.
8f5cb4e... brctl: redundant.
ecab2cc... brctl: permission sets.
6a799b6... Module version bump for Dominick's cleanup.
a1ac7d4... logrotate: search parent.
cacbc6b... Module version bump for Dominick's logrotate cleanup.
9d5094a... netutils: search parent.
696a658... netutils: redundant.
b306b5a... netutils: permission sets.
e7ee065... Module version bump for Dominick's netutils cleanup.
b1e1e93... tzdata: search parent.
ae8f23f... Module version bump for Dominick's tzdata cleanup.
bab33c7... usermanage: redundant.
4be6935... usermanage: search parent.
e615cc4... usermanage: redundant.
88c635d... usermanage: permission sets.
6d5cc8a... Module version bump for Dominick's usermanage cleanup.
0b217af... quota: search parent.
5f716ea... quota: permission sets.
c1af955... Module version bump for Dominick's quota cleanup.
019ffc7... consoletype: redundant.
5ec14d9... consoletype: in fedora13 /dev/console is not labeled proper
29b1bff... Module version bump for Dominick's console cleanup. Also f
d60649d... rpm: redundant.
34959a2... rpm: (brace) expansion.
dcba916... rpm: search parent.
b7c851c... rpm: redundant.
55e9f0e... Fix fusefs handling Do not allow sandbox to manage nsplugin (*)
b9df0a9... rpm: various changes both from fedora and myself. rpm: ntp
3de55ab... Module version bump for Dominick's rpm cleanup.
596d86a... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel (*)
039c65f... Fix mozilla_run_plugin interface (*)
bc71a04... hadoop 1/10 -- unconfined
3235a8b... dontaudit sandbox sending signals to itself. This can happ (*)
7ed755a... Put back transition change (*)
b3e7610... Allow smbd_t sys_admin capability so samba can change quota (*)
3853925... Remove duplicate filecontext for tcfmgr (*)
641ac05... Hadoop cleanup and module version bump. * a pass cleaning u
2f8f8e1... Typo fix in hadoop.
051f74e... shutdown: Fedora change.
08f1a03... shutdown: search parent.
e4efefc... shutdown: permission sets.
c56123d... shutdown: search parent.
a9acfbd... shutdown: for sudo.
5718c0a... shutdown: needs to connect to init with a unix stream socke
a39e274... shutdown: search generic log directories.
bd51fa3... Module version bump for Dominick's shutdown cleanup.
4c437c8... Merge branch 'master' of http://oss.tresys.com/git/refpolic
f33c506... Merge upstream
6da16a3... Parts of systemd are now doing readahead and tmpreaper func
b0c00b6... More fixes for systemd
a5babdd... Missing file context specifications for /lib/udev/devices.
9db6c07... Remove duplicate interface.
f742ff3... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
9fe805d... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
d48bbd4... -Mount command from a confined user generates setattr on /e
(*) This commit already existed in another branch; no separate mail sent
More information about the scm-commits
mailing list