[selinux-policy] (3172 commits) ...- Allow smbd to use sys_admin - Remove duplicate file context for tcfmgr - Update to upstream
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:05:00 UTC 2010
Summary of changes:
fd188ab... New repository initialized by cvs2svn.
14a7a69... initial checkin
457f7ec... initial checkin
b4cd153... initial commit
70dcf79... add boot_runtime_t
5d78128... add interface to associate to filesystems w/o xattr. allow
57d2365... move assert.te here
1ea98d0... remove relabeling privilege for now
7f89c7e... hold off on improving
5496553... kernel can load modules
88d14a2... bring over more targets from strict policy, and add more ch
053f6a2... add dontaudit fs getattr
7aebdb8... add rootfs dontaudits for use in init.te
f057824... reorganize and add rootfs dontaudits
b470e38... initial commit
5050e50... use interface to send syslog messages
8c77177... add interface to send syslog messages
4ddc1ab... add all types for this module, and add klogd policy
3ba13bb... add all types for this module
c4890ef... add per-userdomain template, and shadow_t interfaces
f0872d2... add cap sys_rawio to raw memory access interfaces
67e2ff4... initial commit
879b00f... initial commit
0154356... initial commit
e181fe0... add copyright statement
099c8b2... remove unneeded genfs_contexts
bd76460... more comments
7c5d78f... more insmod work, bring in depmod and update_modules
033c80e... rename files_manage_general_lock_files() to more appropriat
bf9e1e3... logging and modutils updates
5a95221... add devlog_t symlink to loggers
32b5029... uncomment test file
9eb5e81... exec and transition interfaces, plus include mod object sym
1f7b37c... insmod can be run directly from kernel; fix update_modules
0e730cc... complete corenetwork
33bc0dd... clean up some filesystem assoc
8a0da10... make getattr and setattr interfaces and make naming consist
22e1131... fix te trans error
343a231... reorg
a266e3c... restructure kernel module to be consistent with other modul
219bcf7... attack with sediff, make fs:getattr interfaces consistent,
549180e... initial commit
b303042... add missing transition dontaudits
91a7ab6... add sysnetwork
5f75f56... move modules_object_t back to bootloader
94edcc5... fix tmp_domain
960373d... add module statement macro and entrypoint executable attrib
8beec89... add legacy lib use
e064a64... move system_chkpwd to fix ordering issue with checkpolicy
f9438fd... add search all dirs
3016a9f... initial commit
9e19eb3... add docs
835b6ab... initial commit
8119850... add console dontaudit
bcd3599... daemon domain allows noatsecure siginh rlimitinh, not donta
889c9a9... add init_t:fd use interface and initrc pty rw interface
55f4564... start merging in rules from daemon domain
b5ab18b... initial commit
dfb86ad... initial commit
4600e08... reorganize the policy
4fbd2ee... remove entrypoint assertion
55a46da... add console setattr if
3009816... convert over optional policy to optional_policy macro
b586061... missed that sysctl_dev is a dir too
f9cfa19... minor fixes
ee5772e... add bulk of selinux module policy, and add required interfa
07efe96... initial local login commit
a2d8246... make mountpoints work, plus misc
86f02eb... add original strict policy source
0fbfa54... initial commit
a7ed44d... initial commit
05a5cdc... add a few missing ports, and ppp_device_t
7009881... add in missing devices
4472f3e... doh
e9a6fcb... fix privfd
f48a2aa... many updates
5eafc37... add append to /dev/null write
85bd7f1... add in transition and execute interfaces, and newrole sigch
fc83dba... domains not needed for execute interface
1b90996... add in missing policy_module line
c3c58c5... move in rule from hotplug
ba7740d... handful of changes
d0b6abe... add in use and ignore use init control channel interfaces
9f2f9e6... add ignore read rootfs file
dfaf6c2... add authlogin_read_pam_runtime_data and cleanup interfaces
de2cee6... add tty_device_t and devpts_t chr_file interfaces
67484fc... add ignore read system state
f360f82... fix stupid _depend define errors (s/ifdef/define/g)
25baab1... switch over to tunable_policy and optional_policy
6b93833... initial commit
3a9aef9... updates
ab64c30... add newrole:fd use
07d6e32... reorg run_init a little, and add a convert to a few new int
428b57e... more updates
4541a9d... move locks
3ce6cb4... fill pam and utempter authlogin policy and fix up interface
b2e0625... more conversion due to new interfaces
75a10ba... add in pam console
0d7ad32... start moving in dhcpc and ifconfig
0bc32e0... a few more copied over
f1578d0... stuff from sysnetwork
bd202fe... clean up interfaces for new binary module optional structur
1e5c2a4... more conversion
849380b... add usermanage
a01ab8c... updates
f1470e5... rules picked up from sediff
df431c8... add missing copyright and policy_module lines
23af43b... fix depends
f66a1af... move type delcarations after attribute delcarations to fix
d0eddb6... add in system_domain
4fc9153... initial commit
bbd6a62... convert over to system_domain, plus a couple init cleanups
ebf7600... cleanup
0634b6e... fix per_userdomain_templates macro generation
0fef98c... add legacy read locale
2274f9a... initial commit
44a43b6... interfaces needed for clock
ec81ecb... add read fonts
b2b38c7... initial commit
8e02803... add lvm_vg interfaces and do a little cleanup
15e3d8e... initial commit
5d7e8ba... add sulogin
c5b5a74... cleanup
18f25af... start adding infrastructure for the constraint exceptions
96b0000... start adding infrastructure for the constraint exceptions
a1f94a3... clean up authentication attributes
e843cc8... reorder restorecon and setfiles relabel rules for consisten
a9a20dd... allow all domains to use /dev/{zero,null,tty}
c18e825... unexpand can_kerberos
cb28738... priv* attribute fixes for sulogin
5c16219... move system_chkpwd to .te rather then using template, so th
13e94c0... more authlogin handling
465a5e1... more updates
46be1f3... add printer_device_t
35b2fb4... add v4l_device_t
2812bfa... fix hotplug optional
6f50b57... use ptys
0f3be6d... initial commit
279b555... reorder to fit file context style rules
63a310c... leftover from modutils
f8ec0ad... initial commit
eeb2558... leftover from netutils
b3416a3... initial commit
6b67401... reorder for more consistency
dec1686... oops
1832271... reorder for more consistency
118186e... make a reasonable lib_t interface
3ec805f... add read and search for etc_t:dir
24280a5... updates needed for cron
23caa6d... initial commit
0b1af28... fix logging_make_log_file use
38e24ae... add files_make_temporary_file and remove type attribute fro
d25dd9c... add make temporary_file and daemon_runtime_file
b2dc7fb... several fixes
fb1aee7... add iface creating private logs
d18e3d7... add crontab
70abf87... finish lock_domain, fix file_type_auto_trans
fd9deeb... reorg and a fix
075c4fd... additions for cron and mta
36f72de... finish can_exec_any and fix a can_network_tcp_client
1bde832... initial commit
7bba9d3... pile of updates
24a7ae1... add lvm.fc, and move relevant entries to devices.fc and sto
ff31386... move make_{daemon,init,system}_domain to init to fix type_t
c28c4b0... add privmail attribute and move make_{init,daemon,system}_d
35519c1... drop transition from send_mail since its more then a transi
c6a3a22... add more parts to send_mail and drop transition since its m
b16c6b8... start adding user domains. fix ttynode and ptynode handlin
650e75c... initial commit
dd14d0d... change read_shared_libraries to use_shared_libraries, since
c09d322... change read_shared_libraries to use_shared_libraries, plus
7bbec33... add www module
696b417... initial commit
efa9947... reformat
4d8ddf9... start adding admin template
c3dff2e... add device_node:{ chr_file blk_file } getattr;
76bff31... add admin template
759ba0a... add get all filesystems quotas
5817e3a... add renice all domains
ef37340... add source policy interfaces
1786071... rename some selinuxfs interfaces for more clarity
914c9f7... remove bad file_type_auto_trans. rename selinuxfs interfac
8623d5b... move run_init to selinux, as it is part of policycoreutils
6d314fd... add xml doc generation
494e988... fix xml
2e77b29... add xml
490639c... add a xml comment
26c87e0... add userdomain:fd use
bee546b... add context template to support mls
daa0e0b... add xml comments to interfaces, convert over userdomain stu
085faa0... add xml comments to generated sections, and add mls support
0d0d2ba... add mls port support
e32c0d3... add mls sensitivity to genfscon, initial sids and fs_use
48e0dbd... add ldconfig
c430976... add transitions
3000a31... make transition on shell work
1c9f9a5... add signull all domains
46410fd... add tmpfsfile support
162a57e... add missing xml
15a9613... add ldconfig and rpm transitions
3925517... move in stuff from rpm
957e269... fix tmpfs associate infoflow
57440fb... add dontaudit shadow_t getattr
6b48fd0... stuff from rpm
992aba5... initial commit
6276f10... instead of using macros to drop out non-macro calls during
dc771ff... another cleanup pass
88c72f4... a few touchups
c907b3e... cleanup for corenetwork interface generation
547283e... more fixes
e7fcdc6... fix the object class in process transition interfaces
7d7a36a... initial commit
6f3dab2... initial commit
3b3bf87... cleanup
cbeef67... cleanup
10abae7... initial commit
c9a26b3... add in appconfig files
efd8ede... many fixes from cab testing
c220381... initial commit
d490eb6... fixes from cab
dd31631... fix ordering and put in var_lib_t
07da0af... tmpfs associate for redhat
c6fd1f8... restructure users, and add signalling
16e9b0c... rpmbuild_t is not a system domain. also mark it as most li
32e53ac... cleanup inspired by sediff
f5c42bd... many fixes from cab work
08eb9d1... fix tmpfs assoc call
4bf4ed9... permission set macro changes, plus more cab related work
b4c3f54... initial commit
b8fca44... initial commit
3b857ea... add some file_t interfaces, and console write
d115b24... more cab work
1293184... last fixes for cab
e32d52b... fix xml
7555aab... initial commit
134191b... move flask dir to top level, and update them from nsa cvs.
f267dfb... fix module name in xml
2926f9c... better handling of appconfig dir
aa40608... remove copyright until licensing issues are resolved
2fc84fd... move user_u and root to users
3c62aa3... fix policy.xml to not have templates for generated interfac
004db90... do dtd verification on xml. fix current xml to be valid
0447352... use variable for dtd. move policy type to variant section
6d9915d... add missing pieces of crond_t -> $1_crond_t transition
de96491... move global.if to support_macros at top level
98af6c7... remove extra whitespace
f5d4efd... add missing system_crond_t transition pieces
44cda51... add some comments. make install target install appconfig fi
ca83afe... start breaking up support_macros into macros dir
cabfa52... move fs_use and isids to respective modules
d115660... change network verb in corenetwork to sendrecv
4196997... add some indentation
36e54b8... initial commit of xml->html conversion
0c73cd2... change over to some perm set macros. add indentation
b67488e... rework policy build options
0969335... fix appconfig dir
ef5e55c... move to logging
eb7f9a3... move audit to logging
a1d2e8a... add domain(_auto)_trans
2d68932... fix broken macros
43bc390... initial commit
02b584a... initial commit
0fbe15d... start adding module disable and tunable infrastructure
89ec232... initial commit
8fb301e... 32 is space. ascii <= 32 is all whitespace
3a80ec2... initial tunable tool fixes
254bbc7... start switching over to new tunable infrastructure
9c25fdd... add updated dtd
2224ed3... remove java
6847e82... First cut at fixing fc_sort.
758618b... initial commit
ddea18b... more tunable work
3865d6b... add xml
b46609f... fix missing _socket in class
a9ec541... add interface macro
763c441... start renaming filesystem interfaces
a719723... add can_exec
84eb353... more fixes
066d463... comment fix
1694dee... interface renaming
0c5a288... interface renaming
9f72a26... renaming
dc5daf8... overhaul
eac7c31... make infoflow optional
eb5e237... Renamed support macros for consistency.
72bdc60... Moved and changed user_mls to gen_user.
c2c00be... add aliases
b29d23f... initial commit
0350b1d... support_modules is finally gone, and modules.disable->modul
7edd02d... aliasing
f2e4ab3... make corenetwork generation explicit, rather then on-the-fl
e12e573... better handling of generated files
5552ed8... initial commit
5d31560... genhomedircon entries
80048ca... aliases
dd82294... aliases
fe040c9... renaming and xml
0a10b1f... aliases
dc67f78... aliases
16e1cf4... make policy.xml depend on all if's being generated
d90b274... for now, drop infoflow tags
c6ebefd... rename
7591e83... fix layer in module tag
cc41a97... aliases
5a3299b... updates
eb437dd... initial commit
fe3bd5a... more indentation for modules in the menu
1601fb3... fixes and remove debug code
20030ef... add back html page generation
997bd99... fix bracket display for optional parameters
eca5b2d... rename
eda201e... more renaming and xml
588ffae... kernel.if renaming
5d94178... speed improvement
d6b0f37... Fixed doc tool to order menus.
a154cd4... reorder
c75e65a... Templates for menu ordering change.
1b8d67d... fix
e3fd778... add can_exec
cab7c00... make macro work
e1db6e9... policy.xml is now in tmp/
2404082... fix can_exec
0fd9dc5... renaming insanity
d46f023... more updates from method
bef4f00... Added missing interface.
e214f62... html tag updates
bec1100... make module description optional and interface summary opti
12b559a... move policy.xml to doc, so it doesnt get deleted on a make
f0c985c... Devices rename.
b2bf0b5... overwrite the generated .te file instead of append
c9428d3... renaming insanity
d9507b1... fix xml
fae6ff9... update from method
3c6d78b... ul end tag fix, and css tweak
61bbe53... add "this is a generated file!" comment to top of corenetwo
8700497... Updates to documentation.
5a45e70... rename setattr removable_device_t
eec6739... make summary and description optional in interfaces until w
94670f2... fix
31908be... a few missed renames, and start fixing up tunables
34c8fab... tunables work
fa7bea8... rename requires_block_tempalte to gen_require
c24ac9c... rename requires_block_template to gen_require
92e928e... start making genhomedircon work
65a27ee... Updates.
3eed109... convert relevant conditionals into tunable_policy
e75f786... initial commit
d2d6c8c... fix makefile to only rebuild modules.conf and tunables.conf
b57dd19... stray renames in distro_redhat
1beba1c... fix up appconfig, and generate $(installdir)/booleans
810f2b7... fix typo
8ae194f... when a generated file is already generated, it shows up in
8bd6789... move constraints interfaces to domain module. move sysfs a
be4a801... move selinux to selinuxutil
ff7bc14... move security_t to selinux module
5e0da6a... finish renaming system/selinux to system/selinuxutil
9f945bc... Various updates.
a585f31... Updates.
828e03f... initial commit
8eaa723... put user line in col 1, since genhomedircon breaks otherwis
c7b41e9... add CFLAGS, and drop -C from install since it doesn't exist
f08f5a0... initial commit
c592e52... add install-src target
48159f0... add download page
2dda6a7... more status info
337e4af... for use until we have a full README
102a59b... add comments for clean and bare
660bf70... Initial revision
faf0db6... move status into a table
2d0e7a3... reword
1c50089... Updates.
3d76bef... initial commit
347f406... add more example
fe51b31... add rpm list
815ff39... initialize description to None so missing descriptions dont
4ce9bdf... fix
45d25ff... fix interface description/summary
5ba9f0b... Updates.
9b57ae7... fix for sf
5fa7825... spelling fixes
9a453ff... readability fixes
bd113c3... fix bad links
8c2f3ac... have can_exec add a require block
77c124c... eliminate _depend macros
d35c621... add a couple more nfs and cifs interfaces, to cover most of
562cc2b... reorder gpg tunable for alpha sorting
0e72169... misc cleanup
a7c3a1b... eliminate _depend macros
139520a... review of system interfaces
7f2e39b... review of admin interfaces
5e6f9e5... services interfaces review
c9b7f1a... add rw_term_perms
bc1fbab... interface review, and remove net_raw from raw node sends.
2ba9a79... interface review, and remove net_raw from raw node sends.
7a2f20a... more work to clean up and complete current modules
57869a6... XML: encapsulate modules in layers, rather then layer being
e04b8e7... initial commit
7fb9c1c... change doctool to bring in line with the xml tag change (la
21871a5... work on newrole policy
245ee31... kill cvsroot
0404a39... initial commit of ssh.
cbc9d69... remove remaining _depend macros to prep for switchover to i
199895e... move all interfaces over to the interface macro. add trace
9ccd96d... more work on ssh, plus import ssh-agent
2a3478c... fixes pointed out by steve, plus fixes revealed by the adde
007ca56... more setcurrent stuff
d3b892e... convert a couple network macros
261e0e6... shorten some xml tags
7c2b84e... fix for shortened tags
19ea99d... fix
95db422... initial commit of segenxml. add support in Makefile
4523996... move ssh tunables into global_tunables
9916c69... update to new commenting style
c3a0754... a couple output fixes
aad5b98... more updates
414e415... update for new documentation method
e81f022... add template support, and add dummy parameters for interfac
62a7b02... add/update comments
73fbc77... initial commit
f8838e6... better dummy xml entries
e88003f... xml updates and nis stuff
ab940a4... autofs_t and ypbind cleanup
24bf11c... initial commit
80436b9... changes to make inetd work
58c3da5... add fstools, and more cleanup
a4c639d... change modules.conf handling
19db6ba... change modules.conf behavior to be in line with behavior wh
cedae2e... better handling of whitespace
783b383... more low hanging fruit cleanup
cbca03f... add lost_found_t manage, rename fs_type attribute to filesy
2d56fdc... preserve tunable values if tunables.conf exists
896badc... add comments and error handling
ceebe3b... change desc to summary
effd58c... add templates
96ce00a... add logrotate, more low-hanging fruit
743b651... link fix
8fd3673... another round of renaming, for consistency
06c9680... make interfaces or templates section not shown if empty
00172fb... change messages for missing docs
d233bfc... make layer summary required
e8d8faa... dont show interface/template hotlinks if the module doesnt
ebdc3b7... clean up more todos
fd89e19... more work on current modules
5e1ed49... initial commit
65c8613... ul has to be in a p
a7a9799... convert can_kerberos()
16e8e26... update for xml changes
1fe082e... update for 20050701 release
e3a8e3f... update for 20050705 release
d78fdee... add tag for required modules
2745476... add required tags
44772e5... Minor doc updates.
f0cc1ac... update for required tag
e8b3e30... fix for new new modules.conf behavior
e8f0055... fix quoting problem
9726b31... add unconfined
e17cb83... update appconfig for unconfined login
ebb884d... - Removed OUTPUT_VERSION as default. - Added default name a
a3fdceb... quiet the awk if modules.conf doesnt exist
bb32544... add missing ssh file contexts
ed1a92b... ksu moves to su
14b25bc... validate file contexts
83ce670... put back to strict. will have separate strict and targeted
c98340c... support for targeted policy
1aa5262... missing rules uncovered by sediff
e5f8060... implement direct_sysadm_daemon
dfa83e9... add changelog
767266c... update for 20050707 release
58c7777... tag for 20050707 release
acb668e... * Added support for layer summaries. * Added a "Index" link
c11958b... support for global booleans
4d0d415... silly formatting fix
a42ca7e... another round of TODO cleanup
249d461... initial global booleans and tunables support. also fix ind
4d7511b... add tun and bool descriptions
34bbe50... improve display of tunables and booleans
ae9e271... fix more TODOs. fix selinux.te to selinuxutil.te in option
4051d15... fix xml
20a2275... fix comments for templates to have same number of # as inte
b24f35d... more cleanup of current TODOs
25a0c61... add distro tunables. expand on a few comments
df00b2e... * fix chroot exec interface * more TODO cleanup * move IPC
493d6c4... add nscd
8125c93... more updates
11633bb... add ipsec
c429cb5... fix up the xml
e0d57fb... add pcmcia
316553a... add pcmcia
f136a94... reorder in alpha order of type, for sanity purposes
50f6503... * break up files_getattr_all_files into correct interfaces
157c694... add macro to expand object class sets for use in require bl
d9fd8e7... more pcmcia cleanup
50aca6d... add raid (mdadm)
3b6174a... add missing context template
9f103ce... fix to use context_template()
a5f339f... more cleanup in system
391edeb... fix assertions for framework
8b0bbdd... fixes for targeted policy
2ec4c9d... more cleanup
ec848d2... more fixes for targeted
21f4773... add new netlink socket class
892266c... more targeted policy fixes
8c3f438... corenet was missing from unconfined
a28f6db... add in some rules from NSA CVS to make targeted policy work
bd7e7a6... missed a line
474f43d... should actually try compiling first :x
689f6dd... fix typos and import some rules from NSA cvs to make target
1e3f610... add missing dir and file perms for selinuxfs in unconfined
0b28a23... user home dirs were missing file type in targ policy
f82c6ac... bah typo
d250634... reorder kernel policy, add attributes for sysctl and proc e
9496fd5... unconfined can name_connect to all ports
ef424c1... name_connect only on tcp_sockets
53857c8... unconfined can pass all constraints
ea7d571... /var/lib is now a mountpoint
80526cc... add an example module config for a targeted policy
7bb6108... massive updates
953541a... update from privmail
50527cf... make network_interface able to support multiple interfaces
022f61c... add connect interface on ports to handle name_connect tcp p
78d30cb... Fix handling of ordered and unordered HTML lists.
01e30c9... initial commit
14c0354... update version from last release
c13146d... update
e5590ea... work on user transition
bbdbdb9... fix stray line that got out of TODO
96a150d... move file context validation to install
cd8fa41... fix comparison bug
60abb5f... add missing
7c347cd... more updates for release
6db8e52... new release
52a902b... new release
959220d... dont do a, since it preserves perms and users, which doesnt
d299d70... update for release
369b504... warn against using on production systems
8b1125a... update for release
80a63c7... clarify tmp_domain()
81343a6... * Rename ipsec connect interface for consistency. * Add mis
046a21d... search sbin dirs to find the pgms
42be7c2... add mysql
7e40f17... add back uses_shlib
3fd8336... misc cleanup
9a66d4e... add acct
ed78ea0... add tmpreaper
7057c18... a few more ssh touchups
f5e321b... fix xml tags
dce68dc... add updfstab
9465452... fix gen_user comment for more clarity
9489149... add su
b9d7d70... add template xml
e784300... add sudo
5a3895a... tabbing fix
052c953... add quota
e694b51... fix no interface module handling in segenxml
4aa0dc2... add tcpd
f7ebea0... finalize desc -> summary xml change
d06f3c3... remove secdesc since desc is sufficient
aae06c1... fix system spool file problem
35b4947... fix some udev naming
c5a6dcb... quiet file context validation
f0b1efa... all dev nodes assoc to tmpfs, since most everyone is moving
8843093... more comments
21468a6... add loadkeys
5f38a65... try to knock out more of the distro_debian bootloader stuff
4806a05... fix broken xml of previous commit
a573790... make default for optional modules to module instead of base
2d803ed... more debian cleanup
57a96cb... add firstboot
886907c... add firstboot
b51f2f3... add regression tester
545b0c9... add rshd
23ca91f... cleanup
2961e79... add ldap
f862c35... add gpm
fb0a3a9... initial support for compiling loadable modules
7abb9e3... change compile dir to /tmp since home dirs are ro to apache
55b104a... change to point to tresys.com/selinux
28f0329... for base module, only enable modules actually in it
f6e28ab... moved to selinux module
db93d70... mark userpace object classes
c04f2ab... complete infrastructure support for building modules
8b75b07... remove comment about monolithic only supported
a6df70c... more comments
4b8c548... move require to right position, for modular policy
f9b11e9... add howl
35ecf83... add rsync
902be0a... add privoxy
d83fdad... add bind
82024f9... do bools until loadable modules support tunables
3110dec... fix tunables
e28aa68... reformat for use in rpm
6d12276... fix quoting
c6299b2... add rpm spec skeleton
d4df0aa... remove bad changelog date
2a94561... start adding in templated interfaces
9439a25... update config, switch most to module
37aa3ff... update for release
c2ecf02... update for release
9074a25... missed a few
b3e0af0... more status update
fd637c8... targeted status info
698a4a5... remove status info on index, fix stale status on status pag
e7498c4... a few fixes
f3791fb... massive revision
a19e346... doctool display for no interfaces or templates
e5d4526... make corecommands required
451c1e3... send user role to per userdomain templates. update templat
246839f... fix up most of mta attribute insanity
1d1d21c... add mta stuff, fix inetd
6e61566... add comsat. clean up kerberos and nscd interfaces
768283a... cosmetics
6af06cd... fix typos
0c3d170... add dbus
631ee4d... finish remaining dbus bits
c0d1566... move rhgb_domain into TODO so modules can compile as binary
aa8995a... fixes. move rhgb into TODO
9d3bdc2... fix bugs uncovered from sediff
7c8fc35... add dhcpd
0f707d5... add squid
f344c0f... move dhcpd to dhcp
fdae8e7... add hal
ac0483a... add dictd
ce1b44a... typo
b11a75a... add ntp
603f90a... misc fixes
07b01c4... fix
8d93523... add inn
763a5e3... misc fixes
e376adf... update for release
541b7d5... new release
9646810... update flask
d913507... fixes
9b06402... add missing rules of other domains using inn
d17b4d2... add ktalk
eb3cb68... add portmap
9ff3003... add zebra. change ssh to default to initrc transition inst
0fdf3ef... fix sshd to use initrc transition while typeattribute in co
2e863f8... add first part of changes to make base module compilable
712566e... fixes to make base module compilable
082dcd9... add base mod changelog entry
777d80f... fixes
2705f9a... begin merging in upstream NSA CVS changes
83515f1... fix wrong interface in lock_domain()
0907bda... more merging of NSA CVS policy
f5bf2e2... more status for modules
e249813... add unused directory to module status
a797f51... fix
7bdc0b4... last changes
25225bb... make priority request nicer
3c8c1b2... add back missing rule from daemon_domain()
71fe0fa... fixes for module compiling
4479b31... require fix
84c9223... add samba
5a2649c... cleanup
605ba28... more merging from nsa cvs
98a8ead... more updates
5493c20... more updates
a082484... more merging from nsa cvs
ccc5978... add snmp
40adb57... add tftp
a47ea60... fix can_network_server expansion
cff75c9... more upstream merging
cf6a7d8... more upstream merging
41c4800... a few module compile fixes
a1fcff3... final updates from nsa cvs
3552066... update status 20050919
200f453... add stunnel
c0e4fe2... add appconfig for mls and mcs
343cd04... move stuff out of unused
4fd5201... add rlogin and telnet
9dfe4e2... telnet and rlogin done
9210553... add cpucontrol
93070cb... add cvs
3774e4e... todo cleanup
668be64... cvs and stunnel in
0e15cdf... change monolithic_policy to self_contained_policy for clari
11ba8e6... add priv_system_role
142e9f4... targeted and redhat cleanups
5fd4a1c... attribute fixes
6e0542e... fix error with file common being output, not file class (un
25c6746... loadable module compile fixes
996ae37... fix for removed example targeted config
08c5c97... fix for targeted
1fb83a7... fix system.users now that the gen_user macro is in support
90e497f... fix regex
fb2817d... make system.users look nicer
b53f93a... testing fixes
f7ba4a8... add uucp
44a4c23... update for 20050922 release
5ecee5d... add missing line from var_run_domain
6859519... move in uucp
4855866... update for release
5561135... update on targeted config
1d85c7a... update with change to how classes are handled in gen_requir
681c9a0... fixes from sediff
0058418... remove classes from gen_requires, and disable net_raw for n
8428592... add kudzu
fa67570... add radvd, plus a few cleanups from sediff
b9ae3aa... rework nis_use_ypbind since optionals dont work in conditio
9edc289... add anaconda
a23ffe6... add system_cron_entry and fix typo
6d788d8... comment fix
f0574fa... add mls privileges
e4aed15... update reserved ports
8f6cbfe... mls updates
1f91e1b... a few conditional cleanups
b03f960... add disable_trans support
724a9fa... add in missing(!) rule for uses_shlib($1)
20e306e... add dmidecode
246a604... add in a few parts of ftp
ca3c73d... status update
6942484... add in a couple missing rules
79cde31... add winbind
a2868f6... start adding secure_file_type implementation
ff85670... 20050928 update
a5ec7cb... more pieces of ftp
a996bdf... add most of apache
114fc45... misc fixes
f4d7fdc... add interfaces used in old anonymous_domain()
5bc9f30... fix comment
fc6524d... add ftp
6e99a6c... more apache work
e02c61c... rename context_template() to gen_context()
473ea71... temporarily add libselinux
4f9f30c... * Updated to sedoctool to read bool files and tunable fil
99505c1... fix files_exec_usr_src_files
9d3e339... partial mailman merge
d4dca58... add finger and bluetooth
4483ee8... add apm and arpwatch. fix implementation error on fs_getat
f33561f... add webalizer and sasl
fedd3ca... update INSTALL and start work on README
e9199fe... add anonymous_domain
799a0b4... add mailman
891a847... mailman is done
c2b18fa... more apache work
be4690a... add in last bits of webalizer
4c71994... add missing interface
c4bf979... start adding perm sets with refpol names
8df65f1... add sechecker targets
b1421d8... add some docs, do some reordering
f721a49... start moving around to prep for 1.27.1-15 update
c0c7013... merging 1.27.1-15
77f6e2c... partial (most of it) merge of selinux-policy-strict-sources
d8636fc... more merging from 1.27.1-15
f9d771d... merge 1.27.8 and 1.27.9
65a2523... more merging from 1.27.1-15
fe9d17f... more merging from 1.27.1-15
e08118a... add ppp
1f11ac9... more merging
4615d80... update 20051014
e749cd1... wrap up almost all of apache
c3a05c9... fix error uncovered by sechecker
97749e2... add more docs
8431326... error out if trying to build a module thats off or base
c381274... misc fixes
5a3b360... merge 1.27.10 changes
12ae755... piles of fixes for loadable modules
90c3dde... fix requires
0efe52a... fix last loadable module problems
af4752b... targeted and distro fixes for loadable modules
de76494... targeted policy fixes
61feb22... add missing entry
862a1e7... update for 20051019 release
a4e8b79... release
fdef437... complete build tools
2b01ae7... make DISTRO=redhat imply DIRECT_INITRC=y
4e69c1c... obj class typo for certs
cf6141a... fix corenetwork generation and add distcc
29ce000... add dovecot
06a5362... add all target to build base and modules
ea557a8... add cyrus
fe7b943... fix
3509484... add canna
23a4442... add xdm
ab58ad0... add 1.27.1-22 targeted policy
da4fc9c... sediff fixes
e6a2eaf... more fixes
1f8a8bb... more sediff fixes
959fca6... interlace monolithic and modular to catch errors in modular
ae90172... expand gen_context() in file contexts
ebed41b... woops, radius wasn't actually completed
239db5e... add networkmanager
10b1f32... add amanda
ae1d9af... simplify since alias take care of it
ad3b9d7... add lpd
a636210... add dbskk
230838e... add pegasus
44fc06b... add radius and amanda, which I forgot to ci
385dcd4... add radius
f932d8e... add spamassassin
04926d0... add postfix
ef5ca0f... add cups
f855442... nwmgr fixes
60de986... add dan's config
f8964c0... Added a file context for httpd.pid so that it is correctly
2db2c7d... fixes from sediff
43989f8... add rpc
19b5555... more fixes
710791f... more missing types
3d37bca... Added an allow that permitted apache to read httpd_sys_cont
bb67633... add initrc_su_t
1dd86c4... sediff fixes
fa16f25... Added rules to the smbd_t and the nmbd_t domains so that th
34e722f... more sediff
1480d3a... fix mls r_t
15fefa4... remove bin policy and kern module assertions for now
88e5d70... add
9d343af... fixes from chad
e64b338... fix
37fe0ec... update ranges
a3754ff... add configuration for testing
162dfc3... corenet fixes
57d8e6c... Added signal permissions to postgres so it can start
dd57ca3... Added rules to the bind policy for the named server so that
0354e30... Fixed a problem which was allowing processes to become unco
9bbc757... more fix
30705b6... fixes
b4e1ebc... hopefully fix su
7ebd6a9... add proc_net lnk
9c4fcf6... Removed differences between refpolicy and targeted NetworkM
bdfa8e7... Removed differences between refpolicy and targeted acct_t
6716737... fix most of samba
87ab639... woops
c11417c... Reduced the number of differences in amanda between the tar
f470a1e... Added a rule to allow apache to read httpd_sys_content_t so
69dcd68... fix most disable_trans errors
977b1d6... add nscd
d2c5739... Fixed an allow that should have been a dontaudit
40a1f3d... fix again
52e1edb... fix acct
ee7f66b... hide broken symtoms
3df88de... hide broken symptoms
2192d4b... Moved the dbus stuff inbetween networkmanager and bind to t
88dd389... more postfix work
9dd5002... homedir fixes
28e730b... module build fixes
60789e1... fixes
2964dce... new semodule_package cmdline args
a662d2b... make implicit work
83e4512... fix up su
240a3a9... appconfig side of su fix
9aca490... some home dir fixes
2c216c0... use the right interface
b0bdeb0... syslog logs to itself?
467602f... system_chkpwd can winbind
51f5c6a... add dontaudit
7b90f2d... testing fixes
784a3bb... privhome implementation
7eec657... add default_t read back
2aec146... use our own interface to make maintenance easier
e11d2e3... add missing nscd clients
d49d524... initrc also uses nscd
ee64ef4... typo
2526a44... missing privloggers
ccfd7b1... easy fixes
b7e1825... privfd
c3cf669... try to fix associations
7a6d427... a few more strays
e8d0a65... fixes from arpwatch testing
f5e4f79... fix rpm transition
33acca5... pile o fixes
d1b9d92... another pile o fixes
f13da83... Added search and getattr permissions to etc_mail_t dir for
4614e83... more fixing
5abea98... fixes from testing
ce03837... rpc fixes from testing
fc6198c... fixes from sediff
a525f29... sediff fixes
b281bf6... add some missing transitions from unconfined
08c22f4... more transition work
bc87f4d... testing configurations
05c6f04... dont remove home dir templates from base.fc
f1baed7... fix some /opt regexes
2f33cd7... put all users back into the base module
6894176... adding ldap configuration files and README.
8fb15d8... change of file names.
cf14e4b... Configuration for bind added.
7e1e18d... dhcp configuration added.
dd3544d... fixes from testing
7e1c14d... fix quoting
005a9aa... initrc fixes
b7cb7a9... adding configuration for rsync.
495a702... add missing range transition
f0f18e0... typo
bce06f1... updated modules.conf from dan
cbdb4ae... clean up unused booleans
375c241... ssh updates for targeted
2d13f72... take care of missing types
f1b0a8c... fix
9cb7c2a... Adding configuration for stunnel test (using stunnel to tun
dc8f170... fix up sendmail for targeted
cac3eca... fix te_trans conflict
f3936d3... nicer te_trans conflict fix
6284179... fixes uncovered by sediff
5777606... Added telnet configuration instructions.
6ff85b5... fix perm set
bea7b45... add missing tunable
0500e01... * fixes uncovered by sediff * fix disable_trans support so
9ca7e78... misc sediff fixes
aba9c7a... add missing httpd_helper_t tty part
305106e... Added a rule to allow dmidecode to use locallogin_t fd to m
30910b3... more fixes
b422aa9... initrc couldn't create/use its own pty!
ce0ff19... more of the same
dab808b... dbus obj class cleanup
0b12fa4... more dbus cleanup
7ac2258... tty and caps fixes
31a1c2d... fix filesystem associations
35adb6f... clean up socket
ee08bc4... read certs
168f5b3... tweak inconsistencies in old policy to make them consistent
b9ea0fe... clean up last var_run_domain expansion errors
b488014... hack
73ef293... fixes just so sediff is easier to handle
b909aca... adding configuration for spamassassin.
8f882ff... Added rules so that tracepath, traceroute and ping work.
e6f94f7... adding some config files for kerberos.
9c6feb6... add stuff from distros.fc
7afca0b... user tty fixes
307e114... missing dir
45aa10a... Added signal_perms to nscd_t.
bc6dfa6... Changed a { create rw_dir_perms } to a create_dir_perms sin
cd508d4... for now don't delete generated files. bring this back afte
8967bf8... merge in some of dan's old policy changes
76febd2... fix sendmail transition
42fc9a8... Fixing configuration files.
f683264... commented out cipher config options.
725926c... pile of sediff fixes
3e639ab... tty fixes
d3f715d... more fix
062e17a... add avahi
4b9516c... add avahi
2ab07eb... fixes for sorting
e3d21df... fix to use real type rather than alias
ce1e893... dont install booleans file anymore
2ed0d18... install booelans file on monolithic
59a00d8... add avahi
33faf59... correct shlib_t alias
51f3744... add missing /var/yp match
5211b05... Added configurations for testing tcpd.
c646a9f... add missing bin_t aliases
c2e35b8... fc fixes
c6825e9... missing matches
1904b01... fix changed rules
37c8521... use role dominance in targeted for compatability with stric
70fe5a3... turn off stuff not in original targeted
672a157... reorder to work around module compiler bug
65b9361... missing matches
3797efb... work around role dominance breakage in module compiler
2e0a880... changed rules fixes
e50d1d5... Configuration for mailman.
55290ad... small fixes
daff1dc... fix missing role statements
a6e32d6... add initrc_tmp_t mountpoint
3ad26d1... update rh broken symptoms
33ff9b8... missing fc's
4fe05f2... add debugging symbols
43373af... fcsort integration moved to policy server repo
5ae9081... fix ordering
175b1cb... reverse last change
7fefc1d... fix rpm
17da253... fix ordering problem
3be48fa... fix type transition conflicts
af86646... hack
15c235f... more broken symptoms
0d5d74e... remove extra rule
a8b62e7... more config files and updates.
9e91381... change dmesg and loadkeys behavior to aliasing, and enable
de0d265... temp genhomedircon hack
3ed2b69... role hack for genhomedircon
a0f5ff6... updated README
7b062ea... add patch from dan
c6d4c8f... clean up some hacks
801b2a7... add in procmail
3e6c816... add procmail
1dad083... stray procmail execs
58252e9... update status
8b4eab1... missed mls cat update
704327e... fix transitions in and out of unconfined. fix bugs uncover
1354ca0... fix superfluous network rules pointed out by dan walsh, and
37ff8fe... updates from dan
1d697ce... add last bits from dan
c5c3066... fix
95f82b0... fixes from dan
9cc2ccc... tweaks from dan
31b7c05... add fc mls policy
c767b14... merge makefile changes from branch
c45fa5d... slew of updates and fixes
af23450... patch from dan
1328802... Change optional_policy() to refer to the module name rather
2629c65... patch from dan to remove rhgb and gph:fd use
cf0ff55... fix so empty modules.conf check works
d828b5c... clean up networkmanager hacks
f00434f... clean up rpc hack
3f41889... add xfs
09741b1... cleanup from sediff
33d0871... remove rhgb_domain and update for optional_policy() behavio
131e573... add yppasswdd to nis
19ff64f... add rdisc
f11f0c1... add timidity
5d5ea8d... add irqbalance
08cd98b... big cleanup of mta
1504ff3... clean up most of the mta hacks
70fb22d... bump rev
574e63f... fix kerberos_use, which turned out to be a problem in dns_r
ac9aa26... work on users
9fd4b81... fix several modular build problems
78510c5... patch from dan
6820a39... add final bits of spamassassin
4093c29... add i18n
8e0ef1f... move build options out of Makefile into build.conf
058f3ef... move files, corecommands, and domain to kernel layer
7572070... loadable module build fixes
6f81e1d... many loadable module build fixes
f525b49... add back rules that were mistakenly removed
d337ec9... add in daemon attrib
0176d13... add check for duplicate interface/template definitions
1470ffb... fix dupe interfaces
fc0e8ce... clean up
bdb2fac... merge systemuser back in to users
35bb02a... updates
ffd0484... fix
3c8f6b1... policy-20051114.patch from dan
439aaa2... fix module compile issues
bd70373... add unlabeled association rules
b9d3b24... add non ipsec asssoc rule
67b8998... pre-release update
3233e29... add fc5t2 targeted modules.conf
cb1d1e9... remove testing configuration for release
2d54b83... fix
cd1b0b3... update for release
885e753... update for release
e2e9866... update for release
8c1db6c... update
c0626aa... fix typo
686f134... update
0f73fde... add sysstat
9667c15... fix compile errors
a089b6d... add fetchmail
44656a1... configuration files for automount.
8ba1bd8... make common template
b64a0eb... credit dan for patches
049e11a... policy-20051208.patch from dan, plus a few adjustments
5ea24be... fix module versions
7576fad... add automount
d457d0e... bump vers
cbe3275... add swat to samba, and fix an automount mistake
f2e1f26... pax mistakenly marked as userspace
a324ef1... rename texrel_shlib_t to textrel_shlib_t
3b4da47... fix interface
60caa30... fix ptracing of all domains
0c4bf1c... fix comment
4ac451f... fix errors reported on fedora-se ml
bb43724... stuff from dan
be1e6eb... fixes
9cca1cd... policy-20051208.patch
cd66769... another patch from dan
39a17ec... give dan credit for adding vbetool module
fc4054c... fix typo in require block
871b685... add smartmon
8710791... add ddcprobe
56c1def... fix spacing problem
0e8ec43... add openct
6f11d6b... add readahead
1d427ac... add slrnpull
a317cd8... fix formatting
765bd96... add setcontext to association class
8cffa78... add irc
bf080a4... part of dan's mega patch
afd38b1... forgot to update changelog for ipsec permission addition.
819ab67... update status
5e98eaa... remove unneeded rule
020cbef... add logwatch
d163a43... minor cleanups
b07eaef... add polyinstantiation.
5a35c02... woops
a77e652... patch from dan.
c8ba683... add screen
e831e41... fix role
44f490b... add usbmodules
7c10117... fix
7e0fa55... add roundup.
1ae2c31... add lockdev
b8c7982... disable builtin targets except for .c (for fcsort)
3c4d759... update
2c24358... add prelink.
50b0893... Petre Rodan will take care of some djbware
de8af9d... add alsa
de94087... rsync --daemon is long running, and can be run from an init
e0a9001... fix expansion of interfaces from disabled modules.
c5af97f... fix alignment
3ffe298... add java
4ec6941... add cdrecord
038bd3f... fixes to make screen work
460e051... fix comments
22d2e25... interface-ize screen fixes
8369293... fix comments, clean out object classes
9d59498... rename create verb to filetrans for type transitioning ifs
ce96df7... rename create verb to filetrans for type transitioning ifs
ebc7dfe... update checkpolicy required version
6a57b68... add slocate from dan
44d5d93... add daemontools, djbdns, publicfile, and ucspitcp from Petr
b7b1d23... add corenet patch from spencer
f40b368... fix typos and formatting
76b519d... fix module building problems.
cc5df23... fix encapsulation problem
93727e3... patch from dan 1/16/06
d3d2702... bump versions for release.
22cb0be... update for release.
26deab1... update for release
8cc4947... add usernetctl.
fe9b054... fix run_init constraint problem
e1c4142... add portage from gentoo
6b86ef0... move stray bin_t entry
625caeb... fix compile errors
6d14093... really fix the build problems
7c2f5a8... add userhelper
b94cc19... there is no initrc_var_run_t:dir
68228b3... Change initrc_var_run_t interface noun from script_pid to u
0a77288... fixes from dan
2bcdbd8... add certwatch
8dca6b9... add lpr policy to lpd
2de03f3... give info message for make html
92268c5... move certwatch to admin, its not a daemon
a49e2bd... hopefuly final fix for run_init
edb77e5... add execstack and execheap to unconfined domain exclusion
c1904de... formatting fixes
2ce6b04... login fixes and pieces of xserver
488ec7b... add xserver
55f1efa... forgot to bump version
85c20af... fixes from serge
a225f98... patch from Dan, sent Thu, 19 Jan 2006 14:16:26 -0500
924c0f2... identity changes from dan
dace0b2... work on xdm
acd87ca... add xauth and iceauth to xserver
3b31130... last bits of xserver
07620c0... more xdm work
1e786ea... fix user pty type_change
d14c0e7... add missing if
f6abfdb... fix sshd
6b1c8ee... remove unneeded dependency for generated_definitions.conf
9083905... add home_domain()
7dca64f... Collapse commands with grep piped to sed into one sed comma
c43ecfc... fix EOL extra space
6b5c92d... cleanup
18d59e1... reverse last change
ba35e4d... add fix for secadm_r. I dont like this, but it can be stra
59d721e... fix xml
a524921... patch from dan
37227dc... Add ctags Make target from Thomas Bleher.
a4fae7f... nicer way of doing fallback
3f026a9... override doesnt do anything for +=, use ?= assignment to si
5e4cbc7... remove newrole privs from su and sudo
4ace0fa... add rolemap/per-userdomain infrastructure
8c4989c... improve comments
6259d8e... add text for rolemap
9b3756b... add headers and outside tree building support
5850761... add line number and file name to xml, from selide people
270d428... from today's interface review meeting: s/kernel_use_unlabel
51a89cc... patch from dan Fri, 27 Jan 2006 01:37:19 -0500
bd90921... fix
575e269... update status
9d5606e... missed status update
6ada253... remove all class remaining lines with kernel object classes
18cc016... remove kernel module reversed interfaces.
0f5d13f... merge xdm into xserver
1576102... fix documentation
207c476... renaming from 20060131 interface review
445522d... renaming from 20060131 interface review, round 2
9e04f5c... renaming from 20060131 interface review, round 3
4d851fe... renaming from 20060131 interface review, round 4
6796266... add mrtg, bug 1394
fe21026... fix xml
bff1cef... fix for lineno and filename attributes
6bb0da3... add example module.
120988c... install-docs target, consolidate relabeling
6bc40ea... genhomedircon stuff only for strict
6018e9b... genhomedircon stuff only for strict
5bd1a70... move example makefile to doc
e52af25... remove unneeded gen_require_set() macro
ffd5c34... forgot to add if renaming to changelog
b77d019... merge tvtime to trunk bug 1391
8ff5530... fix a few fcs
6a0b252... status update
3284fb6... fix compile problem
46112fc... fix optional in fc, move contexts to their proper modules
1815bad... another slew of renaming
ee9500e... fix userdom_create_sysadm_home
9417cb7... clean up userdom_create_user_home()
017bab0... remove lvm_vg_t
cd07eae... remove redundant userdom_manage_generic_user_home_dir inter
c66a3aa... fix kernel_relabel_unlabeled()
f754793... a couple init renames
37f15c5... fix sendto
9550194... patch from dan Wed, 01 Feb 2006 08:33:30 -0500
5a975c1... work on xdm
4ef7567... add rpm install instructions
e0dfbdf... fix process object class assertion for hierarchy
9778406... patch from Serge Hallyn Thu, 09 Feb 2006 13:42:36 -0600, pl
885b83e... xml building changes, add desc tag to booleans, add summary
0e686f1... a few fixes
e60b983... do not remove intermediate files
b0d2243... patch from dan Thu, 09 Feb 2006 13:39:41 -0500
807a777... clean up patch from Serge Fri, 10 Feb 2006 18:01:06 -0600
0062f96... update for serge's fix
0a30b00... add x_client_domain implementation
24a6379... implement x_client_domain replacement
c9f20d5... merge external modules makefile changes
3a68d09... add missing endlines
d6cf05b... fix headers install path problem, segenxml.py variable prob
81a18f8... make html target create tmp dir
e2680fb... remove unneeded LOCAL_LAYERS variable
90b331f... add users_extra support
ddb9aaf... make default action build all packages, like the comment sa
ace3688... add seusers support
fcfe684... remove unneeded dep
b389cd4... reverse
988a441... remove unneeded dep
5b45ffb... fix regression; remove unneeded ROOT and make BUILDDIR have
8cf6714... patch from dan Tue, 14 Feb 2006 09:01:16 -0500
3d59806... fix dependency for install-headers
ad8af23... add missing vpath and .pp build dir for modules in local la
5b6ddb9... add uml, plus two renames in corenet
7e86de9... status update
fffba0b... add missing verbose to fc_sort and add target for generated
8d1111f... fix default user line
58b2a3c... nicen echoing
1a7175a... fix build.conf inclusion for local policies, add xml build
a395250... fix bad interface calls
3eea551... Remove allow_execmem from targeted policy domain_base_type(
b9e6c42... second colon not needed for mls-disabled policies.
e1ee92b... fix up cron_crw_tcp_socket()
4a02d30... clean up most of user subdir mess
46c69cb... patch from dan Sun, 19 Feb 2006 08:16:18 -0500
0eba5d6... fix most templated interface calls outside of templates
15722ec... another round of renaming
4ca6d0d... fix tmp dir usage
2283dc7... add gentoo integrated run init
103fe28... another round of renaming
6a73806... add default headerdir in case users try to make -C instead
794a56c... try to be smarter about NAME
02bcb8b... patch from dan Mon, 20 Feb 2006 17:19:34 -0500
675a0ee... add interfaces to eventually clean up the storage_create_fi
0f27d98... patch from dan Thu, 23 Feb 2006 14:26:05 -0500
13a4943... make sure booleans get in to booleans.conf
1c1ac67... make (almost) all interface parameters required. move boot
e5a602a... move bootloader to admin
72ed29b... fix typo
87e73c5... add unconfigured modules to OFF_MODS, and change APPS_ON to
32e6fc6... add missing rules
2b3c99d... bump version numbers for release
1e1d126... scripts are loaded by the interpreter rather than ran direc
0fc3e1b... update for release
af3dd8d... update api docs
3d65201... update for release
42e77a5... update for release
a4bbe38... add a few missing bits
ce3145e... add tor module from Erich Schubert
8a0a994... add amavis and clamav from Erich Schubert
56df236... contrib by erich schubert
0c54fcf... add apt and dpkg from erich schubert
1852726... add thunderbird
3bb0a3b... fix typo
338dbd7... thunderbird merged
c8d5b35... add rhgb
77b81c6... add mplayer
63e0a1e... updated mls comments from chad hanson
9105f90... add mozilla bug 1396
edf241c... add evolution, bug 1384
49b41cb... fix missing dep
e78c775... fix temporary rules in portmap, bug 1467
3b39334... add comment so this bit can be fixed.
3cfd487... add ssp patch and move some domain_(base_)?_type() rules to
7400d12... remove unneeded rule
0834f9b... add ethereal, bug 1383
efc94af... fix explicit dep of policy.conf
405efe1... additional mls interfaces from chad hanson.
aa5f871... add listen and accept to tcp_sock
c28caf3... fix misname of template
3abd5ee... Change build order to preserve m4 line number information s
ce6c136... gentoo fixes
35d0857... sort to get all attribute declarations above type declarati
3dbceb8... fix most missing entries from bug 1567
b67fafc... move typealias statements up too
fbc0a27... add games, bug 1386
f62f4c7... work around locale weirdness in FC that affects sort.
7f74a41... add audioentropy, bug 1515
99c902f... add calamaris, bug 1518
7013167... add in full permission sets now that it will be used for re
dcd174a... comment fix
a3cf80d... patch from dan Fri, 17 Mar 2006 15:22:53 -0500
ac6cff2... fix vpn module declaration.
7fd9a60... add hidd
0db866c... enable optionals in base/monolithic
bb7170f... deprecate module name as first parameter of optional_policy
8b2d5ca... fixes from thomas bleher Fri, 24 Mar 2006 13:25:54 +0100
d42c7ed... Additional interfaces in corecommands, miscfiles, and userd
096ae61... add cipe, bug 1519.
ab23bb9... make interfaces expand now that they aren't ifdef'd away
a5d5465... remove unneeded gen_require in can_exec
1786478... add user fonts to xserver.
3a1fb3c... cleanup
a65611d... clean up to make files use its own interfaces.
28567af... use device_node attribute instead of individual calls per t
1ce7f6b... bump rev
bcdcc55... add extra dep to init_t interfaces since init_t is in base
41b25f5... cleanups
8e788ed... clean up formatting
d2a9030... change reiserfs from xattr to genfscon
9779f09... Constrain transitions in MCS so unconfined_t cannot have ar
55b1905... semodule needs to manage the file contexts
da14da8... make fs use its own interfaces.
be0b1b5... remove stray bit from old su-newrole
f3ac5e9... move su_exec_t decl back to su module.
fa2c744... bump rev
7249255... patch from dan Wed, 29 Mar 2006 15:32:51 -0500
b192570... fix typo seen by jathey
2f1a8fb... add distro rhel4
58a3822... add back newrole functionality in rhel4
1896311... add dante, bug 1521
0610998... update for past renames
3b91474... TODO cleanup
4a11802... fix typo pointed out by james
baec643... fix some textrel libs on fc
65e131f... add qmail
7f9ebb2... add postgrey
e551601... add snort, bug 1546
3411c3c... add pxe, bug 1540
27c34bb... really fix init out of base module problem
70de70d... really fix
a478b5e... add nessus, bug 1532
f1e604b... add nagios, bug 1531
fc70c9d... remove devfs_control_t
0578bf8... make .te and .fc files optional by touching them if they ar
413982c... move xconsole to xserver mod
18fa7ac... big status update
6aa357c... change wording of status
185ab24... fixes for rhel4 genhomedircon.
a3e785d... try 2 on rhel4 fixes
5d92a20... try 3 on rhel4 fixes
a7c960a... try 4 on rhel4 fixes
3eec24b... add uwimap, bug 1552
5516db6... add xprint, bug 1553
b518fc2... move over to attributes for unconfined interfaces.
f82f22c... fix assertions
6f8cda9... add courier, bug 1520
2014458... fix up command line module settings
03631a5... missed changelog entry, bug 1520
8cfa5a0... first part of dans patch Tue, 11 Apr 2006 09:25:24 -0400
c655ec4... second part of dans patch Tue, 11 Apr 2006 09:25:24 -0400
4e656a1... add uptime, bug 1551
dfd2c1e... add uptime, bug 1551
fa89516... add transproxy, bug 1549
5501be5... add speedtouch, bug 1548
0cc79fc... add perdition, bug 1537
61cf534... add jabber, bug 1529
26eac6d... massive rewrite for out of tree building of modules.
7f3d157... fix up title
2b10a6c... fix formatting, fix xml in example.
df1c285... fix capitalization
e38cb71... add semanage transition for unconfined
b057be8... add resmgr, bug 1543
69d1af0... status update
2ba3de9... add openvpn from petre rodan
cdc86ee... first part of dans patch Fri, 14 Apr 2006 08:08:43 -0400
abc73a7... second part of dans patch Fri, 14 Apr 2006 08:08:43 -0400
86e869e... stabilize make conf output from erich, bug 1242
eeb8ea4... fix bad rules in samba, bug 1623
e3e37e8... add asterisk and ntop.
dd6f828... update test scripts
f8cd6f7... cleanup
478f0ca... fix up openvpn port
5f6fb4c... more completed modules
5d03fc2... add gatekeeper, bug 1526
85a0f96... patch from dan Tue, 18 Apr 2006 23:16:15 -0400
fb63d0b... add concept of executables, and update policies which reall
02f9b21... first cut of hierarchical policy
82f1dfb... fixes
0377627... misc cleanup
8536924... add tripwire, bug 1550
57f233b... add backup, bug 1517
6cd6d7a... add gift, bug 1527
53bf559... fix stray texrel_shlib_t references
9e725d8... add dnsmasq, bug 1524
9b244cb... add soundserver, bug 1547
4d73bb4... add imaze, bug 1528
5b4d099... more implemented modules
70b8a72... add ddclient, bug 1523
5540e76... add rssh, bug 1544
0e1c461... more of patch from dan Thu, 20 Apr 2006 14:06:03 -0400
a6a638d... add vmware, bug 1389
b35d3f7... add vmware, bug 1389
5b7b2b0... fixes for testing with unconfined vms
677de4d... add template doc
03d797c... fixes for confined vmware sessions
11a4a22... more status updates
06e2775... add nrpe to nagios, bug 1533
b6b5747... add authbind, bug 1516
6a21cef... add nsd, bug 1534
e4166a1... another status update
b6d37eb... add munin, bug 1530
f30e6ea... add yam, bug 1554
050f364... add ircd, bug 1658
d592b69... add watchdog, bug 1662
512e8cf... remove broad ldap access
9f8c872... status update for today
2788187... add missing entrypoint
d40c0ec... fix up entrypoints
3f1c086... add monop, bug 1659.
e8bf4dc... fix optional
b6cc2f9... add sxid, bug 1661
5706fac... make dupe interface and templates a fatal error.
5bd9fd7... add openca, bug 1660
6714c26... split out filetrans part of files_manage_etc_runtime_files(
2e9cd95... add oav, bug 1536
bc5211d... status update
ea5333d... add target for validating module linking, bug 1276
e993594... patch from dan Tue, 02 May 2006 10:08:17 -0400, includes py
8bf6f58... split type transition from auth_manage_shadow
988930d... HOME_DIR only on strict
6ba4d96... add dcc, bug 1522
f40b22b... add appletalk socket for cups
c8229a9... add appletalk socket for cups
48b1d0b... add afs, bug 1514
12cd9a0... add portslave, bug 1538
20e929e... add razor, bug 1542
858a1fa... dontaudit chroot, glibc compile is ok without it
bf2f29a... fix broken macro calls
46bec43... add clockspeed from petre rodan
6bd4494... add nx, bug 1535
4c44b8d... ssh_keysign_exec_t should be a bin
54d01c8... pyzor does not have a per userdomain template
88d68f6... remove unreproducible notatsecure problem, bug 1411
f827eb6... fixes from testing
eac0b8b... status update
e58da02... document postfix templates, remove postfix_public_domain_te
e8ffdfc... document postfix templates, remove postfix_public_domain_te
727758a... make executable
ac9db9b... document remaining interfaces w/o XML. turn on warnings fo
88bc7af... fix sendmail_exec_t encapsulation breakage
013d746... add apache_manage_all_content, bug 1602
e9a4084... clean up some apache networking perms
21d173a... remove rules added to make sediff easier
fc47b34... Add a copy of genhomedircon for monolithic policy building,
28401d2... gentoo has passwd in /bin
b0bdcba... update admin template docs
75c1c26... add info on build options
6c5614d... move old strict, targeted, and mls policies to archive
165b42d... most of patch from dan Mon, 15 May 2006 11:58:01 -0400
b516e80... start cleaning up node binding and raw if/node access
5f4b569... fix example.te
46fc46c... fixes for gentoo
87eb5c8... patch from dan Thu, 18 May 2006 11:56:22 -0400
9d45380... patch from russell Fri, 19 May 2006 20:28:29 +1000
41a0f8b... move selinux unconfined to attribute setup, clean up unconf
2288381... cleanup init_t a little
c55b6f2... add packet security class
8fa4943... add back stray file descriptors dontaudit for rhel4
263721b... dontaudit just the kernel fd use, the others may indicate p
e126047... no user contexts for strict policy
a013b55... initial addition of packet policy, allow unconfined to send
e37158e... initial support for packets
6293bae... allow iptables to relabelto all packets
d6c62e7... initial commit of netfilter config generator tool, still ne
c890249... use network_port()s to declare packets, since packets match
29a0519... add compute_av for doing rootok check
d6d8b70... add command line arguments support, and mls/mcs support
df15d00... fix chain declaration
d24259b... fix handling of comments at the end of the line, and add co
6b873c4... fix copyright years
6962bb3... add makefile support for netfilter contexts
e4b30fb... remove debugging statemnet
c5657a2... add generic packet interfaces, and fix up unconfined handli
378d5cd... initial packet rules
f6e83a7... typo
8745d93... packets from configuring cups from a web browser and printi
1896941... reorganize the file
7b64368... update ssh for packets
2f8eec2... add client and server packet attributes
4b01e21... comment out .SECONDARY since its broken in make 3.81, and r
332bb3f... fix typos
bfad886... packets for users
006e998... packet updates for kernel, nscd, bind, ntp, spamassassin, a
72fcec8... more packets
b8373ee... updates for nfs, squid, and mta
968ace9... apache packets
5afdf0b... add gcc-config to portage
35a4b34... break packet_t into server_packet_t client_packet_t, and co
c0d8c41... add packets for apps
9d0c9b3... packets for admin modules
141cffd... packets for services
9a879bd... packets for ftp
42d0536... fill out networking perms
3152d15... packets for inetd
3d03a4f... packets
97c57a1... missing net_bind_service cap for bind_all_ports interfaces
6e76320... fix bad use of templates
fc2dac6... improve warning message, with file and line numbers
e51048a... fix execmod all files rule in wine
522b59b... patch from dan Tue, 06 Jun 2006 22:50:46 -0400
9c1c08e... fix most bad rules in cups, bug 1771
5fe2095... shell scripts in the apr build dir
c227050... another script in the apr build dir
eeab571... fix up bad ifdefs and remove foo.te definition for modules.
290a4a9... use domtrans from initrc for insmod
8e86e4e... fix typo
06b9bd1... add ifndef convenience macro
d576ae1... fix to use ifndef convenience macro
821f78b... fix dbus_user_bus_client_template
4f447b0... Fix build system to not move type declarations out of optio
c546864... remove some extra endlines
2dbd382... patch from dan Mon, 12 Jun 2006 15:32:00 -0400
371097e... undo dans reversion
75fbbb0... add ftpdctl from paul howarth
884e3be... fix typos
b68a85c... clean up usercanread
7d1e368... fix typo
9539535... fix typo
eaa823e... remove redundant conditional
e586ecc... fix typo
cc0c00d... remove raw network, make mta optional, and a little cleanup
1b11a1f... need send_msg for merging dbus
123a990... patch from Dan Tue, 20 Jun 2006 16:19:13 -0400
2dd1d30... list dans patches
fe3a1eb... add key support
4a7b2c5... bump mod versions for key
c72f53f... fix "no modules enabled" check
906f108... change assignment of programs so they can be overridden on
c467d98... temporarily add unlabeled packet perm to unlabeled associat
81a016f... change eventpollfs labeling to task sid
c11774e... fix initrc_context for targeted
e2ae086... add support for toolchain testing
2cc4072... make mta dep optional
f35fed5... a few TODO fixes, and deprecate mount_send_nfs_client_reque
29943b3... add vgetty log fc
1f6524a... more TODO cleanup
0950eeb... change to use validate target for module linking
385e624... move non-policy dirs out of trunk
3aab4a8... add audit_write and a little style cleanup.
85311bf... add 3rd party interface for transition out of unconfined
b6a9bc3... missing tcp connect for http cache
17de1b7... remove extra level of directory
2defa77... remove extra level of directory
133000c... remove setbool auditallow, except for distro_rhel4.
da9bbc6... fix up audit message perms now that audit_write denials are
d822675... add access to keys for unconfined
19ebf01... patch to fix escaping of . in file contexts from james athe
8b9ebd3... some cleanup in the kernel layer
ea3c1f5... add helpers for printing warning and error messages
d617143... remove deprecated mount_send_nfs_client_request() from stun
79f5f5e... add gdm Xsession fc
528811e... clean up most of the remaining ssh TODO
81aa67f... more ssh agent fixes
4655103... patch from dan Wed, 26 Jul 2006 14:42:46 -0400
4b3b46d... add authlogin interface to abstract common login program pe
85476e9... fix up mtrr interfaces. missing the file class on a few in
9d3a3f8... add missing entry for dan's last patch
80f928e... display warning if using loadkeys_domtrans() in targeted
4846dc8... patch from Stefan for mrtg daemon operation.
5a7c06f... add support for netfilter_contexts
f5d1d0f... missed changelog entry for nc
eb8a263... fix target deps for nc
497da09... ps/ptrace dontaudit cleanup
cfd5c5e... add variable for install, and do other helper pgm cleanup
bd56da4... clean up constraints
33c7e6b... remove dead selopt rules
3573908... fix cron_system_entry() rules
ba1a545... cleanup in authlogin
e50a55b... clear executable bits
4bc6e32... fix for netfilter_contexts
e9b9e45... testing fixes
2ed690d... fix typo in sxid
3ef029d... add nscd_socket_use() to auth_use_nsswitch() since it cache
5b4ff3a... fix ordering bug
d15dd5a... more testing fixes
98de871... more strict testing fixes
de22282... fix gentoo /opt contexts
e539a49... This patch enables to use xattr on jffs2 filesystem.
ce6bf7c... more testing fixes
a5e2133... patch from dan Wed, 23 Aug 2006 14:03:49 -0400
c634db2... fix makefile style so internal variables are lowercase
eac818f... patch from dan Thu, 31 Aug 2006 15:16:30 -0400
9b45c60... This patch adds a polmatch avperm to arbitrate flow/state's
5dbda55... patch from dan Fri, 01 Sep 2006 15:45:24 -0400
13d7cec... patch from erich Sat, 02 Sep 2006 03:37:44 +0200
686f11c... add corenetwork.if dependency on corenetwork.te.in, since i
91dabf4... fix up usb.ids per distro
75beb95... patch from dan Tue, 05 Sep 2006 17:06:06 -0400
bbcd3c9... add main part of role-o-matic
95b8223... cleanups
b1bf2f7... add last bit of role infrastructure
376fbc0... clean up usercanread
0d96ff3... misc fixes
2cac32a... fix miscfiles_read_localization()
73ca55d... patches from erich Wed, 13 Sep 2006 16:18:18 +0200
9dfbd81... forgot to bump policy vers
1a79cf0... add -E to python commands
2b571d6... common users list inotifyfs
cf7af13... add mls fd constraints
bf469d7... gentoo testing fixes
a9e03b3... * add a macro for generating category declarations * fix us
8708d9b... patch from dan Wed, 20 Sep 2006 12:12:49 -0400
693d4ae... patch from dan Fri, 22 Sep 2006 16:30:34 -0400
e2b84ef... patch from dan Mon, 25 Sep 2006 15:46:40 -0400
6c63996... fix build error
49317e6... fix corenetwork so the ifdef enable_mls survives to regular
f8cfddb... fix ticket #15.
0021906... This patch adds a GConf policy to refpolicy.
e070dd2... - Move range transitions to modules. - Make number of MLS s
3c3c043... patch from russell, Thu, 5 Oct 2006 22:44:49 +1000 Allow un
546c81c... more non .so lib files for acrobat
830c12e... apply contested part of russell's last patch
f76d070... fix some stuff that does not affect policy
93ddc66... change transition from run_init to initrc to spec.
85f0c35... make optional the inetd dependency in samba
2128323... mkdir policy and file contexts dirs in make load of modular
d508474... add load target to Makefile.devel
8a2492a... fix makefile to install root default contexts
14b1684... gentoo testing fixes.
009b377... more realplayer entries
0e5c544... fix term_tty() associations
e45324d... gentoo integrated run_init rules in wrong build option.
aeaae51... fix ticket #16
130f8a4... merge netlabel stuff from labeled-networking branch
d4a48c4... make inetd optional
b04eccd... fix duplicate /usr/bin/mplayer fc match for targeted
a52b4d4... bump versions to release numbers
248cccf... 20061018 release
a8671ae... enhanced setransd support from darrel goeddel
76bac89... make load target more friendly and add reload target
d5ae683... add seutil_rw_config()
5824380... fix up corecommands perm sets, add seutil_manage_config_dir
d9845ae... patch from dan Tue, 24 Oct 2006 11:00:28 -0400
f497b8d... Christopher J. PeBenito wrote: > We could add another 'or'
0f9a2be... add missing gentoo file contexts for initrc and lvm
ed38ca9... fixes from gentoo strict testing: - Allow semanage to read
59f8539... - Add a reload target to Modules.devel and change the load
c6a60bb... On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote: > He
d31d3c1... This modifies the mls constraint for polmatch in the associ
fa45da0... add aide, ccs, and ricci
c31f672... fix dontaudit interface that was allowing instead of dontau
bff9071... fix dontaudit interface that was allowing instead of dontau
563e58e... patch from dan for some missing gen_require()s
d6d16b9... patch from dan Wed, 29 Nov 2006 17:06:40 -0500
c0868a7... merge policy patterns to trunk
42c5c5f... bump versions for release.
b001503... update version and changelog for release
ff943a1... Clean up file context regexes in apache and java, from Eamo
10e1209... Fix explicit use of httpd_t in openca_domtrans(), bug #22.
4bd55eb... Fix explicit use of httpd_t in openca_domtrans(), bug #22.
6b19be3... patch from dan, Thu, 2007-01-25 at 08:12 -0500
f1be09c... make ttys and ptys device nodes
bcac3a5... Patch to remove incorrect cron labeling in apache.fc from R
d114071... While using samba and SELinux with Debian GNU/Linux (etch)
aeb54c6... Patch to allow apmd to telinit from Dan Walsh.
4685213... Patch for misc fixes to nis ypxfr policy from Dan Walsh.
66cf194... Patch to remove redundant mls_trusted_object() call from Da
5c45eae... On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote: >
3a39015... On Tue, 2007-02-20 at 12:30 -0500, Daniel J Walsh wrote: >
a715dc0... add dccp_socket object class
bbb7cc8... Patch to start deprecating usercanread attribute from Ryan
5b06477... On Tue, 2007-02-20 at 12:02 -0500, Daniel J Walsh wrote: >
f0eaed3... Patch for misc fixes to bluetooth from Dan Walsh.
ca448bd... add init_exec() to init_telinit().
cd548f7... fix man page patch from dan walsh
86d754e... Add support for libselinux 2.0.5 init_selinuxmnt() changes.
bf39cdb... Patch for additional games file contexts from Dan Walsh.
2aea366... Patch for an additional wine executable from Dan Walsh.
09c56f5... Patch for kerberized ftp and other ftp fixes from Dan Walsh
4900fdf... Patch for kerberized telnet fixes from Dan Walsh.
ecc98e1... patches for file contexts in networkmanager, miscfiles, cor
f2c69c4... lmtp and smtp are the same file require same context of set
c5561c7... patches for lvm and ricci fixes from Dan Walsh.
c23eb5b... Patch for gssd fixes from Dan Walsh
7aca2aa... setroubleshoot has a plugin that checks the file context on
7aefc69... trivial change from dan
59bedc1... procmail uses /tmp files Wants to send signull to itself Ca
cdc91b9... Patch for handling restart of nscd when ran from useradd, g
b5a6c86... last bit of dans patch
0cca516... fix for rh bug 203290
b50f2ee... It was just pointed out to me that the raw IP socket class
6c20f77... patch from Dan for sudo: sudo should be able to getattr on
c224d91... from Dan: This is a new policy for the User Switching capab
e66689f... other part of consolekit addition
86b28c9... trivial patch from dan for sysstat access to sysfs
7200146... trivial patch for radius from dan
9378492... add kvmfs support, from dan
4832f0e... create user gpg keys dir patch from dan
a5f5eba... Add dontaudits for init fds and console to init_daemon_doma
efcf9df... kudzu will telinit to make init re-read the inittab after c
cd3ee91... add fail2ban from dan
d17bab0... stop adding netfilter contexts, as decided at the developer
19fd930... patch from dan to have ricci modstorage transition to lvm
cc9130b... one-liner from dan
5f5b7a1... network fix from dan
1852cda... deprecated pax class
e9b0042... Output different header sets for kernel and userland from f
ab514d6... remove disable_trans booleans
8021cb4... Merge sbin_t and ls_exec_t into bin_t.
56e1b3d... - Move booleans and tunables to modules when it is only use
9e8f65c... six trivial patches from dan for iptables, netutils, ipsec,
a26923c... Two patches from Paul Moore to for ipsec to remove redundan
dde00d4... add refresh target to devel makefile which tries to reload
f6ddd6b... bools in modules fix to require the boolean in optionals th
f88ef60... emit "null" instead of NULL for userspace headers
39d8dcd... fix http_script_domains, it was incorrectly applied to the
98faba1... gentoo /lib can be a symlink on x86-64 systems
f4e2b19... man page updates from dan
9af48ee... six patches from dan
ebc1e8b... from dan:
19b2dee... confine ldconfig in targeted, from dan
82e284b... last piece of dan's previous patch
99064c9... more consolekit updates from dan
6974890... 5 patches from dan. confine insmod and udev on targeted, m
97e8156... add zabbix from dan
4029f11... last piece of previous consolekit patch
0251df3... bump module versions for release
2733830... final release entries for 20070417
7a4bd42... Fix clockspeed_run_cli() declaration, it was incorrectly de
b4dfdc7... Move program admin template usage out of userdom_admin_user
cd16fe6... Replace the old lrrd fc entries with correct munin ones.
d28e528... Fixes for RHEL4 from the CLIP project.
b4beb0a... missed piece of clip patch
7487a66... trivial fix from dan for bluetooth
27c570f... trivial fix for netutils from dan
f9029fc... Patch to allow slocate to getattr other filesystems and dir
ae32fb7... trivial aide fix from dan
747ab18... Patch to allow amavis to read spamassassin libraries from D
6a29757... add rwho from Nalin Dahyabhai
882186c... - Patch to allow insmod to mount kvmfs and dontaudit rw unc
517618f... Patch to dontaudit logrotate searching avahi pid directory
ed4b730... Patch to have avahi use the nsswitch interface rather than
7f819d8... add missing rename_dir_perms
0ef5d66... textrel lib update from dan
4967aaa... Miscellaneous consolekit fixes from Dan Walsh.
b129e20... Fixes for squid, dovecot, and snmp from Dan Walsh.
78f17e6... add apcupsd from dan
12217cc... Patch to begin separating out hald helper programs from Dan
762d2cb... merge restorecon into setfiles
38d0cf1... trunk: long overdue cleanup from when range_transitions wer
c412be6... trunk: remaining pieces for apcupsd module
a39a931... trunk: snmp tweak from dan
17b9cb7... trunk: fix line in evolution to be strict-only; was being c
7782966... add fc entry for make_reiser4
f6a590d... six simple patches from dan
d534d35... trunk: 5 patches from dan
6649aec... trunk: 3 patches from dan
f7101c5... trunk: 7 simple patches from dan.
262def1... trunk: version bumps for previous commit.
d5b81a8... trunk: Add logging_send_audit_msgs() interface and deprecat
a74d1ad... trunk: add amtu from dan
d139413... trunk: 2 patches from dan
41337aa... Memprotect support patch from Stephen Smalley.
cb10a2d... trunk: Tunable connection to postgresql for users from KaiG
6c8aba7... trunk: confine sendmail and logrotate on targeted
788d88c... trunk: drop snmpd_etc_t.
40df567... trunk: big samba update from dan
99b5a56... trunk: radius one-liner from dan
5bf9deb... trunk: 3 patches from dan
92d1ade... trunk: trivial gentoo tweaks
7f08978... trunk: xen updates from dan
a90a256... trunk: procmail tweak from dan.
02f2c3e... trunk: nagios update from dan
22bff65... trunk: fix typo in vmware.fc
2c3ac47... trunk: pyzor and clamav updates from dan
1900668... trunk: Unified labeled networking policy from Paul Moore.
7b61fe5... trunk: add rpcbind from dan
f5842c1... trunk: minor amanda update from dan
e5e55ac... trunk, strict-targeted-merge: add mmap_zero to xserver doma
4231988... trunk: add templates to tags generation
113b4fc... Fix incorrectly named files_lib_filetrans_shared_lib() inte
116c1da... trunk: update module version numbers for release.
970122c... trunk: updated version and changelog for release
f80a0e4... trunk: Add debian apcupsd binary location, from Stefan Schu
6929521... trunk: fix missed netlabel deprecation
d46cfe4... trunk: add application module
708aab1... trunk: fix targeted sshd. When the domain was unaliased fr
924f3cc... trunk: add getserv and shmemserv nscd permissions.
63acaf5... trunk: fix pipe permission set in domtrans_pattern().
371d11e... trunk: add 3rd party interface for apache cgi.
c040ea1... trunk: several support macro fixes.
939a428... trunk: 3 patches from dan
3d6e962... trunk: filesystem patch from dan
9760cbe... trunk: Database userspace object manager classes from KaiGa
2d0c9ce... trunk: several MLS enhancements.
f8233ab... trunk: Deprecate mls_file_write_down() and mls_file_read_up
1779bef... trunk: fix gdm xsession scripts on redhat machines.
80d5e02... trunk: Files and radvd updates from Stefan Schulze Frieling
f65ca5f... trunk: add some info to the readme about building from head
8d2c341... trunk: updates from dan on 9 modules
2af7b42... trunk: switch daemons from inheriting from all levels to in
d62c088... Update MLS constraints from LSPP evaluated policy.
752ddf5... trunk: add missing commas in can_exec in daemontools that w
a2f4448... trunk: patch to allow sendmail to read ssl/tls certificates
6dd721a... trunk: 7 patches from dan, slocate, games, amavis, radius,
85bec1a... trunk: fix example.if xml problems
4922765... trunk: fix certwatch_run() interface, which had a typo in t
ce2c80f... trunk: make coda nfs_t, ticket #39.
0a0b807... trunk: 5 patches from dan.
016e5c5... trunk: 4 patches from dan.
8241b53... trunk: udev update and brctl module from dan.
72f82c4... trunk: six patches from dan.
abc8934... trunk: two tiny patches from Stefan Schulze Frielinghaus
8a9d6f6... trunk: 6 patches from dan.
134a799... trunk: 3 patches from dan.
14add30... trunk: 3 patches from dan.
8242f5a... trunk: add bitlbee from devin carraway and add tcpd_wrapped
0cf6df5... trunk: add awstats from Stefan Schulze Frielinghaus.
6f49b49... trunk: Patch to add missing requirements in userdomain inte
ff4085d... trunk: one-liner from Shintaro Fujiwara.
96fc0a4... trunk: Fix XML building for external reference builds and h
4ddc7ba... trunk: xml doc one-liner from Stefan Schulze Frielinghaus.
aef93a7... trunk: one-liner from Shintaro Fujiwara
8acfcbc... trunk: Add support for setting the unknown permissions hand
3480f3f... trunk: bump version numbers for release.
94636e4... trunk: update sources rpm spec file.
cb811cd... trunk: update version and changelog for release.
350b6ab... trunk: merge strict and targeted policies. merge shlib_t i
12e9ea1... trunk: module version bumps for previous commit.
6c53a10... trunk: Patch to clean up unescaped periods in several file
81d4c88... trunk: remove stale user_net_control reference in usernetct
ef659a4... Deprecate some old file and dir permission set macros in fa
cdf98fe... trunk: 10 patches from dan.
bc01b35... trunk: 2 patches from dan.
f487827... trunk: reorganize amanda and bind
a27d1c6... trunk: gdm is in /usr/sbin on rawhide machines, from Eamon
3662709... trunk: fix unconditional call to nscd from usermanage run i
3a9096d... trunk: do not emit S_(0, 0, 0) in kernel headers for usersp
651df3c... trunk: do not emit lines in the kernel version of av_inheri
32c05cc... trunk: fix flask.py Flask class userspace dictionary usage.
e83edee... trunk: fix do not userspace commons in kernel version of av
a334d29... trunk: add infrastructure for managing user web content.
2f27163... trunk: 3 patches from dan.
3c99e59... trunk: add /var/lib search for system bus template.
6bf8bf4... trunk: add exim from dan.
8e2fb69... trunk: filesystem patch from dan.
bd973e3... trunk: remove unused types from dbus.
495df41... trunk: 11 patches from dan.
164772b... trunk: Russian man page translations from Andrey Markelov.
7d4161c... trunk: 3 patches from dan.
3ece118... trunk: fix init_ranged_system_domain range_transition objec
8bdb48d... trunk: 6 patches from dan.
eaed904... trunk: 3 patches from dan.
4605adc... trunk: add postfixpolicyd from Jan-Frode Myklebust.
3b498a9... trunk: add gentoo hal fc entry.
847937d... trunk: Patch to restructure user role templates to create r
a56055e... trunk: rearrange the bottom of domain.if and fix domain_ips
bdccbac... trunk: add labeled networking support to unconfined.
9820351... trunk: add in polmatch for default spd.
2999cea... trunk: remove duplicate specifiction for /usr/lib/devices o
6c91189... trunk: 8 patches from dan.
226c069... trunk: 9 patches from dan.
eeef8dc... trunk: Add interface for libselinux constructor, for libsel
389ad7b... trunk: reorganize selinuxutil.
53da70c... trunk: deprecate seutil_manage_selinux_config() in favor of
013783b... trunk: switch newrole and run_init over to use nsswitch.
ccf6611... trunk: add unconfined_run_to().
6ab634a... trunk: fix dup specification for /var/spool/cups/*
285d009... trunk: do not install netfilter_contexts on monolithic.
8d1f9d9... trunk: add missing tcp_socket rules for xfs.
0b6acad... trunk: More complete labeled networking infrastructure from
0aa18d9... trunk: version bumps for previous commit.
2f5c2f2... trunk: remove duplicate init_system_domain() call for setfi
1483be1... trunk: handle early boot on debian, for /dev labeling.
6138d3d... trunk: test fix for newrole.
c2b87f2... trunk: test fix 2 for newrole.
f98cfb5... trunk: version bump for newrole fixes.
08dccef... trunk: add /dev symlink relabel since its not short circuit
c0cf6e0... trunk: clean up nsswitch usage, from dan.
5f63dd1... trunk: fix xconsole rw interface.
74d920c... trunk: add setrlimit to debian cron.
09e2168... trunk: another round of nsswitch from dan.
dd9e1de... trunk: Improve several tunables descriptions from Dan Walsh
9f6e2db... trunk: add openoffice locations in gentoo.
02d968c... trunk: several fc updates from dan.
1abafe3... trunk: Patch for debian logrotate to handle syslogd-listfil
f7925f2... trunk: bump module versions for release.
766617f... trunk: update help texts.
cde477c... trunk: package versioning for release.
6a37eba... trunk: fix variable whitespacing in build.conf.
1a61ce0... trunk: fix .SECONDARY in modular makefile to work around a
f3da31d... trunk: Labeled networking peer object class updates.
7cbfeb9... trunk: uncomment set loginuid for functional login programs
9323a50... trunk: add run_init domtrans to chk passwd.
936f286... trunk: add mls constraints to dbus.
c8d4c38... trunk: fix missing lo netif alias for standard and mcs conf
d4623f3... trunk: add setfcap capabiltiy, from Serge Hallyn.
b23e1c1... trunk: simplify appconfig file installation.
13e4e6e... trunk: install securetty_types.
320ea98... trunk: add 3rd party corenet interfaces for (secmark) packe
ce8a529... trunk: 3 patches from dan.
12cf805... trunk: add basic ubuntu support
7a5e2d8... trunk: 12 patches from dan.
8b9ffed... trunk: add capability2 class, from Stephen Smalley.
f034333... trunk: labeled networking permission update from paul moore
6e7a1fc... trunk: fix userdom_role_change_template() xml.
4f01781... trunk: fix pppd admin interface.
037fc0f... trunk: label /proc/kallsyms with system_map_t.
f508567... trunk: 4 patches from dan.
ee6608b... trunk: 8 patches from dan.
51223bf... trunk: Cracklib update on Deban from Vaclav Ovsik.
45b56b0... trunk: Backup update on Debian from Vaclav Ovsik.
9fa023f... trunk: Pam and samba updates from Stefan Schulze Frielingha
90c3c56... trunk: fc fix and if addtion from Stefan Schulze Frielingha
834401f... trunk: dovecot fix from Stefan Schulze Frielinghaus.
d57a094... trunk: Exim updates on Debian from Devin Carrawy.
737fcf2... trunk: dontaudit init fds in loadkeys.
01e8ff4... trunk: rpc update from Vaclav Ovsik.
e065ac8... trunk: Apt updates for ptys and logs, from Martin Orr.
210607b... trunk: Definitions for open permisson on file and similar o
e276d50... trunk: Add iferror.m4 rather generate it out of the Makefil
47333d8... trunk: Revise upstart support in init module to use a tunab
91d6c92... trunk: a pair of tweaks from gentoo systems.
6e2123f... trunk: add wireshark.
2ed4f5a... trunk: small fixes for gentoo system.
9e8c3aa... trunk: add type transition to fix mysql socket creation.
9377a3e... trunk: fix winbind socket connection interface for default
e828954... trunk: 4 patches from dan.
2c12b47... trunk: add core xselinux support.
0a14f3a... trunk: bump module version numbers for release.
c565b44... trunk: release
8152a78... trunk: 7 patches from dan.
75da4b8... trunk: Patch to fix leaky interface/template call depth cal
c07f9cc... trunk: Add file for enabling policy capabilities.
2083db2... trunk: Cryptsetup runs shell scripts. Patch from Martin Or
f12302a... trunk: hal xml doc fix pointed out by Rob Myers.
7e11b74... trunk: make hald_log_t a log file.
a0647af... trunk: add missing mplayer_etc_t require in role template.
e9c6cda... trunk: Move user roles into individual modules.
a68c30f... trunk: add secadm and auditadm bits to appconfig files now
d923d54... trunk: X application data class from Eamon Walsh and Ted To
a42ce93... trunk: Patch to allow gpg agent --write-env-file option fro
8f3a0a9... trunk: a pile of misc fixes, mainly sync xml docs with inte
b34db7a... trunk: another pile of misc fixes.
4416c41... trunk: Module loading now requires setsched on kernel threa
8db5085... trunk: temp workaround for toolchain breakage.
e6fdb59... trunk: fix typo
7d8fbdc... trunk: fix bad cifs interface.
cbe82b1... trunk: start adding open perm to obvious places.
9968e25... trunk: remove unneeded dependency on generated_definitions.
ff79b83... trunk: add kismet from dan.
782c10e... trunk: add kerneloops from dan.
8926b25... trunk: tweak kerneloops.
0ecd829... trunk: add additional portage log locations.
308baad... trunk: Patch for labeled networking controls in 2.6.25 from
b4921b5... trunk: fs update from dan.
d87efee... trunk: fixes for gentoo targeted systems.
147af4d... trunk: misc fixes.
cdbd09f... trunk: add prelude from dan.
4b28c2e... trunk: misc gentoo fc fixes.
ef55a11... trunk: Patch for X.org dbus support from Martin Orr.
67b6207... trunk: trivial kernel patch from dan.
e8cb08a... trunk: add sepostgresql policy from kaigai kohei.
8e7d43c... trunk: additional patch from kaigai to fix up some type tra
fe5618e... trunk: add /usr/lib32 symlink labeling for debian.
eb42163... trunk: add qemu and virt from dan.
131634a... trunk: podsleuth and hal updates from dan.
c54eb87... trunk: two small updates from dan.
a713ad8... trunk: pull in most of dans vmware patch.
b1a9036... trunk: add missing requires.
7f4005e... trunk: fix up stored procedure naming patch from kaigai.
8c6292b... trunk: Patch to handle postfix data_directory from Vaclav O
c5cfd2d... trunk: Add unused interface/template parameter metadata in
f7eaeeb... trunk: more xml doc fixes.
5fe7de9... trunk: apache script connections to postgres, from kaigai.
e311e23... trunk: Fix httpd_enable_homedirs to actually provide the ac
6aa9918... trunk: drop workaround rules.
cfcf500... trunk: bump versions for release.
e64c38c... trunk: VERSION and Changelog update for release.
4459a7c... trunk: update init_telinit() for upstart's datagram socket
2b592aa... trunk: pam_mount fix for local login from Stefan Schulze Fr
0bfccda... trunk: massive whitespace cleanup from dominick grift.
6224fc1... trunk: 7 patches from Fedora policy, cherry picked by david
dc1920b... trunk: Database labeled networking update from KaiGai Kohei
556556c... trunk: 3 more cherry picked Fedora fixes from David Hrdeman
d13f876... trunk: another patch from the fedora policy, cherry picked
3338f23... trunk: Policy size optimization with a non-security file at
b81bfc2... trunk: Samba/winbind update from Mike Edenfield.
8a948ca... trunk: 11 more cherry picks from fedora policy, by david ha
7aabe35... trunk: missed fixes on previous commit.
e0ed765... trunk: 3 patches from the fedora policy, cherry picked by D
cc1eee1... trunk: add an empty m4 string so the index macro is not inv
9c4500b... trunk: Glibc 2.7 fix from Vaclav Ovsik.
9acf481... trunk: fix from fedora policy, cherry picked from David Har
6e32891... trunk: two small patches from dan.
3e59876... trunk: 6 patches from the fedora policy, cherry picked by d
770c015... trunk: 2 patches from dan.
b4f23e6... trunk: man page updates from dan.
93f445b... trunk: firstboot update from dan.
32f8ff3... trunk: add w3c from dan.
c11057f... trunk: fedora update cherry picked by david hardeman.
e4171e8... trunk: fix unconfined mail sending out by postfix and qmail
24af9b1... trunk: inetd update from dan.
9bcfb6d... trunk: hplip uses dbus.
6cc3f35... trunk: first part of init script labeling support.
e40fa63... trunk: Logrotate and Bind updates from Vaclav Ovsik.
a71e136... trunk: add cyphesis from dan.
96851b1... trunk: fix bad require.
cdac989... trunk: fail2ban update from dan.
6a824f6... trunk: update mls constraints for x_application_data.
5434181... trunk: fix fail2ban init script regex.
859135d... trunk: fix bad apcupsd interface name.
ae33863... trunk: networkmanager/ppp patch from dan.
52ceaaa... trunk: Debian update for NetworkManager/wpa_supplicant from
8786916... trunk: ntp and setrans update from dan.
bc85e82... trunk: promote networkmanager debian fc entries out of buil
36095d1... trunk: kudzu and mta patches from dan.
21ea2b1... trunk: firstboot update from dan.
a46b605... trunk: squid update from dan.
48f6456... trunk: rename labeled init scripts with initrc convention.
f5394cc... trunk: bind update from dan.
cfafe4a... trunk: logging update from dan.
64c5b99... trunk: add interface to transition to initrc_t on labeled i
c9824ec... trunk: remove incomplete sshd_extern.
fd49fef... trunk: last bit of wpa_supplicant update from martin orr.
658f4d3... trunk: rpcbind update from dan.
88c02e0... trunk: init script for setrans.
4a47550... trunk: remove stale pax class comments as that class was re
3daef69... trunk: cvs update from dan.
bf9f348... trunk: readahead fix from dan.
4bdf192... trunk: firstboot update from dan.
6d8af27... trunk: fix dupe fc.
73edbc9... trunk: add oident from dominick grift.
12c61f3... trunk: 7 patches from dan, 1 from eamon.
ed8ae5e... trunk: fix typo
e87221c... trunk: 21 patches from dan.
967fd1b... trunk: 8 patches from dan.
04d2861... trunk: missing bits from dan's previous round of patches.
06099da... trunk: 3 patches from dan.
aa7c463... trunk: a pile of misc fixes.
74993c4... trunk: 8 patches from dan.
5d4f4b5... trunk: bump version numbers for release.
40db860... trunk: version bits for the release.
b19f862... trunk: Remove enableaudit target from modular build as semo
aea3f28... trunk: Remove hierarchy from portage module as it is not a
0b36a21... trunk: Enable open permission checks policy capability.
88cf0a9... trunk: whitespace fix; collapse multiple blank lines into o
2a98379... trunk: additional whitespace fixes.
2cca6b7... trunk: remove redundant shared lib calls.
6e68e6b... trunk: Move shared library calls from individual modules to
82d2775... trunk: more open perm fixes.
932c353... trunk: additional open fixes.
296273a... trunk: merge UBAC.
0003940... trunk: add missing ubac module.
ba79698... trunk: tweaks from russell and martin orr.
657c226... trunk: 7 patches from dan.
6627570... trunk: fix monolithic building to correctly put USER lines
27337d8... trunk: patch from Mike Edenfield to add udevadm fc entry.
5843d06... trunk: 10 patches from dan.
99282e6... trunk: add omapi port for dhcpcd.
73c77e2... trunk: 2 fixes from martin orr.
23d5ab8... trunk: fix disable ubac condition for process perms.
7a4c282... trunk: fix logging admin interfaces.
7f49194... trunk: Xserver MLS fix from Eamon Walsh.
659c865... trunk 2 patches from dan.
01e9e7d... trunk: 4 patches from dan.
fcee22a... trunk: 5 patches from dan.
b3b607e... trunk: a fix on the previous commit.
b9e5238... trunk: add milter module from Paul Howarth.
b3eb124... trunk: Debian file context fix for xen from Russell Coker.
14c0edc... trunk: 2 patches from dan.
fb4826f... trunk: 3 patches from dan.
a057e04... trunk: fix missing xml parameter.
6073ea1... trunk: whitespace fix changing multiple spaces into tabs.
ff8f0a6... trunk: whitespace fixes in xml blocks.
f657cb1... trunk: fix role change constraint.
9ff89c4... trunk: 2 patches from dan.
3196971... trunk: Fix consistency of audioentropy and iscsi module nam
17ec8c1... trunk: bump module versions for release.
e66a0ca... trunk: check in version and changelog for release.
347a701... trunk: Add kernel_service access vectors, from Stephen Smal
59d5996... trunk: fix certwatch version number.
668b309... trunk: change network interface access from all to generic
c126214... trunk: Remove node definitions and change node usage to gen
f0435b1... trunk: add support for labeled booleans.
9e7a338... trunk: su fixes from clip.
64daa85... trunk: add sysadm_entry_spec_domtrans_to() interface from c
019dfaf... trunk: Add support for network interfaces with access contr
466e22a... trunk: Add db_procedure install permission from KaiGai Kohe
805f34e... trunk: btrfs from Paul Moore.
7722c29... trunk: Enable network_peer_controls policy capability from
c1e5011... trunk: add context contains to setrans.
f793142... trunk: 6 patches from dan.
f3fcadf... trunk: Patch for RadSec port from Glen Turner.
81fa19e... trunk: remove unused udev_runtime_t type.
156204a... trunk: Drop write permission from fs_read_rpc_sockets().
e1a70f1... trunk: add MLS constrains for ingress/egress permissions fr
c45fdad... trunk: filesystem patch from dan.
60c395b... trunk: man page fixes from dan.
b4ad699... trunk: add nlmsg_tty_audit permission.
be5aaeb... trunk: corecommands patch from dan.
7b76207... trunk: devices patch from dan.
2c664e7... trunk: storage patch from dan.
11c944f... trunk: fix typo in devices file contexts.
da04234... trunk: 5 patches from dan.
e21bd28... trunk: add mysql db lnk_file transition.
c90440a... trunk: 4 patches from dan.
79a5a80... trunk: 2 patches from dan.
d3cdc3d... trunk: add open perm to sock_file.
3c9b2e9... trunk: 6 patches from dan.
244b45d... trunk: 3 patches from dan.
8f800d4... trunk: 14 patches from dan.
42d567c... trunk: 6 patches from dan.
d6605bc... trunk: 3 patches from dan.
09125ae... trunk: module version bump for previous commit.
153fe24... trunk: 5 patches from dan.
a5ef553... trunk: 5 modules from dan.
0cf1d56... trunk: Milter state directory patch from Paul Howarth.
3392356... trunk: 5 patches from dan.
c0f5fa0... trunk: whitespace fixes.
da3ed06... trunk: lircd from miroslav grepl
350ed89... se-postgresql update from kaigai - rework: Add a comment of
a47eb52... trunk: whitespace fix for squid.fc.
80348b7... trunk: 4 patches from dan.
a01a4a7... trunk: OK, the attached patch adds the following types for
e0ea7b1... trunk: The attached patch fixes incorrect behavior in sepgs
996779d... trunk: The attached patch allows unprivileged clients to ex
22894e3... trunk: add libjackserver.so textrel fc.
63f0a71... trunk: 9 patches from dan.
e127fb6... trunk: missed UBAC change: update securetty_types for merge
cca4a21... trunk: add gpsd from miroslav grepl
16fd1fd... trunk: MLS constraints for the x_selection class, from Eamo
731008a... trunk: 2 patches from dan.
a65fd90... trunk: 6 patches from dan.
30425aa... trunk: 1 patch from dan.
4551555... trunk: 10 patches from dan.
95ea7d6... trunk: Add x_device permissions for XI2 functions, from Eam
df28a0c... trunk: Misc fixes for unix_update from Brandon Whalen.
c7dc1c7... trunk: Allow unix_update to change the security attributes
c9c0d84... trunk: Greylist milter from Paul Howarth.
26410dd... trunk: remove unnecessary semicolons after interface/templa
c017ee1... trunk: add sssd from dan.
c989807... trunk: nis patch from dan.
20272c2... trunk: 7 patches from dan.
3f67f72... trunk: whitespace fixes
267d9c6... trunk: varnishd from dan.
46e2fa6... trunk: prelude patch from dan.
50824a9... trunk: pads from dan.
45b975d... trunk: add missing varnish port.
bb88161... trunk: 3 patches from dan.
9ac9739... trunk: update policycaps comments for sock_file open perm.
84d88df... trunk: fix typo in guest role decl.
10b03f3... three debian patches from manoj
ce6fee6... 5 patches from dan
f2583aa... Remove duplicate distro_redhat context
7694abd... module version bump for f2583aa83b4f5c0081ac4caebffcc0a2940
b67201e... fix bad varnishd interface names
9e90ce3... add policykit from dan.
dc0ab0f... changelog for previous commit
edb7b90... add kismet and pulseaudio ports. fix sorting of ports.
adea587... 4 patches from dan.
af5374d... policykit.if whitespace fix
93d3008... dhcp patch from dan
8f17f7c... dnsmasq patch from dan.
4aa0752... kerberos patch from dan
7395f80... ppp patch from dan
9b1907b... add pulseaudio from dan.
5271dd3... module version bump for 9b1907b217cb4c4d508b5130fcb6267e381
e4f73af... gpg patch from dan
d882246... fix policykit interface
1847443... ricci patch from dan.
92f08c7... mailman patch from dan.
ad0aea5... clamav patch from dan.
b93a7da... bluetooth patch from dan.
13306f5... afs client patch from dan.
5bb5ec1... podsleuth patch from dan.
09516cb... remove read_default_t tunable
f4962ab... add cpufreqselector from dan
06625d3... mozilla patch from dan.
5be35f2... tmpreaper patch from dan.
e044388... dbus patch from dan
fe1205a... avahi patch from dan
9de7c17... hal patch from dan.
fa50187... kerneloops patch from dan
708a74a... oddjob patch from dan.
5f6c30f... wm policy from dan
ebf3ec9... snort patch from dan.
c7ae9ae... Merge branch 'master' of ssh://oss.tresys.com/home/git/refp
4083191... add missing userdom interfaces
83f0b50... readahead patch from dan.
41ea887... sudo patch from dan.
423a4a3... fix dbus type transition conflict.
9155002... vmware patch from dan.
4be3e11... pull in apache_admin() from fedora
8f3bddf... cups patch from dan.
3332229... automount patch from dan.
4e7c0a9... consolekit patch from dan.
677c4c2... add devicekit module from dan.
20c3cce... add fprintd module from dan.
363e8fb... pull in part of fedora mta changes
105e85a... /dev/fuse should be s0 not mls_high
0c89174... pull most of fedora changes to samba.
50458c8... pull most of fedora changes to rpc.
6a192f7... Update apt/aptitude policy to add support for lock/log file
b5aaa7b... clean up 6a192f70d42013fcbd4eefe1f35cab3de313cedb
2a4740c... whitespace fixes in apt.
3162277... alsa file location update for debian, from Manoj.
efa0acc... gentoo init script system sends audit messages.
cfdbf36... gentoo init script system uses tmpfs for state data
4c92f08... openrc unfortunately mounts a tmpfs at /lib/rc
78a9c28... add bin_t labeling for gentoo dhcpcd-run-hooks location
64c7061... changelog entry for the previous gentoo fixes
915dfa6... release 2.20090730
9c47227... fix ordering of interface calls in sudo.
2acba7b... fix ordering of interface calls in authlogin.
08638af... fix ordering of interface calls in clock.
79ca728... fix ordering of interface calls in fstools.
5b5300c... fix ordering of interface calls in getty.
14d2822... fix ordering of interface calls in hostname.
464ffa5... fix ordering of interface calls in init.
e6985f9... fix ordering of interface calls in iptables.
8cd1306... fix ordering of interface calls in locallogin.
568efbe... fix ordering of interface calls in lvm.
54327d4... fix ordering in modutils.
f0e959b... fix ordering in mount.
4b218bd... fix ordering in pcmcia.
48bf639... fix ordering in raid.
d69616c... fix ordering in sysnetwork.
9570b28... module version number bump for release 2.20090730 that was
e335910... Add missing compatibility aliases for xdm_xserver*_t types.
02e594d... Handle unix_chkpwd usage by useradd and groupadd; fixes tic
e51390d... fix refpolicy ticket #48.
90286f4... Fix infrastructure to expand macros in initrc_context when
0f5e26b... Add btrfs and ext4 to labeling targets.
97e4211... remove redundant xen_append_log() call in hostname.
2a77737... Add missing rules to make unconfined_cronjob_t a valid cron
4254cec... Add missing x_device rules for XI2 functions, from Eamon Wa
0bf2bc9... Fix Makefile info message for installing policy headers
b264824... Fix unconfined_r use of unconfined_java_t.
9099220... Debian policykit fixes from Martin Orr.
58cc990... Missing comma in policykit
755c52b... portage need capability sys_nice
0d700b0... Gentoo dbus in libexec
62c80e2... module version bumps and changelog update for the previous
0484277... reorganize dbus.fc.
6934745... split dev_manage_dri_dev() into a manage and a filetrans in
dbb7dd9... Merge branch 'master' of ssh://oss.tresys.com/home/git/refp
e27827b... split dev_create_cardmgr_dev() into a create and a filetran
fef5dcf... Remove excessive permissions in logging_send_syslog_msg().
93c49bd... deprecate userdom_xwindows_client_template
4279891... patch from Eamon Walsh to remove useage of deprecated xserv
333494f... refpol: Add the "tun_socket" object class flask definitions
9dc3cd1... refpol: Policy for the new TUN driver access controls
bd75703... reorganize tun patch changes.
0be901b... rename admin_tun_type to admindomain.
aaff2fc... module version number bump for tun patches
a9e9678... kismet patch from dan.
2a79deb... nscd cache location changed from /var/db/nscd to /var/cache
6774578... module version number bump for nscd patch.
da4332a... man page update from dan.
a3dd149... pulseaudio patch from dan.
aac56b1... add ptchown policy from dan.
aa83007... add hddtemp from dan.
b515ab0... mrtg patch from dan.
b2324fa... certwatch patch from dan.
1a79193... awstats patch from dan.
a4b6385... cdrecord patch from dan.
71965a1... add kdump from dan.
625be1b... add shorewall from dan.
93be4ba... Webalizer does not list inotify, this was caused by leaked
f2f296b... openvpn patch from dan: Openvpn connects to cache ports and
ca7fa52... gpg patch from dan.
72b834c... remove stale screen_dir_t references
6fdef06... screen patch from dan.
f613717... add an additional vmware host program.
634a13c... cpufreqselector patch from dan.
dbed953... add gitosis from miroslav grepl.
f67bc91... term_write_all_terms() patch from Stefan Schulze Frielingha
81bca10... nslcd policy from dan.
163ddfa... prelink patch from dan.
c61b350... cron patch from dan.
937b2c4... nscd patch from dan.
c1e5b19... readahead patch from dan.
6af53d0... rearrange readahead rules.
e3a90e3... add abrt from dan.
c141d83... add modemmanager from dan.
31f9c10... SELinux xscreensaver policy support
1d3b9e3... clean up xscreensaver.
ed70158... add rtkit from dan.
21b1d10... add gnomeclock from dan.
5a6b1fe... add dkim from stefan schulze frielinghaus.
4be8dd1... add seunshare from dan.
808341b... revise MCS constraints to use only MCS-specific attributes.
e4928c5... Add separate x_pointer and x_keyboard classes inheriting fr
7ca3f55... add open to search_dir_perms.
c596730... add changelog entry for e4928c5f7954ea062815c8a37c9d37e3e3f
5b6bd09... Fix a typo of SElinux to SELinux.
a92ee50... Implement screen-locking feature.
a1a45de... reorganize a92ee50
cee508b... Install the seusers file for monolithic policy.
b04669a... add tuned from miroslav grepl.
f267f85... X Object Manager policy revisions to xserver.te.
5242ecc... X Object Manager policy revisions to xserver.if.
b624268... X Object manager policy revisions to x_contexts.
5025a46... Drop the xserver_unprotected interface.
9448ca6... restore removed aliases.
0bca409... RESET tgtd daemon.
222d5b5... clean up 0bca409 and add changelog entry.
f272825... one further rearrangement of tgtd.
e877913... adding puppet configuration management system
e6d8fd1... additional cleanup for e877913.
ed3a1f5... bump module versions for release.
a404bc3... update VERSION and Changelog for release.
deb5272... Add module_request permission, from Dan Walsh.
53c73dc... Add storage patch, from Dan Walsh.
e276b8e... Add kernel patch from Dan Walsh
b51e8e0... Add devices patch from Dan Walsh.
d6c3ed8... Add terminal patch from Dan Walsh.
f4b9dc3... Filesystem patch from Dan Walsh.
290aa8a... Corecommands patch from Dan Walsh.
910b1d8... Files patch from Dan Walsh.
9dfdd48... Miscfiles patch from Dan Walsh.
bd34ef7... LVM patch from Dan Walsh.
0a119a0... Setrans patch from Dan Walsh.
0f982da... ISCSI patch from Dan Walsh.
dccbb80... Whitespace cleanup.
5ed0617... Application patch from Dan Walsh.
832c1be... IPSEC patch from Dan Walsh.
837163c... UDEV patch from Dan Walsh.
e21162e... Kdump reads the kernel core.
77c71b5... Fstools and Xen patches from Dan Walsh.
c8d563f... Permission set updates from Dan Walsh.
0cad9a7... RAID patch from Dan Walsh.
d913e79... Kismet and tzdata patches from Dan Walsh.
7491a9e... Iptables and modutils patches from Dan Walsh.
962d6fb... Calamaris patch from Dan Walsh.
36ded4b... GPG patch from Dan Walsh.
b77daab... Mozilla patch from Dan Walsh.
6394ea6... Podsleuth patch from Dan Walsh.
d7776f5... Screen patch from Dan Walsh.
46b0373... Seunshare patch from Dan Walsh.
e331a05... Merge branch 'master' into xselinux
7fc72a0... Changelog and version bump for X object manager changes.
3fe6f6a... Typo in policy/users
b84d6ec... smartmon patch from Dan Walsh.
41c139d... afs patch from Dan Walsh.
7e81399... apm patch from Dan Walsh.
32f27a7... asterisk patch from Dan Walsh.
5894c3e... Amavis patch from Dan Walsh.
a7d6068... Bitlbee patch from Dan Walsh.
bd21cb1... Certmaster patch from Dan Walsh.
ce8a71a... Fail2ban patch from Dan Walsh.
d7b98c8... GPM patch from Dan Walsh.
7d05af7... Irqbalance patch from Dan Walsh.
e1b8b54... Kerberos patch from Dan Walsh.
6aa333b... Kerneloops patch from Dan Walsh.
a322266... Memcached patch from Dan Walsh.
0000b79... Milter patch from Dan Walsh.
d3c612f... Modemmanager patch from Dan Walsh.
80f0587... Mysql patch from Dan Walsh.
2d59a82... Nslcd patch from Dan Walsh.
6df09cf... PCSCD patch from Dan Walsh.
1232a50... Prelude patch from Dan Walsh.
b36ae97... Privoxy patch from Dan Walsh.
733f494... Radvd patch from Dan Walsh.
ff785b9... Rpcbind patch from Dan Walsh.
b11dcd4... Tuned patch from Dan Walsh.
f37b7bd... gpsd patch from Dan Walsh.
82cdffc... ntp patch from Dan Walsh.
207c4d1... Snmp patch from Dan Walsh.
f3890b2... Sssd patch from Dan Walsh.
2650ca5... Tftp patch from Dan Walsh.
9c40673... MTA patch from Dan Walsh.
96831fe... Move rules from mta mailserver delivery from interface to .
c5155ac... Bluetooth patch from Dan Walsh.
192fb87... Clamav patch from Dan Walsh.
30958fb... Cyrus patch from Dan Walsh.
dcabb11... DCC patch from Dan Walsh.
14c7865... Ddclient patch from Dan Walsh.
4dd84bb... Dovecot patch from Dan Walsh.
84a45c9... Exim patch from Dan Walsh.
ef6ea56... Fetchmail patch from Dan Walsh.
00808a9... Fprintd patch from Dan Walsh.
c292cb9... Avahi patch from Dan Walsh.
d2acef7... Inetd patch from Dan Walsh.
07ba151... Courier patch from Dan Walsh.
8a8b24a... Lircd patch from Dan Walsh.
3624ef7... Mailman patch from Dan Walsh.
c155e04... Sendmail patch from Dan Walsh.
fee5bb7... Uucp patch from Dan Walsh.
cde1507... SSH patch from Dan Walsh.
82b5d29... PPP patch from Dan Walsh.
edc2f7d... Fix home_ssh_t usage.
22a2874... Add dbadm, from KaiGai Kohei.
4ebfec7... Add pyicqt from Stefan Schulze Frielinghaus.
e526fca... Add nut from Stefan Schulze Frielinghaus and Miroslav Grepl
2d74365... Userdomain patch from Stefan Schulze Frielinghaus.
1031ee6... Implement cobblerd policy.
7d2f967... Module version number bump for 1031ee6.
27eab81... Misc fixes for 1031ee6.
16412e2... Merge branch 'master' of git+ssh://cpebenito@oss.tresys.com
12dc618... Add changelog entry for 1031ee6.
aa9e3b4... Ktalk patch from Dan Walsh.
3079cbc... Virt/svirt patch from Dan Walsh.
21673b2... Hal patch from Dan Walsh.
ca5dc2f... Consoletype patch from Dan Walsh.
ed03a5b... Sudo patch from Dan Walsh.
c3c753f... Remove concept of user from terminal module interfaces deal
1322a1a... Remove redundant conditional user_ping terminal rules.
6246e7d... Non-drawing X client support for consolekit.
0ab2c1e... Clear xserver TODO.
3fb2b72... Ccs patch from Dan Walsh.
a513794... Chronyd from Miroslav Grepl.
6f30d7e... Pulseaudio patch from Dan Walsh.
c06a445... Xguest patch from Dan Walsh.
05bd2f9... Portage fixes for installing SELinux-aware programs.
15d80e3... Misc portage fixes.
aadcb96... Move netlink route sockets from nsswitch to DNS name resolv
679a63d... Mount usbfs fix from Gentoo.
72c8a37... Setfiles fix from Gentoo.
2c05132... Utmp fix from Gentoo.
d08a3df... Ssh key creation fix from Gentoo.
8b85019... Clean up leaked portage file descriptors.
2f84a77... Syslog fixes from Gentoo.
6a9da24... Useradd home dir creation fix from Gentoo.
4796d07... Wine patch from Dan Walsh.
29b580c... Add sectoolm by Miroslav Grepl.
72295e9... Qemu patch from Dan Walsh.
8a1c9c5... Rearrage qemu.if.
a777957... Rename qemu_unconfined_t to unconfined_qemu_t.
1e0f483... Mono patch from Dan Walsh.
4fd0889... Java patch from Dan Walsh.
6ae29c7... Vbetool patch from Dan Walsh.
fa03ecc... Shorewall patch from Dan Walsh.
1049180... Automount patch from Dan Walsh.
68cda59... Add MySQL Manager to MySQL policy module
1021460... Minor tweaks and module version bump for 68cda59.
6306637... mysqlmanagerd_var_run_t is not a domain type.
534e57b... Various afs fixes.
2040268... Module version bump for 534e57b.
cd17345... Various abrt fixes.
d124921... Module version bump for cd17345.
611bc93... Improve documentation on miscfiles_read_localization().
fca4a96... Improve documentation on files_read_etc_files().
6e48775... Improve documentation on logging_send_syslog_msg().
6dadd39... Rearrange files interfaces.
fd81345... Add additional documentation to files_type().
7a0c0b4... Improve documentation on kernel_read_system_state(), kernel
81a0fb4... Switch sysnet_use_portmap(), sysnet_use_ldap(), and sysnet_
d688717... Improve sysnet_read_config() documentation.
13f000d... Improve the documentation of: init_script_file() init_daemo
3a744d1... Improve documentation of corecmd_exec_bin() and corecmd_exe
45185c0... Improve the documentation of logging_log_file() and logging
14e543c... Improve the documentation of unconfined_domain().
42eb0f1... Improve the documentation of corenetwork interfaces corenet
5fb5bf2... Additional docs for logging_log_filetrans().
7cf2858... Improve the documentation of files interfaces: files_pid_fi
03dd57f... Fix auth_domtrans_chk_passwd to use read_file_perms to surp
42f1b11... Module version bump for 03dd57f.
12f73d8... Improve filesystem interfaces: fs_getattr_xattr_fs() fs_get
4e12649... Improve the documentation of devices interfaces: dev_node()
888d9e4... Improve the documentation of ubac_constrained().
88daf12... Improve the documentation of domain interfaces: domain_type
c46376e... Improve documentation for userdomain interfaces: userdom_us
4cb24ae... Fix userdom_write_user_tmp_sockets to use write_sock_file_p
0bbb165... Improve the documentation of nis_use_ypbind().
d24a7df... Improve the documentation of auth_use_nsswitch().
b58db31... Improve the documentation of application_domain().
bf530f5... Various permission set fixes.
a6bafb5... Module version bump for bf530f5.
4a4436a... Add examples to documentation of common corenetwork interfa
b675cec... Improve documentation of seutil_sigchld_newrole().
402bbb9... Improve documentation of udev_read_db().
88340b9... Various amavis fixes.
3b81489... Fixed typo in gen_require for amavis_initrc_domtrans (Appea
eda6417... Create apcupsd initrc domtrans. Call apcupsd initrc domtran
6eed0aa... Modified apcupsd_initrc_domtrans interface summary to match
d783374... Various arpwatch fixes.
6665c3c... Changed arpwatch_initrc_domtrans domain summary to match st
a739053... Changed amavis_initrc_domtrans domain summary to match styl
6a9ef9e... gen_require typo fix in dbadm.if from Dan Walsh
15ae77b... Domain transition for apmd to vbetool from Dan Walsh
9a1f0d2... Seems reasonable that exim may need to manage these files w
4d2680e... hotplug transition to brctl from Dan Walsh
4931c57... Add additional comments for e1e78df.
812f30a... Module version bump for a005018.
c4faa1d... Module version bump for 96b7e9f.
cb6385d... Module version bump for cf5e81d.
b7070a9... Module version bump for 52b215f.
ec0205f... Module version bump for e1e78df.
1112a5b... Module version bump for be47d75.
c9ab770... add write to manage_lnk_file_perms.
eeb7616... Corenetwork patch from Dan Walsh.
183f79e... Fix cobbler_admin interface to require cobblerd_initrc_exec
febc7fd... Storage patch from Dan Walsh.
0535173... Devices patch from Dan Walsh.
4b23c67... Corecommands patch from Dan Walsh.
9c709c4... Corenetwork patch from Dan Walsh.
09b92dc... Guest patch from Dan Walsh.
4af2b3f... Add back missing s0 on network_port().
cf3da95... Allow cdrecord_t to execute bin_t from Dan Walsh growisofs
3fcdc39... shorewall log file from Dan Walsh
42fa15b... Logwatch looks for content in homedirs, reads samba shares
e2e1b67... Minor style fixes.
5dac509... Module version bump for cf3da95.
b193389... Module version bump for 3fcdc39.
6f9c3c4... Module version bump for 42fa15b.
bd063de... Fix another corenetwork typo.
ddae1cc... Creates sock files in /tmp, reads network state. - From Dan
547d62e... Module version bump for ddae1cc.
d0a6df5... Miscfiles patch from Dan Walsh.
939eaf2... Fstools patch from Dan Walsh.
30496b1... Iscsi and tgtd patches from Dan Walsh.
2f0e3a4... Raid patch from Dan Walsh.
12a6a53... mysql policy from Dan Walsh
1d3d00b... Manage alsa writable config files interface from Dan Walsh
e172614... Whitespace cleanup on mysql.if.
9e506eb... Rearrange lines in alsa an mysql.
7af0e9b... Filesystem patch from Dan Walsh.
ce0570d... Module version bump for e172614.
37e2499... Module version bump for 1d3d00b.
3137148... Run interface for ptchown from Dan Walsh
257a278... Policy for smolt sendProfile client from Dan Walsh
74b51e6... Firstboot sends dbus messages from Dan Walsh
f7d413a... fail2ban_stream_connect and fail2ban_rw_stream_sockets from
1484157... mcelog policy from Dan Walsh
ba1c453... Module version bump for 3137148.
6bc64c4... Whitespace fixes for smoltclient.
580279d... Module version bump for 74b51e6.
bf140fc... Rearrange interfaces in fail2ban.
fce868d... Module version bump for f7d413a.
fad6e76... Whitespace fix for mcelog.
ae07c9e... Screen needs to setattr on user_ttydevice_t from Dan Walsh
591af7b... file context updates from Dan Walsh
d7ec247... File context update for certmaster from Dan Walsh
d12f18e... Change kernel_load_module to kernel_request_load_module fro
935151a... Change kernel_load_module to kernel_request_load_module for
1656bf7... Whitespace fixes in mailman.
ce693cb... Module version bump for ae07c9e.
9570fc1... Module version bump for 591af7b.
9a59893... Module version bump for d7ec247.
c6491af... Module version bump for d12f18e.
5911f3d... Module version bump for 935151a.
e8871c2... Add additional documentation to kernel_request_load_module(
414a570... fetchmail executes programs in bin (uname), from Dan Walsh
2a62db7... Module version bump for 414a570.
38fc1bd... Likewise policy.
827060c... Style fixes and module version bumps for 38fc1bd.
6a03548... amavis uses uptime which reads utmp, and reads certs - from
7b50b70... Module version bump for 6a03548.
1f6d975... Domain patch from Dan Walsh.
0417386... Kernel patch from Dan Walsh.
d13c675... Modutils patch from Dan Walsh.
90e65fe... Ipsec patch from Dan Walsh.
7a8807b... Logging patch from Dan Walsh.
a124c0a... Udev patch from Dan Walsh.
4fbcd77... Iptables patch from Dan Walsh.
153ed87... Authlogin patch from Dan Walsh.
ddd786e... Init patch from Dan Walsh.
1fa92b8... Sysnetwork patch from Dan Walsh.
b60df9f... Getty patch from Dan Walsh.
0d86ea1... Xen patch from Dan Walsh.
bc31d12... Libraries patch from Dan Walsh.
bed0a44... Zebra patch from Dan Walsh.
788ba75... Uucp patch from Dan Walsh.
47293bd... Tftp patch from Dan Walsh.
d3b5907... openvpn needs ipc_lock capability, connects to http ports,
9681df1... postgresql patch from Dan Walsh: "File context for /etc/sys
ac19f1a... rtkit patch from Dan Walsh: rtkit_daemon_system_domain inte
584dfac... icecast policy from Dan Walsh
340af11... Minor tweaks on icecast.
32103f2... Module version bump for d3b5907.
c7a4cf3... Module version bump for 9681df1.
e13a9ef... Module version bump for ac19f1a.
064d1b4... Rename rtkit_schedule() to rtkit_scheduled().
7630200... Virt patch from Dan Walsh.
461b53e... Tuned patch from Dan Walsh.
98ac3f5... Telnet patch from Dan Walsh.
08d7c73... Sysstat patch from Dan Walsh.
449d206... Snmp patch from Dan Walsh.
cf7eb08... Sasl patch from Dan Walsh.
75c8a69... gitosis read/manage lib interfaces from Dan Walsh
df29613... Module version bump for 75c8a69.
1d348bd... Afs needs sys_admin, sends signals, and resolves hostnames
6c40309... Module version bump for 1d348bd.
1b22152... Rdisc patch from Dan Walsh.
390b8a8... Radvd patch from Dan Walsh.
c37d843... bind patch from Dan Walsh some fixes in interfaces, added b
be83112... Minor bind XML tweaks.
7656af7... Module version bump for c37d843.
c586c1b... Give dcc setgid from Dan Walsh
dcbb332... chronyd patch from Dan Walsh
4c05dff... avahi patch from Dan Walsh
84ce9c3... Bluetooth patch (sys_admin and debugfs) from Dan Walsh
2b012ba... Prelude patch from Dan Walsh
d279dd6... ksmtuned policy from Dan Walsh
1868383... pulseaudio patch from Dan Walsh
f3c346c... Smokeping policy from Dan Walsh
ad0071b... Tweaks on pulseaudio 1868383, ksmtuned d279dd6, and smokepi
bf54d5b... Module version bumps for c586c1b, dcbb332, 4c05dff, 84ce9c3
6d4dbd2... Vhostmd from Dan Walsh.
ee2d2dd... Add usbmuxd from Dan Walsh.
2b93b88... Sssd patch from Dan Walsh.
25d81d2... Tor patch from Dan Walsh.
83caba3... First part of apache patch from Dan Walsh: file context cha
60def66... Second part of Apache patch from Dan Walsh.
170a46d... memcached patch from Dan Walsh
f8b3b7f... Nut policy from Dan Walsh
a49a82c... snort patch from Dan Walsh
b7d3db1... Tweak for 170a46d.
da0608b... Module version bump for 170a46d, f8b3b7f, and a49a82c.
20fa703... Whitespace fixes on Apache.
372acd0... Rpc patch from Dan Walsh.
38db49c... PPP patch from Dan Walsh.
b577852... Portreserve patch from Dan Walsh.
6d9925c... Fix requires for apache tmp interfaces.
91b12ad... Move kernel_request_load_module(gssd_t) to the proper place
e399e3a... Add devtmpfs labeling.
5d3214f... gpsd path from Dan Walsh
795b733... pcscd patch from Dan Walsh: manage pub files and fifo files
23ad802... Module version bump for 5d3214f and 795b733.
ec8d32c... [BUGFIX] lack of type transition on dbadm domain (Re: dbadm
85e71c8... Fix network_port() in corenetwork to correctly handle port
3829eec... Clean up output of generated corenetwork.te.
46e16a2... Use port range notation in corenetwork where it makes sense
01bfe1d... kerberos patch from Dan Walsh
d86d4f6... Move optional policy to correct location for style
9875971... Module version bump for 46e16a2.
4f7b413... Ntop policy from Dan Walsh
e6e2a76... Remove excess white space from ntop.te Move ntop ports decl
86ff008... Module version bump for 4f7b413.
33793ec... certmonger policy from Dan Walsh
0e5494a... Fix some whitespace and style issues.
da59404... Additional whitespace fixes in certmonger.
4b121a5... nis patch from Dan Walsh
f49fc19... Style changes
4687992... Additional whitespace fix in nis.
5c3274d... Module version bump for 4b121a5.
8c38fba... allow syslog-ng to setrlimit
78352db... Module version bump for 8c38fba.
194d61f... modutils patch for update-modules
4a8bd01... Module version bump and extra comments for 194d61f.
44b3808... Djbdns patch from Dan Walsh.
e07fbc0... Add DenyHosts from Dan Walsh.
05a2e3e... Lircd patch from Dan Walsh.
9b3e798... bootmisc init script, 2nd try
34838aa... Samba patch from Dan Walsh - signal interfaces - fusefs s
d7ebbd9... Module version bump for 34838aa.
a53c6c6... FTP patch from Dan Walsh.
45696ab... Add missing secmark rules in ntop, from Dominick Grift.
87a9469... Add networking rules for spamd to connect to mysql/postgres
3b72786... Add trusted object condition to unix socket connectto/sendt
857d37e... GPG patch from Dan Walsh.
61738f1... Devicekit patch from Dan Walsh.
98ac986... Dbus patch from Dan Walsh.
b0076a1... Arpwatch patch from Dan Walsh.
a3108c6... Consolekit patch from Dan Walsh.
03a6e03... Add kernel access to devtmpfs. Also add workround while de
d5932a6... Fix a typo in support/genhomedircon.
baea7b1... Networkmanager patch from Dan Walsh.
d8eb3c7... Dovecot patch from Dan Walsh.
4804cd4... Clamav patch from Dan Walsh.
fb3fc9e... Cyrus patch from Dan Walsh.
a2524cf... cobbler patch from Dan Walsh
aeb7a4e... Whitespace fixes on cobbler.
27afb97... Minor fixes on a2524cf. Module version bump.
1607040... RPM patch from Dan Walsh.
24e0b9b... Munin patch from Dan Walsh.
ada61e1... Asterisk patch from Dan Walsh.
bcc6e65... SETroubleshoot patch from Dan Walsh.
299db70... CVS patch from Dan Walsh.
84940a0... Java patch from Dan Walsh.
2e4e39d... Loadkeys patch from Dan Walsh.
b0c2cae... Hal patch from Dan Walsh.
e9e43f0... Plymouthd policy from Dan Walsh.
1b2f08e... Abrt patch from Dan Walsh.
d56b33a... Create new interface and type for managing /etc/udev/rules.
e2c9450... Remove excessive permission in udev_manage_rules_files() an
4e698b0... Cups patch from Dan Walsh.
088b65e... SSH patch from Dan Walsh.
e19b8d1... MTA patch from Dan Walsh.
b276e36... Procmail patch from Dan Walsh.
9ea85ea... Sendmail patch from Dan Walsh.
9fe1b54... Prelink patch from Dan Walsh.
d9e4cbd... Postfix patch from Dan Walsh.
316cdb1... nx patch from Dan Walsh
fb543d0... remove rules for nx_server_home_ssh_t since they are alread
d86c098... squid patch from Dan Walsh
599e8ff... Create type and allow squid to manage its own tmpfs files
99bbe34... Nagios patch from Dan Walsh
4ac0cd3... Remove nagios_rw_inherited_tmp_files interface
44dc1b9... netutils patch from Dan Walsh
7605d27... Remove call to nagios_rw_inherited_tmp_files
8daddcf... tmpreaper patch from Dan Walsh
2483d7a... Replace apache_delete_cache with apache_delete_cache_files
37194ac... dnsmasq patch from Dan Walsh - cron_manage_pid_files call r
fdc0d0f... vpn patch from Dan Walsh
b8c9879... logrotate patch from Dan Walsh
538cf9a... Redhat Cluster Suite Policy from Dan Walsh
21d23c8... Removed unnecessary comments Removed 'SELinux policy for' f
7a8e6a8... whitespace fixes for cluster suite patch
6055ab8... clogd policy from Dan Walsh
6430c79... whitespace fix for clogd
dcb7227... Module version bump for 51ad76f.
a107f87... Remove redundant optional and libs_* calls in clogd.
ff1cae1... Move line in logrotate; module version bump.
fe74f71... Fix deprecated interface usage that crept into lvm.if.
d8642ca... readahead patch from Dan Walsh
d53a972... Module version bump for cb1df6a.
c789f82... Module version bump for d5170e5.
63583f4... Module version bump for f61ef24.
213d35a... Module version bump for 9e28f74.
bdf5e19... Module version bump for 383bd32.
ca28376... Module version bump for 7942f7f.
7934ac1... Module version bump for 1184392 and more.
3d95ca2... Module version bump for 904f3d8.
91cbcc6... Fix deprecated interface usage in rhel4 block in su.if.
f9bdd1e... Add missing changelog entries.
29af4c1... Bump module versions for release.
03e653b... Changelog and version update for release.
2a29628... Fix duplicate lines in kudzu.
5c2b95e... Add missing cluster suite modules that were missing from th
8f0de5d... Storage patch from Dan Walsh.
46c0e57... Corecommands patch from Dan Walsh.
fb7cadd... Devices patch from Dan Walsh.
60f04fc... Kernel patch from Dan Walsh.
c0c635b... cgroup in filesystem.
ddf8213... add libcg policy.
73f0985... How libgroup init scripts interact with libcgroup.
e2b9add... How users interact with cgroup.
04dcd73... Whitespace fixes in cgroup and init.
860c05d... Rearrange cgroup interfaces in filesystem.
0041a78... Remove cgroup_t usage in cgroup_admin() since it is not own
53f9abb... Clean up cgroup. Rename cgconfigparser to cgconfig.
c54e7d6... Module version bump for cgroup patchset.
98652c6... Add missing changelog entry for cgroup.
135b1b4... Terminal patch from Dan Walsh.
48e0aa8... Files patch from Dan Walsh.
b521229... Abrt patch from Dan Walsh.
5c942ce... AFS patch from Dan Walsh.
48f99a8... Whitespace change: drop unnecessary blank line at the start
4db7790... Acct patch from Dan Walsh.
88a574d... Alsa patch from Dan Walsh
0e30bca... Consoletype patch from Dan Walsh.
e89f04f... Mcelog patch from Dan Walsh.
10c0104... Kismet patch from Dan Walsh.
9a4d292... Netutils patch from Dan Walsh.
a9ef84b... Prelink patch from Dan Walsh.
5116faa... Quota patch from Dan Walsh.
b9be5cc... Shorewall patch from Dan Walsh.
f7e3410... Su patch from Dan Walsh.
3835c39... Sudo patch from Dan Walsh.
e08ac5a... Vbetool patch from Dan Walsh.
a99f69f... Loadkeys patch from Dan Walsh.
ae1b7de... Cpufreqselector patch from Dan Walsh.
3c1e8ff... Mozilla patch from Dan Walsh.
8a24097... Mplayer patch from Dominick Grift through Dan Walsh.
1ff703f... Podsleuth patch from Dan Walsh.
1fd3a80... Pulseaudio patch from Dan Walsh.
2c207df... Qemu patch from Dan Walsh.
eab2cc8... Slocate patch from Dan Walsh.
3c79f95... Rearrage interfaces in filesystem.
0cec649... WM patch from Dan Walsh.
a00fc1c... hddtemp fixes.
113d2e0... Minor tweaks and module version bump for a00fc1c.
0001e26... Increased default number of categories to 1024, from Russel
155635e... Create_lnk_perms fix from Russell Coker.
b5d89d0... vpn patch from Dan Walsh
ab4f820... Module version bump for b5d89d0.
5f04c91... gitosis patch from Dan Walsh
caf1666... Module version bump for 5f04c91.
7e5463b... fix cgroup_admin
a7521af... firstboot patch from Dan Walsh
ab62f3f... Module version bump for a7521af.
cad4224... Guest patch from Dan Walsh.
3bcfe5b... Usermanage patch from Dan Walsh.
a3b0dc5... GPG patch from Dan Walsh.
1db1836... Remove improper usage of userdom_manage_home_role(), userdo
bca0cdb... Remove duplicate/redundant rules, from Russell Coker.
3c4e9fc... Make spamassassin optional for milter, from Russell Coker.
08690c8... Remove ethereal module since the application was renamed to
b841dff... Add livecd from Dan Walsh.
7e265a8... Add shutdown from Dan Walsh.
2d839c6... Whitespace fixes in RPM.
b70dfcd... RPM patch from Dan Walsh.
f1618ff... Whitespace fix in userhelper.
072857c... VMWare patch from Dan Walsh.
c14aebd... Remove old rbacsep role statements.
f7ffe6c... Add missing ubac constraints on pulseaudio.
fa1847f... Add files_poly_member() to userdom_user_home_content() Remo
4b76ea5... Module version bump for fa1847f.
48c3c37... Remove some redundant attributes from user_home_t.
29f3bfa... Fix JIT usage for freshclam.
21fdee9... Increase bindreservport range to 512-1024 in corenetwork, f
b0a6f1b... anaconda patch from Dan Walsh
5563d4c... Removing seutil_domtrans_setsebool from anaconda patch - it
64ef2df... Module version bump for 5563d4c.
b3f7203... Take virtio disks into account.
27eeb64... Virtio disk file context update from Mika Pfluger.
a72e42f... Interface documentation standardization patch from Dan Wals
9d4395a... MojoMojo from Lain Arnell.
a7ee7f8... Docs standardizing on the role portion of run interfaces.
c4834a0... accountsd policy from Dan Walsh
d0eebed... Move accountsd to services.
8da8897... Accountsd cleanup.
12ab395... Changelog entry for accountsd.
03b8666... apps: domain { allowed to transition, allowed access, to no
77e4b55... Admin layer xml fixes.
19ff039... Fix usermanage_kill_passwd() parameter doc.
705f70f... Kernel layer xml fixes.
97b990f... Fix corecmd_dontaudit_exec_all_executables doc.
288845a... Services layer xml files.
a0546c9... System layer xml fixes.
61d7ee5... Confine /sbin/cgclear.
d687db9... Whitespace fixes on cgroup.
00ca404... Remove unnecessary require on cgroup_admin().
c87e150... roles patch from Dan Walsh to move unwanted interface calls
68e615e... system-config-samba dbus service policy from Dan Walsh
5d6bf45... Changelog entry for sambagui.
46fc0d3... Policy for system-config-kdump gui from Dan Walsh
a9539a0... Additional kdumpgui cleanup.
ab8f919... Part of gnome patch from Dan Walsh.
c62f1be... Dbadm updates from KaiGai Kohei.
d6e1ef2... Move devtmpfs to devices from filesystem
2fc79f1... Early devtmpfs access
0d24805... Trivial tweaks to devtmpfs patches.
76a9fe9... Module version bumps and changelog for devtmpfs patchset.
3eaa993... UPdate for f14 policy
83eff06... Latest f14
a947daf... Update f14
9afb2b1... Go with upstream
a61cba6... Rebase constraints
e5e9b7b... F14
f9c5576... F14
0aa4ecc... F14
e15d0e7... Modify amanda
09154bd... Reset base
8f4ec14... Modified amanda
507000a... reset
18549c2... Fix policy
2968e06... Update f14
aae38f0... whoya
46c24a3... ditto
4765a59... Fixes for f14
9561b0a... Update f14
08e567d... Latest fixes
ac498fa... More fixes
2d4a79a... Policy fixes
c71f02c... More fixes
73f7d4f... Fix spelling mistake
8c8a10f... Dontaudit socket leaks when running semanage code
ddcd5d6... Dontaudit signals from sandbox domains to domains that tran
898c0de... merge latest upstream
079779a... Allow hald to transition to netutils Block signal via mcs s
5537e55... Apply Dominick Grift typo fixes
3fdb12d... Allow prelink to read dbus config/Broken nsplugin_config wa
5fb4db5... Add Miroslav Grepl patch for jabberd, adding new type for j
4fccad9... Allow qmail to use uucpd Fixes found by Tom London for devi
c6fa935... Fix sandbox tcp_socket calls to create_stream_socket_perms
623e4f0... 1/1] Make the ability to mmap zero conditional where this i
0352752... firstboot is leaking a netlink_route socket into iptables.
09686dc... Allow all X apps to use direct dri if user_direct_dri boole
a1b4205... Fix mmap_zero assertion violation in xserver.
785ee79... Module version bump and changelog entry for conditional mma
02fb4a0... define /sys/fs/cgroup as a <<none>> file system
cbadf72... Merge branch 'master' of http://oss.tresys.com/git/refpolic
3a2e888... cleanup mmap_low merge with upstream
a668127... Allow certmaster to read usr_t files. All python apps are
b631f26... Fix mmap_zero patch
b7ceb34... Do not try to relabel the contents of the /dev/shm director
5675107... Libcgroup moved the cgroup directory to /sys/fs/cgroup.
e411968... Implement alsa_home_t for asoundrc. Clean up Alsa module.
eca7eb3... Rearrange alsa interfaces.
28d96f0... Module version bumps for b7ceb34 5675107 e411968 eca7eb3.
ef98a37... Allow gpg_pinentry_t to use fifo files of apps that transit
cdda8fe... Merge branches 'master', 'master' and 'master' of http://os
f00ba23... Merge with upsteam
f5b49a5... Allow iptables to read shorewall tmp files Change chfn and
db87998... Fix pootle
c16ffd1... Allow apps that use pam to connect to init_t
8187343... Any app that executes service command will not do a getattr
4192c80... Eliminate extras alsa_read_home interface
36d83cb... cleanup alsa patch to match upstream
0745e42... fix typo in xserver_stream_connect
e51122d... add sametime port definition
aa760a2... Fix gnome interface definitions
f79af26... fix bad patch in xserver
689bfef... Fix apache interface
4432db4... add sametime port definition
5dd0c28... Cleanup warnings
dfe675b... Mozilla_plugin needs to getattr on tmpfs and no longer need
a75a591... Allow virt_domains to exec qumu_exec_t, add boolean to allo
b36c20b... Allow sudo domains to manage /var/db/sudo Allow init_t and
ee4b1e0... Allow crond to manage user_spool_cron_t link files Allow in
d46a2b0... allow sudo to create sudo_db_t dirs
4c38170... add policy for ajaxterm
5f5963b... add policy for ajaxterm
8296eb2... Clean up Amanda module.
e021463... Clean up Amtu module.
36c6e47... Clean up Anaconda policy.
9c2c774... Remove unallocated tty access in amanda since it was origin
da07333... Allow mozilla_plugin to create nsplugin_home_t directories
8e47c02... fixes for openvpn suggested by dgrift
e81afdf... raid tools now store pid file and sock_file in /dev/md for
8fbea56... Module version bump for 8296eb2.
1a82786... Allow hugetlbfs_t to be on device_t file system Allow sudo
8340621... Implement miscfiles_cert_type().
e9d6dfb... Fix missed deprecated interface usage from the cert patch.
da12b54... Module version bumps for cert patch.
0b8f4cf... More fixes for mozilla_plugin_t Allow telepathy domains to
d7544f0... rename mdadm_map_t to mdadm_var_run_t
cab9bc9... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
366396d... Fix cert calls in telepath, boinc, kerberos Add sys_admin t
d7de04f... - Add passenger policy
3a32126... Allow dovecot-deliver to create tmp files Allow tor to send
1a40cbf... Fix boolean descriptions
536f28a... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
94820e4... Move passenger policy to services
3034a8d... Fix some names in passenger policy
5ef740e... Fix gnome_setattr_config_home Allow exec of sandbox_file_ty
4251ae1... Add labels for /lib/readahead. Add back gnome_setattr inter
c2dae98... Allow a couple of sandbox issues. Remove postgresl managing
323c9f1... Fixes for vmware-host policy
d7f2020... - Allow all domains that can use cgroups to search tmpfs_t
43a0339... add labeling for /root/.debug
6dfe56b... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
941e3db... Access for confined users to oidentd user home content is u
25d796e... Unconditional staff and user oidentd home config access fro
c17ad38... openct patch from Dan Walsh
5271920... nut patch from Dan Walsh
2a2b6a7... nslcd patch from Dan Walsh
01c4413... icecast patch from Dan Walsh
c4fbfae... fetchmail patch from Dan Walsh
a831710... style change to djbdns.te
67effb0... dcc patch from Dan Walsh
483be01... courier patch from Dan Walsh
c6c63f6... certmonger patch from Dan Walsh
b0d8d59... canna patch from Dan Walsh
5b082e4... arpwatch patch from Dan Walsh
b8097d6... amavis patch from Dan Walsh
689d954... smoltclient patch from Dan Walsh
5afc3d3... firstboot patch from Dan Walsh
f3c5e77... certwatch patch from Dan Walsh
a59e50c... prelude patch from Dan Walsh
cf87233... postgrey patch from Dan Walsh
17759c7... postgresql patch from Dan Walsh
dc1db54... pcscd patch from Dan Walsh
e9bf16d... certmaster patch from Dan Walsh
4f95198... awstats patch from Dan Walsh
bf40792... zebra patch from Dan Walsh
622c63b... zabbix patch from Dan Walsh
c20842c... stunnel patch from Dan Walsh
dc7cc4d... snort patch from Dan Walsh
792d448... radvd patch from Dan Walsh
fee4864... Module version bump for c17ad38 5271920 2a2b6a7 01c4413 c4f
3b0a9c7... Allow iscsid to manage tgtd semaphores
9461b60... Add the ability to send audit messages to confined admin po
8c0a06a... Type print_spool_t is not required here.
cb76ff4... Type xenstored_var_run_t is required here.
0540e22... Use ps_process_pattern to read state. Permission to seach p
d8d33a1... Permission to search generic pid directories is included wi
beb9c35... Types crontab_exec_t, cron_spool_t and user_cron_spool_t ar
5ecaaca... Type system_cronjob_var_run_t is not required here.
47cf98d... Permission to get attributes of target devicekit_t, devicek
cf152b4... Replace some type statements by comma delimiters.
b36824e... Permit fetchmail_admin to ptrace and signal the fetchmail_t
7d36c9f... Permission to search proc_t directories is required to be a
4b81a55... This is redundant since base user can search generic proc d
aa5baa9... Allow icecast_admin to ptrace and signal the icecast_t doma
7d34935... Memcached_admin is required to search generic pid directori
0ab4152... Redundant: mpd_search_lib already includes files_search_var
0ba923e... Source is required to search generic tmpfs directories to b
c5e7db7... Allow mpd_admin to manage mpd tmpfs content.
f386b90... Use the stream_connect_pattern.
eb12bc3... Source is required to search generic pid directories to be
b6d0a79... Use admin_pattern. Allow nslcd_admin to search parent direc
dcbbeea... Access to get attributes of target accountsd_t domain is in
d183137... XML summary fix.
1215dfb... Allow pads_admin to search parent directories to be able to
39e118b... Use ps_process_pattern to read state. Access to get attribu
4eaffd2... Access to get attributes of target pppd_t domain is include
87cd6ee... Reduntant: Is already included with userdom_search_user_hom
ad42454... Use ps_process_pattern to read state.
ac13ad9... Use stream connect pattern.
4ec4a49... Add missing admin_patterns to rpcbind_admin.
83029ff... Use relabel permission sets where possible.
4d71bc3... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
2e2a24e... Use stream_connect_pattern.
60d27bf... Tunable, optional, if(n)def block go below.
2d102f8... Whitespace, newline and tab fixes.
5ebd1a5... Use domtrans_pattern because it include permission the sigc
d0b7562... Do not audit interface should not provide permission to rea
a87e8f7... Redundant: domtrans_pattern includes these.
f416df7... Redundant: This is included with userdom_search_user_home_c
50e8575... Allow users to ptrace and send any kind of signal to their
9a2fd7d... Redundant: This is included with userdom_read_user_home_con
a3d20a3... Use relabel permission sets where possible.
b0e9aaa... This is not a role capability.
c5caddd... This type is not required here.
4ff4ddf... Allow users to ptrace and send any kind of signal to spamas
f926621... Search parent directory to be able to interact with target
b35d259... XML summary ffixes.
ba6db03... Redundant: mta_sendmail_domtrans calls domtrans_pattern whi
59c0340... Use permission sets where possible.
dcf8746... Whitespace, newline and tab fixes.
819518c... The ps_process_pattern includes permission to get attribute
2de2341... Use ps_process_pattern to read state.
2f94f46... Replace type and attributes statements by comma delimiters
23ac318... Requires system_r role.
0dacd04... Whitespace, newline and tab fixes.
9c9e4c8... This is a role capability.
a55bb56... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
14ffaf8... Merge upstream
be5142f... Fixes for cluster policy
0a394bf... Add vnstat policy allow logrotate to mail syslog files Allo
8c47ad0... Remove accedentlay added ~ files
c53b75b... Change this functionality to our implementation of this fun
bbdbce3... No need for httpd_builtin_scripting to be set for httpd_t t
1b1f7d0... This is a leftover from refpolicy implementation of this fu
c5eae5f... Whitespace, newline and tab fixes.
7fa5a68... Boolean declarations go above.
9b26005... Clean up (network) connect DB.
0293695... Use stream connect pattern.
eb0e0bc... Use domtrans_pattern.
2d6615c... Class is supposed to be fifo_file according to summary.
dd0d453... Allow users to ptrace and send any signal to their bluetoot
89bb445... This is not a role capability.
1e92803... Search parent directory to be able to interact with targets
618ce85... Use can_exec.
b5d5518... Add file context specification for HOME_DIR/\.gitaliases. M
28fdb87... Move system type alias statements to system declarations.
b11ba46... Use entry_file as entry_point to domain transition.
f6bcb24... Tunable and optional policy goes below.
25e284d... This is a role capability.
6bb4d40... Replace type and attributes statements by comma delimiters
86f9f96... The ps_process_pattern includes permission to get attribute
3c484f5... XML summary fixes.
4b1644f... Whitespace, newline and tab fixes.
9fa4def... Use permission sets where possible.
ab33cc0... I made a mistake in 618ce85f8644651501724947b134855e9e827a7
bece7c4... Use stream connect pattern.
74d74b9... Reduntant: unused, use hal_read_state instead if possible.
1c45e20... Reduntant: stream_connect_pattern already permits this.
c0ad94b... Reduntant: getattr_sock_files_pattern already permit this.
e8ea772... Allow users to ptrace and send any signal to their lpd agen
1976ddd... Whitespace, newline and tab fixes.
d017064... Missing required type.
4e8c698... This type is not required here.
dc47bf2... Onlt distro redhat currently implements admin_home_t.
ce87242... Search parent directory to be able to interact with targets
db775a3... Redundant; unused interface plus ypbind_t is not a pid file
f66acfd... Use permission sets where possible.
f9c2fa5... Wrong type required.
c4786dd... Implement oident admin.
3cc747a... Allow piranha domains to create their pid directory with th
6c99405... This permission is included with mmap_file_perms.
23952de... Use ps_process_pattern to read state.
f6bed42... This is not a role capability.
8f0b746... Replace type and attributes statements by comma delimiters
624f2f4... Whitespace, newline and tab fixes.
8ab34f0... XML summary fixes.
55c2e0e... This is a role capability.
61f4064... Use list instead of search in admin interfaces.
8e3f53a... Whitespace, newline and tab fixes.
7a37620... These are duplicates and redundants.
cbd9541... Added for use in admin interfaces with admin_patterns for l
a053765... Redundant: This is already permitted by included manage_dir
6ec59cc... Redundant: This is already allowed by included admin_patter
d15b40a... Fixed badly chosen type of interface for some interfaces
30bbb6a... This is not a role capability.
b46b3ad... Tunable, optional and if(n)def blocks go below.
2528a2d... Replace type and attributes statements by comma delimiters
3507be9... Move this to were the other is and where it should be.
2a72457... Whitespace, newline and tab fixes.
6cd6ed3... Use ps_process_pattern to read state.
b85c14f... Allow users to ptrace and send any signal to their pyzor ag
d696185... Use stream connect pattern.
5a98a53... Missing required type.
ddbd71a... Search parent directory to be able to interact with targets
7bc4e83... Redundant: Included files_search_var_lib already permits ac
e130679... This is a role capability.
5ce19e3... Type zarafa_server_t is not a file type.
69d1431... Use permission sets where possible.
0eef2ca... Use brace extension where possible.
6123464... XML summary fixes.
f262674... Replace type and attributes statements by comma delimiters
fc0d3d5... Merge branch 'base'
b0a5fc3... Allow boinc projects to execute java
72ba80b... Use permission sets where possible.
9c7f2af... Redundant: Is already permitted by included rw_chr_file_per
9a0f799... Whitespace, newline and tab fixes.
1dfc76f... Use permission sets where possible.
edcc8aa... Redundant: Included init_daemon_domain already has this.
59c544a... Redundant: All deamons are already allowed this access by d
82c9715... Youre not allowed to directly use external types.
0bdd855... This is not required here.
68ac47d... Whitespace, newline and tab fixes.
ef521e9... Tunable, optional and if(n)def blocks go below.
b952f95... This is a duplicate declaration.
d542026... The capability IPC goes on top of the local policy.
02687a7... Move calls to external interfaces below policy that governs
38039ab... These interface calls are more suitable here. Also should r
08c4bb0... Search parent directory to be able to interact with targets
96d3c0d... Make git daemon executable file an application executable f
8bde5ef... Redundant brace nothing to expand here.
44f8aa1... Use stream connect pattern.
3a3e7db... Use filetrans_pattern.
148e08d... XML summary fixes.
6ed3f15... Allow domains with different mcs levels to send each other
5d82597... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
a8fbd94... Reduntant: Included init_daemon_domain already has this.
46d4106... Looks like /usr/bin/git-shell and /usr/libexec/git-core/git
6d18557... Location /usr/libsexec/sesh does not exist. sesh is in /usr
9bd8847... Redundant: All domains are allowed this access by default.
f6e8660... These are not declarations move them to local policy sectio
a7b40a9... Internal interaction goes before external interface calls.
11ad1da... Source is postdrop and not local. Moving to postdrop local
8725d63... This permission is already allowed by included mmap_file_pe
1b39dec... The process and capability IPC goes on top of local policy.
c2b2d22... Reduntant: Included init_daemon_domain already has this.
0f7c400... Use permission sets where possible.
18f2a72... Whitespace, newline and tab fixes.
cefe9f9... Replace type and attributes statements by comma delimiters
ac5201e... Use permission sets where possible.
f4dc198... Make hal a dbus_system_domain Allow dovecot to append all l
a5ea149... Merge branch 'base'
78ea2ab... Search parent directory to be able to interact with targets
730ec51... This is git system content.
7c94a3a... Allow consolehelper to read fonts and config files in user
55bffb7... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
fad6297... fix typo
e027e93... More typos
54590ac... Replace type and attributes statements by comma delimiters
86225e1... These interface calls are more suitable here. Might want to
1507cc2... Internal interaction goes before external interface calls.
09873e5... These were duplicate TE rules.
39178aa... This is no declaration. Moving to local policy.
1e2abee... Whitespace, newline and tab fixes.
3c4ffa3... Use domtrans_pattern where possible.
9444a13... Consistent ordering of declarations.
5492a18... There is already an optional policy block for daemontools.
fae9473... Support network connect mysql DB.
ce6df09... Redundant: Included inetd_service_domain has this.
8b858f2... Reduntant: Included init_daemon_domain already has this.
aaf8a67... Whitespace, newline and tab fixes.
6aa632a... Remove stray semi-colon.
daed45f... Redundant: Included userdom_user_home_content already has t
568349b... The process and capability IPC goes on top of local policy.
e2d9aa2... Source is x_domain and not xserver_t. Moving to x_domain lo
4781493... Tunable, optional and if(n)def blocks go below.
a25335e... Redundant brace nothing to expand here.
7832131... XML summary fixes.
7d1f564... Use permission sets where possible.
71f455a... miscfiles_manage_cert_files is deprecated: Use miscfiles_ma
ff9b16d... Merge branch 'base'
df488ed... Move c2s to run in jabber_router_t domain Other fixes for j
7cfb935... Allow rpc.quota to do quotamod Allow mozilla_plugin to exe
f7307c6... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
fb52482... Allow firewallgui to sys_rawio which seems to be required t
24ea653... Allow guest to run ps command on its processes by allowing
e66aa74... Allow haze to connect to yahoo chat and messenger port tcp:
5212892... Rearrange firewallgui policy to be more easily updated to u
fd595eb... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
4e6b3f6... Fixes to allow mozilla_plugin_t to create nsplugin_home_t d
79bff2b... Allow mozilla_plugin to manage all gnome config files Allow
f6e966f... Allow nsplugin to sendto itself dgrams Fix /root/.ssh label
20f707c... dontaudit attempts by xdm_t to write to bin_t for kdm
b45aaab... Allow sudo to send signals to any domains the user could ha
ddd1cca... Allow unconfined_t to transition to alsa_t to make sure lab
d1c6ba2... Start adding support for use_fusefs_home_dirs Add /var/lib/
0def274... Add policy for mediawiki
1369273... Alllow vpnc to be able to read /root/.cert
d4d13d2... Fix version of mediawiki policy
55e9f0e... Fix fusefs handling Do not allow sandbox to manage nsplugin
596d86a... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
039c65f... Fix mozilla_run_plugin interface
3235a8b... dontaudit sandbox sending signals to itself. This can happ
7ed755a... Put back transition change
b3e7610... Allow smbd_t sys_admin capability so samba can change quota
3853925... Remove duplicate filecontext for tcfmgr
d618232... Merge branch 'master' of ssh://git.fedorahosted.org/git/sel
6f93468... - Allow smbd to use sys_admin - Remove duplicate file conte
More information about the scm-commits
mailing list