From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 035611381F3 for ; Wed, 1 May 2013 18:23:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 72F8DE087A; Wed, 1 May 2013 18:23:23 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DB23BE087A for ; Wed, 1 May 2013 18:23:22 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BFD2033E032 for ; Wed, 1 May 2013 18:23:16 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 4BE70E472A for ; Wed, 1 May 2013 18:23:15 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1367432510.de0e1dda1d087b718bbd250ab46c24f0a04a713a.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/Changelog X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: de0e1dda1d087b718bbd250ab46c24f0a04a713a X-VCS-Branch: master Date: Wed, 1 May 2013 18:23:15 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 6f6b3829-7a1a-42fc-86ef-4a8927876605 X-Archives-Hash: 0b74ecffcd06e6267cb2a150e04c2713 commit: de0e1dda1d087b718bbd250ab46c24f0a04a713a Author: Chris PeBenito tresys com> AuthorDate: Wed Apr 24 20:14:52 2013 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Wed May 1 18:21:50 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=de0e1dda Update Changelog for release. --- policy/modules/contrib/Changelog | 1071 ++++++++++++++++++++++++++++++++++++++ 1 files changed, 1071 insertions(+), 0 deletions(-) diff --git a/policy/modules/contrib/Changelog b/policy/modules/contrib/Changelog new file mode 100644 index 0000000..8b9356a --- /dev/null +++ b/policy/modules/contrib/Changelog @@ -0,0 +1,1071 @@ +* Wed Apr 24 2013 Chris PeBenito - 2.20130424 +Chris PeBenito (18): + Rewrite of mcelog module from Guido Trentalancia + Remove unnecessary lines in mcelog.te. + Slight rearrangement in mcelog.te. + Module version bump for mcelog update from Guido Trentalancia. + Module version bump for ntp module fixes from Dominick Grift. + Module version bump for fc substitutions optimizations from Sven + Vermeulen. + Module version bump for postfix/mta misc fixes from Sven Vermeulen. + Module version bump for init_daemon_run_dirs usage from Sven Vermeulen. + Turn off all tunables by default, from Guido Trentalancia. + Module version bump for tunable default change. + Module version bump for saslauthd tcp mysql connections from Mika Flueger. + Move kernel request line in quota. + Module version bump for quota kernel module request from Mika Pflueger. + Module version bump for djbdns ports fixes from Russell Coker. + Remove stray + in keystone.te. + Whitespace fixes in cron.fc. + Module version bump for pulseaudio type_transition conflict fix from Sven + Vermeulen. + Bump module versions for release. + +Dominick Grift (889): + Initial BIRD Internet Routing Daemon policy + oident daemon fixes + Introduce ntp_conf_t + Allow ntp_admin() to manage ntp_drift_t content. + List etc_t directories + Use "Role allowed access." for consistency + Use permissions sets for compatibility. + Remove getattr permision from ntp_admin() + Initial Sensord policy module + Various block_suspend capability2 support from Fedora + Gitolite3 support from Fedora + /var/lib/sqlgrey is greylist milter data from Fedora + Terminal related fixes for plymouthd from Fedora Support block_suspend + capability2 for plymouth + Support minimal polkit in new location + Support ldap for user authentication from Fedora + Sanlock sends kill signals to non-root processes from Fedora Various + other capabilities for sanlock from Fedora + Initial support for sqlgrey from Fedora + Tor reads network sysctls from Fedora + GPG agent reads /dev/random from Fedora + Freshclam reads system and network state from Fedora + Execute wpa_cli in the NetworkManager_t domain for wicd from Fedora + lpstat.cups reads fips_enabled from Fedora + Initial system tap compile server policy module + Systemtap server admin manages stapserver_var_lib_t content + Telepathy Idle reads gschemas.compiled from Fedora + Initial slpd policy module + Initial lightsquid policy module + Initial wdmd policy module + Initial mailscanner policy module and some depencies. + Support slpd log rotation + Initial numad policy module + Open log files for append only + CGClear reads CGConfig files from Fedora Cosmetic changes to cgroup + policy module File contexts of cgroup app executables files in + /sbin also apply to /usr/sbin Make cgroup_admin() a bit more + compact + Initial svnserve policy module + Various small changes to ucspitcp + Initial fcoe policy module + Initial lldpad policy module + fcoemon sends to lldpad with a dgram socket + Initial quantum policy module + Initial dspam policy module + Module version bump for Telepathy file context spec fixes from Laurent + Bigonville. + Initial isns policy module + Various changes to tcs policy module + Initial ctdb policy module + Various changes to the sblim policy module and its dependencies + Initial polipo policy module + Module version bump for networkmanager fixes + Fixes to the polipo policy module + Module version bump for smartmon fixes from Laurent Bigonville. + Module version bump for accountsd file context spec fix from Laurent + Bigonville. + Various changes to the raid module + Module version bump for rtkit file context spec fix from Laurent + Bigonville + Initial couchdb policy module + Changes to the bind policy module + Initial dnssectrigger policy module + Initial man2html policy module + Initial openhpi policy module + Bind sends/receives http server instead of client packets conditionally + Two file context regular expression fixes by Eric Paris + Type mdadm_t is no longer a unconfined type + Initial pkcs policy module + Initial cfengine policy module + Initial keystone policy module + Initial l2tp policy module + Initial mongodb policy module + cfengine whitespace cleanup + Changes to the accountsservice policy module + Changes to the acct policy module + Changes to the ada policy module + changes to the afs policy module + Changes to the accountsservice policy module + Changes to the aiccu policy module + Changes to the aide policy module + Syntax error in afs_admin() + Changes to the aisexec policy module + Changes to the alsa policy module + Changes to the amanda policy module + Changes to the amavisd policy module and relevant dependencies + Changes to the amtu policy module + Changes to the anaconda policy module + Changes to the abrt policy module and relevant dependencies + numad sends/receives msgs from Fedora + Amtu executable file in installed in /usr/sbin in Fedora + The (usr/)? expression does not work consistently so better not use it + at all + Changes to the httpd policy module + Merge branch 'master' of + ssh://dgrift@oss.tresys.com/home/git/refpolicy-contrib + Fixes to the apache policy module and dependencies + Changes to the apcupsd policy module + Role attributes for lightsquid application domain + Changes to the mailscanner module + Changes to the svnserve policy module + Changes to the quantum policy module + Changes to the dspam module + Changes to the ctdb policy module + Changes to the couchdb policy module + Changes to the openhpid policy module + Changes to the keystone policy module + Changes to the l2tp policy module + Changes to the apm module and relevant dependencies + Changes to the arpwatch policy module + Changes to the apcupsd policy module + Changes to the abrt policy module + Changes to the apache policy module + Changes to the asterisk policy module and dependencies + Changes to the authbind policy module + Changes to the automount policy module + Change acpid lock file context spec + Changes to the avahi policy module and dependencies + Changes to the awstats policy module + Changes to the bacula policy module + Changes to the bcfg2 policy module + Changes to the apt policy module + Changes to the apache policy module + Changes to the backup module + Changes to the bind policy module + Bird module clean up + Fix arpwatch connected_stream_socket_perms + Changes to the bitlbee policy module + Changes to the blueman policy module + Changes to the bluetooth policy module + Changes to the brctl policy module + Changes to the apache policy module + Changes to the bugzilla policy module + Changes to the calamaris policy module + Implement lightsquid_admin() + Changes to the apache policy module and dependencies + Initial boinc policy module + Initial callweaver policy module + Changes to the canna policy module + Changes to the ccs policy module + Changes to the cdrecord policy module + Changes to the certmaster policy module and various role attribute fixes + cdrecord needs to read and write callers unix domain stream socket not + create it + Changes to the certmonger policy module and its dependencies + Initial cachefilesd policy module + Changes to the certwatch policy module + Changes to the chronyd policy module + Changes to the cipe policy module + Changes to the clamav policy module + Various network clean up + Add dev_rw_cachefiles() to cachefilesd policy module + Changes to the clockspeed policy module + Changes to the clogd policy module + Changes to the cmirrord policy module + Changes to the cobbler policy module + Changes to the colord policy module + Changes to the comsat policy module + Initial collectd policy module + Initial condor policy module and relevant dependencies + Changes to the consolekit policy module and relevant dependencies + Changes to the corosync policy module and relevant dependencies + Clean up couchdb network rules + Changes to the courier policy module + Changes to the cpucontrol policy module + Changes to the cpufreqselector policy module + Changes to the cron policy module and relevant dependencies + Changes to the cups policy module and relevant dependencies + Changes to the cvs policy module + Remove redundant connect avperms + Changes to the cyphesis policy module + Remove redundant rules from apache_admin() + Changes to the cyrus policy module + Changes to the daemontools policy module + Changes to the dante policy module + Modify dbadm boolean descriptions + Changes to the dbus policy module and its dependencies + Changes to the dcc policy module + Changes to the ddclient policy module + Changes to the ddcprobe policy module + Changes to the denyhosts policy module + Changes to the devicekit policy module and relevant dependencies + Changes to the dhcpd policy module + Changes tothe dictd policy module + Changes to the discc policy module + Changes to the djbdns policy module + Changes to the dkim policy module + Changes to the dmidecode policy module + Module bump for Laurent Bigonville trousers init script file context + specification fix + Module bump for Laurent Bigonville libvirt init script file context + specification fix + Changes to the dnsmasq policy module and relevant dependencies + Changes to the dovecot policy module + Changes to the dpkg policy module + Changes to the entropyd policy module + Changes to the evolution policy module + Changes to the exim policy module and relevant dependencies + Changes to the cron policy module + Changes to the fail2ban policy module + fcoemon XML clean up + Changes to the fetchmail policy module + Changes to the fingerd policy module + Initial firewalld policy module + Changes to the firstboot policy module + Changes to the fprint policy module and relevant dependencies + Changes to the ftp module + Changes to the games policy module + Clean up evolution and cdrecord XML + Changes to the gatekeeper policy module + Changes to the gift policy module + Changes to the git policy module + Changes to the gitosis policy module + Changes to the glance policy module + Initial glusterfs policy module + Add gatekeeper newline + Deprecate glusterd_admin() use glusterfs_admin() instead + Portage module version bump for autofs support by Matthew Thode and + clean up + cfengine: This location is now labeled with a cfengine private type + Changes to the slpd policy module + Changes to the gnomeclock policy module and relevant dependencies + Changes to the gpg policy module + Changes to the gpm policy module + Changes to the gpsd policy module and relevant dependencies + changes to the guest policy module + Changes to the gnomeclock policy module + Deprecate various DBUS interfaces and relevant dependencies + Changes to the cachefilesd policy module + Remove file context specification for kgpg which is a GUI frontend to + GPG. Domain transition to gpg_t will happen when kgpg runs gpg. + (rhbz#862229) + Initial mandb policy module + Changes to the hadoop policy module + Changes to the hald policy module + Changes to the hddtemp policy module + Changes to the howl policy module + changes to the mandb policy module + Changes to the dbus policy module + Changes to the rpm policy module + Changes to the i18n_input policy module + Changes to the icecast policy module + Changes to the ifplugd policy module + Changes to the imaze policy module + Changes to the inetd policy module and relevant dependencies + Changes to the innd policy module + Changes to the irc policy module + Changes to the ircd policy module + Changes to the irc policy module + Changes to the dbus policy module + Changes to the avahi policy module + Changes to the bluetooth policy module + Changes to the aiccu policy module + Changes to the bacula policy module + Changes to the boinc policy module + Changes to the bugzilla policy module + Changes to the ccs policy module + Changes to the clamav policy module + Changes to the cobbler policy module + Changes to the cyphesis policy module + Changes to the dante policy module + Changes to the dbskk policy module + Changes to the ddclient policy module + Changes to the denyhosts policy module + Changes to the dnssectrigger policy module + Changes to the dovecot policy module + Changes to the drbd policy module + Changes to the evolution policy module + Changes to the fail2ban policy module + Changes to the firewalld policy module + Changes to the firstboot policy module + Changes to the games policy module + Changes to the gift policy module + Changes to the glance policy module + Changes to the hald policy module + Changes to the dbus policy module + Changes to the git policy module + Changes to the polipo policy module + Changes to the firewalld policy module + Changes to the gpg policy module + Tab clean up in ircbalance file context file + Changes to the irqbalance policy module + Tab clean up in iscsi file context file + Changes to the iscsi policy module + Tab clean up in jabber file context file + Changes to the jabberd policy module + Changes to the pyicqt policy module + Tab clean up in java file context file + Changes to the java policy module + Changes to the dbus policy module + Changes to the gnome policy module + Changes to the apache policy module + Changes to the accountsd policy module + Changes to the alsa policy module + Changes to the evolution policy module + Changes to the bluetooth policy module + Changes to the games policy module + Changes to the gift policy module + Changes to the gpg policy module + Changes to the hadoop policy module + Tab clean up in kdump file context file + Changes to the kdump policy module + Changes to the gpg policy module + Changes to the dbus policy module + Changes to the evolution policy module + Changes to the gpm policy module + Version bump for evolution file context fixes by Laurent Bigonville + Version bump for nut file context fixes by Laurent Bigonville + Changes to the kdumpgui policy module + Tab clean up in kerberos file context file + Changes to the kerberos policy module and relevant dependencies + Changes to the kerneloops policy module + Tab clean up in kerberos file context file + Changes to the kismet policy module + Clean up amavis XML header + Initial keyboardd policy module + Tab clean up in ksmtuned file context file + Changes to the ksmtuned policy module + Tab clean up in ktalk file context file + Changes to the ktalk policy module + Changes to the kudzu policy module + Initial iodine policy module + Initial dirmngr policy module + Changes to the iodine policy module + Changes to the kerberos policy module + Changes to the kdumpgui policy module + Update deprecated interface calls ( gnome_read_config -> + gnome_read_generic_home_content ) + Changes to the mozilla policy module + Changes to the thunderbird policy module + Changes to the l2tp policy module + Tab clean up in ldap file context file + Changes to the ldap policy module + Tab clean up in likewise file context file + Changes to the likewise policy module + Tab clean up in lircd file context file + Changes to the lircd policy module + Changes to the livecd policy module + Tab clean up in loadkeys file context file + Changes to the loadkeys policy module and relevant dependencies + Tab clean up in lockdev file context file + Changes to the lockdev policy module + Tab clean up in logrotate file context file + Changes to the logrotate policy module and relevant dependencies + Tab clean up in logwatch file context file + Changes to the logrotate policy module + Changes to the logwatch policy module + Tab clean up in lpd file context file + Changes to the lpd policy module + Tab clean up in cron policy module + Changes to the lpd policy module + Changes to the consolekit policy module + Tab fix in cron policy module + Tab clean up in mailman file context file + Changes to the mailman policy module and relevant dependencies + Tab clean up in mcelog file context file + Changes to the mcelog policy module + Tab clean up in mediawiki file context file + Mediawiki XML clean up + Tab clean up in memcached file context file + Changes to the memcached policy module + Changes to the apache policy module + Tab clean up in milter file context file + Changes to the milter policy module and relevant dependencies + Changes to the modemmanager policy module + Tab clean up in mojomojo file context file + Changes to the mojomojo policy module and relevant dependencies + Changes to the gpg policy module + Changes to the mongodb policy module + Changes to the mono policy module + Changes to the monop policy module + Tab clean up in mozilla file context file + Changes to the mozilla policy module and relevant dependencies + Changes to the mozilla policy module + Changes to the apache policy module + Tab clean up in mpd file context file + Changes to the mpd policy module + Tab clean up in mplayer file context file + Changes to the evolution policy module + Changes to the mplayer policy module + Changes to the irc policy module + Tab clean up in mrtg file context file + Changes to the mrtg policy module + Tab clean up in mta file context file + Changes to the mta policy module and relevant dependencies + Changes to the mta policy module and relevant dependencies + Get rid of mozilla_conf_t as it is unused + Changes to the logrotate policy module + Changes to the logwatch policy module + Changes to the java policy module + Changes to the apache module and relevant dependencies + Tab clean up in munin file context file + Changes to the munin policy module and relevant dependencies + Tab clean up in mysql file context file + Changes to mysqld policy module + Changes to various policy modules + Changes to the munin policy module + Changes to the dovecot policy module + Changes to various policy modules + Changes to the mta policy module + Changes to the certmonger policy module and relavant dependencies + Tab clean up in nagios file context file + Changes to the nagios policy module and relevant dependencies + Changes to the modutils policy module + Tab cleanup in the nessus file context file + Changes to the nessus policy module + Tab clean up in the network manager file context file + Changes to the networkmanager policy module and relevant dependencies + Changes to the mozilla policy module + Changes to the cobbler policy module + Initial rngd policy module + Tab clean up in the nis file context file + Changes to the nis policy module + Tab clean up in the nscd file context file + Changes to the nscd policy module + Tab clean up in the nsd file context file + Changes to the nsd policy module + Tab clean up in the nslcd file context file + Changes to the nslcd policy module + Tab clean up in the ntop file context file + Changes to the ntop policy module + Tab clean up in the ntp file context file + Changes to the ntp policy module + Changes to the numad policy module + Tab clean up in the nut file context file + Changes to the nut policy module + Tab clean up in the nx file context file + Changes to the nx policy module + Changes to the oav policy module + Initial obex policy module + Tab clean up in the oddjob file context file + Tab clean up in gpg policy module + Changes to the oddjob policy module + Changes to the mozilla policy module + Initial pacemaker policy module + Tab clean up in the oidentd file context file + Changes to the oident policy module + Tab clean up in the openca file context file + Changes to the openca policy module + Tab clean up in the openct file context file + Changes to the openct policy module + Tab clean up in the openvpn file context file + Changes to the openvpn policy module + Tab clean up in the pads file context file + Changes to the pads policy module + Tab clean up in the passenger file context file + Changes to the passenger policy module and relevant dependencies + Tab clean up in the pcmcia file context file + Changes to the pcmcia policy module + Tab clean up in the pcscd file context file + Changes to the pcscd policy module and relevant dependencies + Tab clean up in the pegasus file context file + Changes to the pegasus policy module + Tab clean up in the perdition file context file + Changes to the perdition policy module + Tab clean up in the pingd file context file + Changes to the pingd policy module + Changes to the plymouthd policy module + Changes to the mozilla policy module + Changes to the plymouth policy module + Tab clean up in the podsleuth file context file + Changes to the podsleuth policy module + Tab clean up in the policykit file context file + Changes to the policykit policy module and relevant dependencies + Tab clean up in the portage file context file + Changes to the portage policy module + Tab clean up in the portmap file context file + Changes to the portmap policy module + Tab clean up in the portreserve file context file + Changes to the portreserve policy module + Tab clean up in the portslave file context file + Changes to the portslave policy module and relevant dependencies + Tab clean up in the postfix file context file + Changes to the postfix policy module and relevant dependencies + Fixes to various policy modules + Tab clean up in the postfixpolicyd file context file + Changes to the postfixpolicyd policy module + Tab clean up in the postgrey file context file + Changes to the postgrey policy module + Tab clean up in the ppp file context file + Changes to the ppp policy module and relevant dependencies + Tab clean up in the prelink file context file + Changes to the prelink policy module and relevant dependencies + Tab clean up in the prelude file context file + Changes to the prelude policy module + Tab clean up in the privoxy file context file + Changes to the privoxy policy module + Tab clean up in the procmail file context file + Changes to the procmail policy module + Tab clean up in the psad file context file + Changes to the psad policy module + Changes to the ptchown policy module + Tab clean up in the publicfile file context file + Changes to the publicfile policy module + Fix a fatal syntax error in mozilla_plugin_role() + Changes to the plymouth policy module + Changes to the policykit policy module + Module version bump for fixes in shorewall, fail2ban and portage policy + modules by Sven Vermeulen + Tab clean up in the puppet file context file + Changes to ther puppet policy module and relevant dependencies + Initial pwauth policy module + Tab clean up in the pxe file context file + Changes to the pxe policy module + Tab clean up in the pyzor file context file + Changes to the pyzor policy module + Tab clean up in the qemu file context file + Changes to the qemu policy module + Tab clean up in the virt file context file + Changes to the virt policy module and relevant depedencies + Changes to the virt policy module + Changes to the cron policy module + Changes to the qemu policy module + Changes to the virt policy module + Epylog wants sys_nice and setsched + Tab clean up in the qmail file context file + Changes to the qmail policy module + Tab clean up in the qpid file context file + Changes to the qpid policy module + Tab clean up in the quota file context file + Changes to the quota policy module and relevant dependencies + Initial rabbitmq policy module + Tab clean up in the radius file context file + Changes to the radius policy module + Tab clean up in the radvd file context file + Changes to the radvd policy module + Changes to the raid policy module + Tab clean up in the razor file context file + Changes to the razor policy module and relevant dependencies + Smokeping cgi needs to run ping with a domain transition Remove + redundant socket create already provided by + sysnet_dns_name_resolve() + Changes to the virt policy module + Changes to the apache policy module + Changes to the gnome policy module + Changes to the rdisc policy mpdule + Changes to the readahead policy module + Changes to the remotelogin policy module + Tab clean up in the resmgr file context file + Changes to the resmgr policy module + Tab clean up in the rgmanager file context file + Changes to the rgmanager policy module + Initial Realmd policy module and relevant dependencies + Fix resmgrd init script file context specification + Changes to the cups policy module + automount reads overcommit_memory + Changes to the networkmanager policy module + Freshclam manages amavis spool content + Changes to the tftp policy module + Changes to the cobbler policy module + Tab clean up in the rhcs file context file + Changes to the rhcs policy module and relevant dependencies + Tab clean up in the rhgb file context file + Changes to the rhgb policy module + Tab clean up in the rhsmcertd file context file + Changes to the rhsmcertd policy module + Tab clean up in the ricci file context file + Changes to the ricci policy module + Tab clean up in the rlogin file context file + Changes to the rlogin policy module + Tab clean up in the roundup file context file + Changes to the roundup policy module + Changes to the remotelogin policy module + Changes to the apache policy module + Changes to the awstats policy module + fix puppet_admin() need to require types that it uses + Replace wrong type in puppet_admin() + Fix a syntax error in ricci_domtrans() + Catch all rpcbind content in /var/run + Changes to the cups policy module + Tab clean up in the rpc file context file + Changes to the rpc policy module + Tab clean up in the rpcbind file context file + Changes to the rpcbind policy module + Tab clean up in the rpm file context file + Changes to the rpm policy module and depedencies + Changes to the rshd policy module + Changes to the virt policy module + Changes to the rssh policy module + Tab clean up in the rsync file context file + Fix a typo in apache XML + Changes to the rsync policy module + Changes to the rtkit policy module + Tab clean up in the rwho file context file + Changes to the rwho policy module + Reads /proc/sys/kernel/random/poolsize + Tab clean up in the samba file context file + Changes to the samba policy module and relevant dependencies + Tab clean up in the sambagui file context file + Changes to the sambagui policy module + Initial firewallgui policy module + Tab clean up in the samhain file context file + Changes to the samhain policy module + Tab clean up in the sanlock file context file + Changes to the sanlock policy module and relevant dependencies + Tab clean up in the sasl file context file + Changes to the sasl policy module + Chnages to the sblim policy module + Tab clean up in the screen file context file + Changes to the screen policy module + Tab clean up in the sectoolm file context file + Changes to firewallgui policy module + Changes to the sectoolm policy module + Tab clean up in the sendmail file context file + Changes to the sendmail policy module and relevant dependencies + Tab clean up in the setroubleshoot file context file + Changes to the setroubleshoot policy module + Tab clean up in the shorewall file context file + Changes to the shorewall policy module + Tab clean up in the shutdown file context file + Changes to the shutdown policy module and relevant dependencies + Tab clean up in the slocate file context file + Changes to the slocate policy module and relevant dependencies + These domains transition to shutdown domain now so they no longer need + direct access + Re-add missing network rule in screen policy module + fail2ban server sets scheduler + shutdown XML clean up + libvirtd sets kernel scheduler + mongod reads cpuinfo_max_freq + Changes to the slrnpull policy module + Tab clean up in the smartmon file context file + Changes to the smartmon policy module + Tab clean up in the smokeping file context file + Changes to the smokeping policy module + Tab clean up in the smoltclient file context file + Changes to the smoltclient policy module + Tab clean up in the snmp file context file + Changes to the snmp policy module + Tab clean up in the snort file context file + Changes to the snort policy module + Changes to the sosreport policy module and relevant dependencies + Tab clean up in the soundserver file context file + Changes to the soundserver policy module + Tab clean up in the spamassassin file context file + Changes to the spamassassin policy module and relevant dependendies + spamassassin_role callers create ~/.spamd with the spamd_home_t user + home type instead + Re-add sys_admin capability that was lost with porting from Fedora + Move mailscanner content to mailscanner module + Changes to the speedtouch policy module + Tab clean up in the squid file context file + Changes to the squid policy module + Changes to the sssd policy module + Tab clean up in the stunnel file context file + Changes to the stunnel policy module + Tab clean up in the sxid file context file + Changes to the sxid policy module + Tab clean up in the sysstat file context file + Changes to the sysstat policy module + Tab clean up in the tcpd file context file + Changes to the tcpd policy module + Changes to the tcsd policy module + Tab clean up in the telepathy file context file + Changes to the telepathy policy module + Tab clean up in the telnet file context file + Changes to the telnet policy module + Tab clean up in the tftp file context file + Changes to the tftp policy module + Tab clean up in the tgtd file context file + Changes to the tgtd policy module + Tab clean up in the thunderbird file context file + Changes to the thunderbird policy module + Catch /var/log/cron directory as well + Dovecot module version bump for fixes by Sven Vermeulen + Portage module version bump for fixes by Sven Vermeulen + Cron module version bump for fixes by Sven Vermeulen + Changes to the exim policy module + Entropyd reads /proc/meminfo + Blueman reads tmp_t directories + Do not audit attempts by cups config to read tmp_t directories + Do not audit attempts by fail2ban to read tmp_t directories + Do not audit attempts by firewalld to read tmp_t directories + Gnomeclock reads urandom and realtime clock + Kdumpctl needs sys_chroot capability + Various kdumpgui fixes from Fedora + Do not audit attempts by logwatch to read tmp_t directories + Catch all alias files + Refine aliases file transition with names + Realmd dbus chat policykit and networkmanager from Fedora + Do not audit attempts by tuned to read tmp_t directories + Changes to the timidity policy module + Tab clean up in the tmpreaper file context file + Changes to the tmpreaper policy module and relevant dependencies + Tab clean up in the tor file context file + Changes to the tor policy module + Changes to the transproxy policy module + Tab clean up in the tripwire file context file + Changes to the tripwire policy module + Tab clean up in the tuned file context file + Changes to the tuned policy module + Tab clean up in the tvtime file context file + Changes to the tvtime policy module + Changes to the tzdata policy module + Changes to the ucspitcp policy module + Tab clean up in the ulogd file context file + Changes to the ulogd policy module + Tab clean up in the uml file context file + Changes to the uml policy module + Make it so that irc clients can also get attributes of cifs, nfs, fuse + and other file systems + Changes to the updfstab policy module + Changes to the uptime policy module + Tab clean up in the usbmodules file context file + Changes to the usbmodule policy module + Changes to the usbmuxd policy module + Tab clean up in the userhelper file context file + Screen sends child terminated signals to all interactive fd domains + Changes to the userhelper policy module and relevant dependencies + Changes to the virt policy module + Module version bump for fail2ban changes by Sven Vermeulen + Changes to the rpm policy module + fix smartmon init script file context specification + Changes to the usernetctl policy module + Tab clean up in the uucp file context file + Changes to the uucp policy module + Changes to the virt policy module + Tab clean up in the uuid file context file + Changes to the uuidd policy module + Tab clean up in the uwimap file context file + Changes to the uwimap policy module + Tab clean up in the varnishd file context file + Changes to the varnishd policy module + Changes to the vbetool policy module + Tab clean up in the vdagent file context file + Changes to the vdagent policy module + Tab clean up in the vhostmd file context file + Changes to the vhostmd policy module + Changes to the vlock policy module + Tab clean up in the vmware file context file + Changes to the vmware policy module + Tab clean up in the vnstatd file context file + Changes to the vnstatd policy module + Tab clean up in the vpn file context file + Changes to the vpnc policy module + Tab clean up in the w3c file context file + Changes to the w3c policy module + Tab clean up in the watchdog file context file + Changes to the watchdog policy module + Changes to the wdmd policy module + Changes to the webadm policy modules + Changes to the webalizer policy module + White space fix in apache policy module + Changes to the wine policy module + Tab clean up in the wireshark file context file + Changes to the wireshark policy module + Tab clean up in the wm file context file + Changes to the wm policy module + Changes to the inn policy module + Move man cache file type to miscfiles + Changes to the inn policy module + More accurate dbadm boolean descriptions + mysql_admin() has access to ~/.my.cnf files + Tab clean up in the xen file context file + Changes to the xen policy module and relevant dependencies + Tab clean up in the xfs file context file + Changes to the xfs policy module + Changes to the xguest policy module and relevant dependencies + Changes to the xprint policy module + Changes to the xscreensaver policy module + Tab clean up in the yam file context file + Changes to the yam policy module + Tab clean up in the zabbix file context file + Changes to the zabbix policy module + Tab clean up in the zarafa file context file + Changes to the zarafa policy module + Tab clean up in the zebra file context file + Changes to the zebra policy module + Changes to the zosremote policy module + Changes to the mysql policy module + Tab clean up in the pulseaudio file context file + Changes to the pulseaudio policy module and relevant dependencies + Changes to the pulseaudio policy module + One chown too many + Changes to the mplayer policy module + The prelink cron script now runs in its own domain + Initial smstools policy module + Initial openvswitch policy module and relevant dependencies + Reads pcsd pid files + Reads random device + winbind manages smbd pid sock files from Fedora + Changes to the bind policy module + CG rules daemon reads all sysctls + Runs consoletype and searches nfs state data from Fedora + Support munin unbound plugin from Fedora + Zabbix sends signals from Fedora + Blueman sets scheduler and sends signals from Fedora + pcscd_read_pub_files is deprecated, use pcscd_read_pid_files instead + Module version bumps for fixes in portage and virt modules by Sven + Vermeulen + Policy module version bumps for various changes by Sven Vermeulen + Changes to the openvpn policy module + Module version bumps for various fixes by Sven Vermeulen + Changes to the mandb policy module + Changes to the tmpreaper policy module + Changes to the munin policy module + Changes to the rngd policy module + Changes to the awstats policy module and relevant dependencies + Changes to the apache policy module + Changes to various policy modules + Changes to the abrt policy module + Changes to the passenger policy module and relevant depedencies + Changes to the pegagus policy module + Changes to the mta policy module + Changes to the fetchmail policy module + Changes to the bitlbee policy module + Changes to the blueman policy module and relevant dependencies + Changes to the amavis policy module + Changes to the userhelper policy module + Changes to the blueman policy module + Changes to the squid policy module + Changes to the sblim policy module + Changes to the kdumpgui policy module + Changes to the mailman policy module + Changes to the realmd policy module + Changes to the raid policy module + Changes to the samba policy module + Changes to the various policy modules + Changes to the snmp policy module + Changes to the spamassassin policy module + Changes to the sssd policy module + Changes to the l2tpd policy module + Changes to the shorewall policy module + Changes to the xen policy module + Changes to the tftp policy modules + Changes to the accountsd policy module + Changes to the tgtd policy module + Changes to the corosync policy module + Changes to the kdump policy module + Changes to the openvswitch policy module + Changes to the mpd policy module + Changes to the mozilla policy module + Changes to the zarafa policy module + Changes to the boinc policy module + Changes to the setroubleshoot policy module + Changes to the dspam policy module + Changes to the rgrmanager policy module and relevant dependencies + Changes to the svnserve policy module + Changes to the virt policy module + Changes to the prelink policy module + Changes to the apache policy module + Changes to the gnomeclock policy module + Changes to various policy modules + Changes to the pegagus policy module + Changes to the shorewall policy module + Changes to the kerberos policy module + Changes to the rhcs policy module + Changes to the irc policy module + Changes to the clamav policy module + Changes to the mrtg policy module + Changes to the munin policy module + Changes to the amavis policy module + Changes to the ppp policy module + Initial jockey policy module + Module version bumps for "several named transition for directories + created in /var/run by initscripts" in various modules by Laurent + Bigonville + Module version bumps for fixes in various modules by Laurent Bigonville + Module version bump for changes to the consolekit policy module by + Laurent Bigonville + Changes to the stunnel policy module + Module version bumps for fixes in various modules by Sven Vermeulen + Changes to the virt policy module + Changes to the apache policy module + Changes to the wm policy module + Changes to the samba policy module + Changes to the certmonger policy module + Changes to the mozilla policy module + Changes to the corosync policy module + Changes to the pacemaker policy module + Changes to the tuned policy module + Changes to the cups module and relevant dependencies + Changes to the rhsmcertd policy module + Changes to the lpd policy module + Changes to the munin policy module + Changes to the ntp policy module + Changes to the tor policy module + Changes to the firewalld policy module + Changes to the dspam policy module + Changes to the setroubleshoot policy module + Changes to the condor policy module + Changes to the kerberos policy module + Changes to the passenger policy module + Changes to the ppp policy module + Changes to the the dkim policy module + Changes to the abrt policy module + Changes to the lircd policy module + Changes to the dkim policy module + Changes to the virt policy module + Changes to the munin policy module + Changes to the dovecot policy module + Changes to the cobbler policy module + Changes to the userhelper policy module + Changes to the logwatch policy module + Changes to the wdmd policy module and relevant dependencies + Changes to the nscd policy module and relevant dependencies + Changes to the dbus policy module + Module version bumps for fixes in various policy modules by Laurent + Bigonville + Changes to the cups policy module + Changes to the dbus policy module + Changes to the apcupsd policy module + Remove redundant net_bind_service capabilities in various modules + Changes to the virt policy module + Changes to the puppet policy module + Module version bumps for fixes in various policy module by Sven + Vermeulen + Module version bumps for file context fixes in various policy modules by + Laurent Bigonville + Make httpd_manage_all_user_content() do what it advertises + Add more networking rules to mplayer policy module for compatibility + Fix fcronsighup file context. Should be crontab_exec_t as per previous + spec + Module version bumps for changes in various modules by Sven Vermeulen + Move asterisk_exec() and modify XML header + Consolekit creates /var/run/console directories with a type transition + unconditionally + Module version bump in consolekit policy module for changes by Sven + Vermeulen + The imaplogin executable file should be courier_pop_exec_t according to + existing file context specification + Module version bump for changes to the fail2ban policy module by Sven + Vermeulen + Modules version bumps for changes in various policy modules by Sven + Vermeulen + +Laurent Bigonville (28): + Add Debian locations for Telepathy connection managers + Label telepathy-rakia as telepathy-sofiasip + Allow smartd daemon to write in /var/lib/smartmontools directory + Add Debian location for smartd daemon initscript + Add Debian location for accounts-daemon daemon + Add Debian location for rtkit-daemon daemon + Add Debian location for tcsd init script + Add Debian location for libvirtd init script + Add Debian location for evolution executables + Add Debian locationis for nut executables and configuration files + Add several named transition for directories created in /var/run by + initscripts + Run packagekit under apt_t context on Debian distribution + Add proper label for colord daemon in debian + Allow the system dbus to search cgroup directories + Allow virtd_t context to read sysctl_crypto_t + Allow colord_t context to read sysctl_crypto_t + Add proper label for gconfd-2 daemon in Debian + Ensure that consolekit can create /var/run/console directory on Debian + Properly label nm-dispatcher.action on Debian + policykit.fc: Properly label polkit-agent-helper-1 on Debian + cups.fc: Properly label cups-pk-helper-mechanism on Debian + Allow pcscd the fsetid capability + Allow networkmanager_t to read crypto_sysctl_t + Allow virsh_t context to read sysctl_crypto_t + Allow cupsd_t to read cupsd_log_t + gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian + ptchown.fc: Properly label pt_chown executable in Debian + Label /usr/bin/kvm as qemu_exec_t + +Matthew Thode (2): + added autofs support and nsswitch support + removing refrences to named_var_lib_t as it doesn't exist anymore for + bind.if + +Mika Pflüger (3): + Allow saslauthd_t to talk to mysqld via TCP + Quota policy adjustments: * Allow quota_t to load kernel modules + Debian locations for dovecot deliver and dovecot auth. + +Russell Coker (1): + Fix djbdns ports + +Sven Vermeulen (75): + Update with new substitutions + Mark the pid directory as a pid directory + Add in transitions for queue types when the queues are created + Fix typo in interface postfix_exec_postqueue + Allow maildelivery to use dotlock files in the mail spool + Allow postfix local to change ownership of mailfiles + Use libexec location for postfix binaries + Allow initrc_t to create run dirs for contrib modules + Update logwatch location in file context + Sandbox is an inherent part of the portage inner workings + Fix startup issue with fail2ban-client + Be able to get output from fail2ban-client + Ignore searches when ran from the user home directory + Shorewall admins execute shorewall too + Shorewall needs sys_admin capability for manipulating network stack + Be able to display dovecot errors + Remove transition to ldconfig + Adding interfaces for handling cron log files + Fail2ban client checks state of log files before telling the server + Support mysql init script + Support initial creation of mysql database files + Portage fetch domain needs to access certificates + Make samba domtrans optional in virt + Fix typo in tunable declaration for fcron_crond + Introducing cron_manage_log_files interface + Introduce dontaudit interfaces for leaked fd and unix stream sockets + Dontaudit attempts by system_mail_t to use leaked fd or stream sockets + Support at service + Additional postfix admin requirements + Reintroduce postfix_var_run_t for pid directory and fowner capability + Postfix deferred queue should not mark mails as postfix_spool_maildrop_t + Running qemu with SDL support requires more xserver-related privileges + Fix typo in clockspeed comment + Support openvpn status file + Asterisk voicemail messages are generated from tmp + Make rtkit calls optional + Gentoo installs dovecot certs in /etc/ssl/dovecot + Moving sandbox code to sandbox section (v2) + Allow sandbox to log violations + Use rw_fifo_file_perms + Apache should not depend on gpg + Named init script creates rundir + Add ~/.maildir as a valid maildir destination + Support stunnel_read_config for startup + Updates on stunnel policy + More .maildir fixes + Mark make.profile entry as portage_conf_t (v2) + Move mta call (coding style) + Changes to puppet domain + Allow rpc admin to run exportfs + Grant sys_admin capability to puppet + Puppet module helper scripts are puppet_var_lib_t + Support netlink_route_socket creation for puppet + Puppet initscript creates /run/puppet + Puppet runs statfs against selinuxfs + mplayer streams HTTP resources + fcron and fcronsighup binaries are moved + Asterisk needs to search through logs + Denial in mail log on node bind + Fix typo in mcelog_admin (missing bracket) + Add in contexts for fcron rm.systab and systab.tmp + Remove pulseaudio filename_trans conflict + Allow asterisk admins to execute asterisk binary directly + Support tagfiles for consolekit + ConsoleKit needs to read the dbus machine-id + File context updates for courier-imap + Update on file contexts for OpenLDAP + Update on file contexts for wpa_supplicant + Allow IRC clients to read certificates + Allow reading /proc/self for fail2ban due to FAM support + Update file contexts for puppet + Support ~/.tmux.conf as tmux configuration file + Add setuid/setgid capability to ulogd_t + Support tmux control socket + Postfix creates defer(red) queue locations +