diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2020-08-13 14:24:35 +0200 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2020-10-11 13:32:16 -0700 |
commit | b2e69e07c35b3e117d6667b4bd6bf5704d40e3a2 (patch) | |
tree | 19bd4f57d63ad8236b95ccc2eca9d6fc68676882 /Changelog.contrib | |
parent | Fix several misspellings (diff) | |
download | hardened-refpolicy-b2e69e07c35b3e117d6667b4bd6bf5704d40e3a2.tar.gz hardened-refpolicy-b2e69e07c35b3e117d6667b4bd6bf5704d40e3a2.tar.bz2 hardened-refpolicy-b2e69e07c35b3e117d6667b4bd6bf5704d40e3a2.zip |
whitespace cleanup
Remove trailing white spaces and mixed up indents
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'Changelog.contrib')
-rw-r--r-- | Changelog.contrib | 113 |
1 files changed, 56 insertions, 57 deletions
diff --git a/Changelog.contrib b/Changelog.contrib index a910f032..56206383 100644 --- a/Changelog.contrib +++ b/Changelog.contrib @@ -859,24 +859,24 @@ Dominick Grift (126): Typo fix in ksmtuned_admin() by Shintaro Fujiwara Fix monolithic built Change file context spec for aide log files to catch suffixes - Module version bumps for changes in various policy modules by Sven + Module version bumps for changes in various policy modules by Sven Vermeulen Squid: Use a single pattern for brevity - Irc was already allowed to create tcp sockets, it only needed an + Irc was already allowed to create tcp sockets, it only needed an additional accept, and listen to be able to act as a proxy - Its probably a better idea to use the httpd_sys_ra_content_t type sid + Its probably a better idea to use the httpd_sys_ra_content_t type sid for logs in these locations - Module version bump for changes to the tcsd policy module by Lukas + Module version bump for changes to the tcsd policy module by Lukas Vrabec - Module version bump for changes to various policy modules by Miroslav + Module version bump for changes to various policy modules by Miroslav Grepl Module version bump for changes to the samba policy module by Dan Walsh - Module version bump for changes to the telepathy policy module by + Module version bump for changes to the telepathy policy module by Miroslav Grepl We do not have a boinc domain type attribute Change boolean description a bit Additional rabbitmq couchdb support - Module version bumps for changes to various policy modules by Miroslav + Module version bumps for changes to various policy modules by Miroslav Grepl Additional git tcp networking rules Additional ktalkd udp networking rules @@ -889,25 +889,25 @@ Dominick Grift (126): Addtional tgtd tcp networking rules Additional polipo tcp networking rules Fix asterisk files_spool_filetrans() - Module version bump for changes to the networkmanager policy module by + Module version bump for changes to the networkmanager policy module by Lukas Vrabec - Additional fs_tmpfs_filetrans() for munin service plugin content on + Additional fs_tmpfs_filetrans() for munin service plugin content on tmpfs - Module version bump for changes to various policy modules by Miroslav + Module version bump for changes to various policy modules by Miroslav Grepl - Support rlogind, and telnetd as init daemon domains ( i think fedora is + Support rlogind, and telnetd as init daemon domains ( i think fedora is campaigning to get rid of (x)?inetd ) - Support mariadb logging, file context specification for mariadb specific + Support mariadb logging, file context specification for mariadb specific config location - Change logwatch boolean identifier to something more self-documenting. + Change logwatch boolean identifier to something more self-documenting. Additional tcp networking rules - Module version bump for changes to various policy modules by Miroslav + Module version bump for changes to various policy modules by Miroslav Grepl Fix inconsistencies in the pkcs policy module Fix fetchmail inconsistencies Module version bump for changes in various policy modules by Dan Walsh Support for window managers to stream socket connect to pulseaudio - Logwatch does not need to be able to bind tcp sockets to generic nodes + Logwatch does not need to be able to bind tcp sockets to generic nodes since its only connecting Adds userhelper_exec_consolehelper for window managers Remove duplicate rules due to addition of auth_use_nsswitch() @@ -918,7 +918,7 @@ Dominick Grift (126): condor_conf_t Hit by a nasty optional policy nesting issue We will find another way to run pa as a system server - Module version bump for changes to various policy modules by Miroslav + Module version bump for changes to various policy modules by Miroslav Grepl Clean up hypervkvp policy module (seems incomplete) Clean up initial redis policy module @@ -950,45 +950,45 @@ Dominick Grift (126): stops avahi via its init script. I also created a avahi_manage_pid_files() for udev_t because the script manages a file called "checked_nameservers.*" in /run/avahi-daemon - Cleanups of various modules with regard to regular expressions and white + Cleanups of various modules with regard to regular expressions and white space - apt: As it turns out the /var/backups directory is labeled in the backup + apt: As it turns out the /var/backups directory is labeled in the backup module (which i incidentally did not have installed earlier). Instead of creating this file with a file type transition to apt_var_cache_t, allow apt_t to manage backup_store files - mta: this needs to be verified again, it should just have been running + mta: this needs to be verified again, it should just have been running in exim_t. I might have taken this from old logs mandb: /etc/cron.daily/man-db executes dpkg, reads dpkg db on Debian - slocate: catch /usr/bin/updatedb.mlocate, and /etc/cron.daily/mlocate on + slocate: catch /usr/bin/updatedb.mlocate, and /etc/cron.daily/mlocate on Debian dpkg: catch /etc/cron.daily/dpkg on Debian dpkg: allow /etc/cron.daily/dpkg to manage backup store files on Debian cron: consistent usage of regular expressions cron: prelink no longer runs in the system cronjob domain - alsa: alsactl wants to associate pulse-shm-.* to device_t type - filesystems. This happens early on but i do not understand how that + alsa: alsactl wants to associate pulse-shm-.* to device_t type + filesystems. This happens early on but i do not understand how that (/dev) relates to /dev/shm in this regard devicekit: reads udev pid files modemmanager: reads udev pid files vdagent: spice-vdagentd uses /dev/vport1p1 virtio console - tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes + tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes /dev/pts/0 inherited from init script revert regular expressions wm: allow $1_wm_t to stream connect to $1_gkeyringd_t - mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and + mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and to read exim var lib files. - mta: These are duplicates because system_mail_t is a user_mail_domain, - as it is based off of the mta_base_mail_template() which assigns that + mta: These are duplicates because system_mail_t is a user_mail_domain, + as it is based off of the mta_base_mail_template() which assigns that type attribute locate: extra rules needed by debian /etc/cron.daily/locate script - backup: in Debian /etc/cron.daily/passwd backs-up shadow, passwd etc to + backup: in Debian /etc/cron.daily/passwd backs-up shadow, passwd etc to /var/backups - avahi: create interfaces that will allow calles to create avahi pid dirs + avahi: create interfaces that will allow calles to create avahi pid dirs and create specifc avahi pid objects with a type transition (for udev, which runs: /usr/lib/avahi/avahi-daemon-check-dns.sh in Debian Initial gdomap policy module Initial minissdpd policy module - alsa: due to a bug in gnome 3.4, in debian, alsactl does all kinds of + alsa: due to a bug in gnome 3.4, in debian, alsactl does all kinds of weird things related to pulseaudio various: revert regex fixes: fcsort does not want this now gdomap: gdomap_port_t is now available, gdomap binds tcp, and udp socket @@ -1211,7 +1211,7 @@ Dominick Grift (889): fcoemon sends to lldpad with a dgram socket Initial quantum policy module Initial dspam policy module - Module version bump for Telepathy file context spec fixes from Laurent + Module version bump for Telepathy file context spec fixes from Laurent Bigonville. Initial isns policy module Various changes to tcs policy module @@ -1257,7 +1257,7 @@ Dominick Grift (889): Changes to the abrt policy module and relevant dependencies numad sends/receives msgs from Fedora Amtu executable file in installed in /usr/sbin in Fedora - The (usr/)? expression does not work consistently so better not use it + The (usr/)? expression does not work consistently so better not use it at all Changes to the httpd policy module Merge branch 'master' of @@ -1308,7 +1308,7 @@ Dominick Grift (889): Changes to the ccs policy module Changes to the cdrecord policy module Changes to the certmaster policy module and various role attribute fixes - cdrecord needs to read and write callers unix domain stream socket not + cdrecord needs to read and write callers unix domain stream socket not create it Changes to the certmonger policy module and its dependencies Initial cachefilesd policy module @@ -1354,9 +1354,9 @@ Dominick Grift (889): Changes to the djbdns policy module Changes to the dkim policy module Changes to the dmidecode policy module - Module bump for Laurent Bigonville trousers init script file context + Module bump for Laurent Bigonville trousers init script file context specification fix - Module bump for Laurent Bigonville libvirt init script file context + Module bump for Laurent Bigonville libvirt init script file context specification fix Changes to the dnsmasq policy module and relevant dependencies Changes to the dovecot policy module @@ -1383,7 +1383,7 @@ Dominick Grift (889): Initial glusterfs policy module Add gatekeeper newline Deprecate glusterd_admin() use glusterfs_admin() instead - Portage module version bump for autofs support by Matthew Thode and + Portage module version bump for autofs support by Matthew Thode and clean up cfengine: This location is now labeled with a cfengine private type Changes to the slpd policy module @@ -1395,8 +1395,8 @@ Dominick Grift (889): Changes to the gnomeclock policy module Deprecate various DBUS interfaces and relevant dependencies Changes to the cachefilesd policy module - Remove file context specification for kgpg which is a GUI frontend to - GPG. Domain transition to gpg_t will happen when kgpg runs gpg. + Remove file context specification for kgpg which is a GUI frontend to + GPG. Domain transition to gpg_t will happen when kgpg runs gpg. (rhbz#862229) Initial mandb policy module Changes to the hadoop policy module @@ -1492,7 +1492,7 @@ Dominick Grift (889): Changes to the iodine policy module Changes to the kerberos policy module Changes to the kdumpgui policy module - Update deprecated interface calls ( gnome_read_config -> + Update deprecated interface calls ( gnome_read_config -> gnome_read_generic_home_content ) Changes to the mozilla policy module Changes to the thunderbird policy module @@ -1663,7 +1663,7 @@ Dominick Grift (889): Fix a fatal syntax error in mozilla_plugin_role() Changes to the plymouth policy module Changes to the policykit policy module - Module version bump for fixes in shorewall, fail2ban and portage policy + Module version bump for fixes in shorewall, fail2ban and portage policy modules by Sven Vermeulen Tab clean up in the puppet file context file Changes to ther puppet policy module and relevant dependencies @@ -1696,7 +1696,7 @@ Dominick Grift (889): Tab clean up in the razor file context file Changes to the razor policy module and relevant dependencies Smokeping cgi needs to run ping with a domain transition Remove - redundant socket create already provided by + redundant socket create already provided by sysnet_dns_name_resolve() Changes to the virt policy module Changes to the apache policy module @@ -1779,7 +1779,7 @@ Dominick Grift (889): Changes to the shutdown policy module and relevant dependencies Tab clean up in the slocate file context file Changes to the slocate policy module and relevant dependencies - These domains transition to shutdown domain now so they no longer need + These domains transition to shutdown domain now so they no longer need direct access Re-add missing network rule in screen policy module fail2ban server sets scheduler @@ -1802,7 +1802,7 @@ Dominick Grift (889): Changes to the soundserver policy module Tab clean up in the spamassassin file context file Changes to the spamassassin policy module and relevant dependendies - spamassassin_role callers create ~/.spamd with the spamd_home_t user + spamassassin_role callers create ~/.spamd with the spamd_home_t user home type instead Re-add sys_admin capability that was lost with porting from Fedora Move mailscanner content to mailscanner module @@ -1865,7 +1865,7 @@ Dominick Grift (889): Changes to the ulogd policy module Tab clean up in the uml file context file Changes to the uml policy module - Make it so that irc clients can also get attributes of cifs, nfs, fuse + Make it so that irc clients can also get attributes of cifs, nfs, fuse and other file systems Changes to the updfstab policy module Changes to the uptime policy module @@ -1954,7 +1954,7 @@ Dominick Grift (889): Zabbix sends signals from Fedora Blueman sets scheduler and sends signals from Fedora pcscd_read_pub_files is deprecated, use pcscd_read_pid_files instead - Module version bumps for fixes in portage and virt modules by Sven + Module version bumps for fixes in portage and virt modules by Sven Vermeulen Policy module version bumps for various changes by Sven Vermeulen Changes to the openvpn policy module @@ -2020,11 +2020,11 @@ Dominick Grift (889): Changes to the amavis policy module Changes to the ppp policy module Initial jockey policy module - Module version bumps for "several named transition for directories - created in /var/run by initscripts" in various modules by Laurent + Module version bumps for "several named transition for directories + created in /var/run by initscripts" in various modules by Laurent Bigonville Module version bumps for fixes in various modules by Laurent Bigonville - Module version bump for changes to the consolekit policy module by + Module version bump for changes to the consolekit policy module by Laurent Bigonville Changes to the stunnel policy module Module version bumps for fixes in various modules by Sven Vermeulen @@ -2063,7 +2063,7 @@ Dominick Grift (889): Changes to the wdmd policy module and relevant dependencies Changes to the nscd policy module and relevant dependencies Changes to the dbus policy module - Module version bumps for fixes in various policy modules by Laurent + Module version bumps for fixes in various policy modules by Laurent Bigonville Changes to the cups policy module Changes to the dbus policy module @@ -2071,25 +2071,25 @@ Dominick Grift (889): Remove redundant net_bind_service capabilities in various modules Changes to the virt policy module Changes to the puppet policy module - Module version bumps for fixes in various policy module by Sven + Module version bumps for fixes in various policy module by Sven Vermeulen - Module version bumps for file context fixes in various policy modules by + Module version bumps for file context fixes in various policy modules by Laurent Bigonville Make httpd_manage_all_user_content() do what it advertises Add more networking rules to mplayer policy module for compatibility - Fix fcronsighup file context. Should be crontab_exec_t as per previous + Fix fcronsighup file context. Should be crontab_exec_t as per previous spec Module version bumps for changes in various modules by Sven Vermeulen Move asterisk_exec() and modify XML header - Consolekit creates /var/run/console directories with a type transition + Consolekit creates /var/run/console directories with a type transition unconditionally - Module version bump in consolekit policy module for changes by Sven + Module version bump in consolekit policy module for changes by Sven Vermeulen - The imaplogin executable file should be courier_pop_exec_t according to + The imaplogin executable file should be courier_pop_exec_t according to existing file context specification - Module version bump for changes to the fail2ban policy module by Sven + Module version bump for changes to the fail2ban policy module by Sven Vermeulen - Modules version bumps for changes in various policy modules by Sven + Modules version bumps for changes in various policy modules by Sven Vermeulen Laurent Bigonville (28): @@ -2212,4 +2212,3 @@ Sven Vermeulen (75): Add setuid/setgid capability to ulogd_t Support tmux control socket Postfix creates defer(red) queue locations - |