From ffb9a931f2e4ffae9bd419c0db064cccf0c7ba78 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mar 19 2012 16:25:49 +0000 Subject: * Mon Mar 19 2012 Miroslav Grepl 3.10.0-103 - Add a new type for /etc/firewalld and allow firewalld to write to this directory - Add definition for ~/Maildir, and allow mail deliver domains to write there - Allow polipo to run from a cron job - Allow rtkit to schedule wine processes - Allow mozilla_plugin_t to acquire a bug, and allow it to transition gnome content in the home dir to th - Allow users domains to send signals to consolehelper domains --- diff --git a/policy-F16.patch b/policy-F16.patch index 9e1d2c3..4dc5ccb 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -56151,10 +56151,10 @@ index 1308871..c994c93 100644 # fork # setexec diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors -index bf24160..adfca50 100644 +index bf24160..4c5554c 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors -@@ -862,3 +862,17 @@ inherits database +@@ -862,3 +862,26 @@ inherits database implement execute } @@ -56166,6 +56166,15 @@ index bf24160..adfca50 100644 + status + reload + kill ++ load ++ enable ++ disable ++} ++ ++class systemd ++{ ++ halt ++ reboot +} + +class proxy @@ -56173,16 +56182,19 @@ index bf24160..adfca50 100644 + read +} diff --git a/policy/flask/security_classes b/policy/flask/security_classes -index 14a4799..db2e4a0 100644 +index 14a4799..4582f92 100644 --- a/policy/flask/security_classes +++ b/policy/flask/security_classes -@@ -131,4 +131,11 @@ class db_view # userspace +@@ -131,4 +131,14 @@ class db_view # userspace class db_sequence # userspace class db_language # userspace +# systemd services +class service + ++# systemd commands ++class systemd ++ +# gssd services +class proxy + @@ -64612,7 +64624,7 @@ index fbb5c5a..094d03b 100644 +') + diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te -index 2e9318b..ac078ba 100644 +index 2e9318b..15a4200 100644 --- a/policy/modules/apps/mozilla.te +++ b/policy/modules/apps/mozilla.te @@ -25,6 +25,7 @@ files_config_file(mozilla_conf_t) @@ -64846,7 +64858,12 @@ index 2e9318b..ac078ba 100644 optional_policy(` alsa_read_rw_config(mozilla_plugin_t) -@@ -425,7 +443,13 @@ optional_policy(` +@@ -421,11 +439,19 @@ optional_policy(` + optional_policy(` + dbus_system_bus_client(mozilla_plugin_t) + dbus_session_bus_client(mozilla_plugin_t) ++ dbus_connect_session_bus(mozilla_plugin_t) + dbus_read_lib_files(mozilla_plugin_t) ') optional_policy(` @@ -64857,10 +64874,11 @@ index 2e9318b..ac078ba 100644 +optional_policy(` gnome_manage_config(mozilla_plugin_t) + gnome_read_usr_config(mozilla_plugin_t) ++ gnome_filetrans_home_content(mozilla_plugin_t) ') optional_policy(` -@@ -438,18 +462,98 @@ optional_policy(` +@@ -438,18 +464,98 @@ optional_policy(` ') optional_policy(` @@ -68691,7 +68709,7 @@ index e70b0e8..cd83b89 100644 /usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0) +/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0) diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if -index ced285a..bdfe8dd 100644 +index ced285a..d2e2ce8 100644 --- a/policy/modules/apps/userhelper.if +++ b/policy/modules/apps/userhelper.if @@ -25,6 +25,7 @@ template(`userhelper_role_template',` @@ -68731,7 +68749,7 @@ index ced285a..bdfe8dd 100644 tunable_policy(`! secure_mode',` #if we are not in secure mode then we can transition to sysadm_t sysadm_bin_spec_domtrans($1_userhelper_t) -@@ -256,3 +248,87 @@ interface(`userhelper_exec',` +@@ -256,3 +248,88 @@ interface(`userhelper_exec',` can_exec($1, userhelper_exec_t) ') @@ -68776,6 +68794,7 @@ index ced285a..bdfe8dd 100644 + + domtrans_pattern($3, consolehelper_exec_t, $1_consolehelper_t) + ++ allow $3 $1_consolehelper_t:process signal; + allow $3 $1_consolehelper_t:dbus send_msg; + allow $1_consolehelper_t $3:dbus send_msg; + @@ -69167,7 +69186,7 @@ index f9a73d0..00a98f1 100644 xserver_role($1_r, $1_wine_t) ') diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te -index be9246b..e3de8fa 100644 +index be9246b..90848c7 100644 --- a/policy/modules/apps/wine.te +++ b/policy/modules/apps/wine.te @@ -40,7 +40,7 @@ domain_mmap_low(wine_t) @@ -69179,6 +69198,17 @@ index be9246b..e3de8fa 100644 tunable_policy(`wine_mmap_zero_ignore',` dontaudit wine_t self:memprotect mmap_zero; +@@ -55,6 +55,10 @@ optional_policy(` + ') + + optional_policy(` ++ rtkit_scheduled(wine_t) ++') ++ ++optional_policy(` + unconfined_domain(wine_t) + ') + diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te index 8bfe97d..356e2a1 100644 --- a/policy/modules/apps/wireshark.te @@ -92787,7 +92817,7 @@ index 1a1becd..115133d 100644 + dontaudit $1 session_bus_type:dbus send_msg; ') diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te -index 1bff6ee..4327f89 100644 +index 1bff6ee..eac8b72 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -10,6 +10,7 @@ gen_require(` @@ -92877,7 +92907,7 @@ index 1bff6ee..4327f89 100644 policykit_dbus_chat(system_dbusd_t) policykit_domtrans_auth(system_dbusd_t) policykit_search_lib(system_dbusd_t) -@@ -151,12 +174,156 @@ optional_policy(` +@@ -151,12 +174,160 @@ optional_policy(` ') optional_policy(` @@ -92898,7 +92928,7 @@ index 1bff6ee..4327f89 100644 # -# Unconfined access to this module +# system_bus_type rules -+# + # +role system_r types system_bus_type; + +fs_search_all(system_bus_type) @@ -92912,7 +92942,7 @@ index 1bff6ee..4327f89 100644 +init_rw_stream_sockets(system_bus_type) + +ps_process_pattern(system_dbusd_t, system_bus_type) -+ + +userdom_dontaudit_search_admin_dir(system_bus_type) +userdom_read_all_users_state(system_bus_type) + @@ -92935,7 +92965,7 @@ index 1bff6ee..4327f89 100644 +######################################## +# +# session_bus_type rules - # ++# +dontaudit session_bus_type self:capability sys_resource; +allow session_bus_type self:process { getattr sigkill signal }; +dontaudit session_bus_type self:process setrlimit; @@ -93010,7 +93040,7 @@ index 1bff6ee..4327f89 100644 +userdom_manage_user_home_content_dirs(session_bus_type) +userdom_manage_user_home_content_files(session_bus_type) +userdom_user_home_dir_filetrans_user_home_content(session_bus_type, { dir file }) - ++ +optional_policy(` + gnome_read_gconf_home_files(session_bus_type) +') @@ -93020,6 +93050,10 @@ index 1bff6ee..4327f89 100644 +') + +optional_policy(` ++ thumb_domtrans(session_bus_type) ++') ++ ++optional_policy(` + xserver_search_xdm_lib(session_bus_type) + xserver_use_xdm_fds(session_bus_type) + xserver_rw_xdm_pipes(session_bus_type) @@ -97159,13 +97193,14 @@ index 9b7036a..4770f61 100644 diff --git a/policy/modules/services/firewalld.fc b/policy/modules/services/firewalld.fc new file mode 100644 -index 0000000..ba9a7a9 +index 0000000..9e82406 --- /dev/null +++ b/policy/modules/services/firewalld.fc -@@ -0,0 +1,10 @@ +@@ -0,0 +1,11 @@ + +/etc/rc\.d/init\.d/firewalld -- gen_context(system_u:object_r:firewalld_initrc_exec_t,s0) + ++/etc/firewalld(/.*)? gen_context(system_u:object_r:firewalld_etc_rw_t,s0) + +/usr/sbin/firewalld -- gen_context(system_u:object_r:firewalld_exec_t,s0) + @@ -97257,10 +97292,10 @@ index 0000000..06462d4 +') diff --git a/policy/modules/services/firewalld.te b/policy/modules/services/firewalld.te new file mode 100644 -index 0000000..2cce24c +index 0000000..1a5d643 --- /dev/null +++ b/policy/modules/services/firewalld.te -@@ -0,0 +1,76 @@ +@@ -0,0 +1,81 @@ + +policy_module(firewalld,1.0.0) + @@ -97276,6 +97311,9 @@ index 0000000..2cce24c +type firewalld_initrc_exec_t; +init_script_file(firewalld_initrc_exec_t) + ++type firewalld_etc_rw_t; ++files_config_file(firewalld_etc_rw_t) ++ +type firewalld_var_log_t; +logging_log_file(firewalld_var_log_t) + @@ -97290,6 +97328,8 @@ index 0000000..2cce24c +allow firewalld_t self:fifo_file rw_fifo_file_perms; +allow firewalld_t self:unix_stream_socket create_stream_socket_perms; + ++rw_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t) ++ +append_files_pattern(firewalld_t, firewalld_var_log_t, firewalld_var_log_t) +create_files_pattern(firewalld_t, firewalld_var_log_t, firewalld_var_log_t) +read_files_pattern(firewalld_t, firewalld_var_log_t, firewalld_var_log_t) @@ -104506,18 +104546,19 @@ index 7f68872..36ff69d 100644 + xserver_dontaudit_read_xdm_pid(mpd_t) +') diff --git a/policy/modules/services/mta.fc b/policy/modules/services/mta.fc -index 256166a..71e7a36 100644 +index 256166a..a8fe27a 100644 --- a/policy/modules/services/mta.fc +++ b/policy/modules/services/mta.fc -@@ -1,4 +1,6 @@ +@@ -1,4 +1,7 @@ -HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0) +HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) +HOME_DIR/dead.letter -- gen_context(system_u:object_r:mail_home_t,s0) +HOME_DIR/.mailrc -- gen_context(system_u:object_r:mail_home_t,s0) ++HOME_DIR/Maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) /bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) -@@ -11,20 +13,26 @@ ifdef(`distro_redhat',` +@@ -11,20 +14,27 @@ ifdef(`distro_redhat',` /etc/postfix/aliases.* gen_context(system_u:object_r:etc_aliases_t,s0) ') @@ -104525,6 +104566,7 @@ index 256166a..71e7a36 100644 +/root/\.forward -- gen_context(system_u:object_r:mail_home_t,s0) +/root/dead.letter -- gen_context(system_u:object_r:mail_home_t,s0) +/root/.mailrc -- gen_context(system_u:object_r:mail_home_t,s0) ++/root/Maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) -/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0) @@ -104552,7 +104594,7 @@ index 256166a..71e7a36 100644 +/var/spool/mqueue\.in(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0) /var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if -index 343cee3..62edb77 100644 +index 343cee3..b37f19e 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -37,9 +37,9 @@ interface(`mta_stub',` @@ -104968,7 +105010,7 @@ index 343cee3..62edb77 100644 ## Read sendmail binary. ## ## -@@ -899,3 +939,114 @@ interface(`mta_rw_user_mail_stream_sockets',` +@@ -899,3 +939,118 @@ interface(`mta_rw_user_mail_stream_sockets',` allow $1 user_mail_domain:unix_stream_socket rw_socket_perms; ') @@ -105034,11 +105076,13 @@ index 343cee3..62edb77 100644 +interface(`mta_filetrans_admin_home_content',` + gen_require(` + type mail_home_t; ++ type mail_home_rw_t; + ') + + userdom_admin_home_dir_filetrans($1, mail_home_t, file, "dead.letter") + userdom_admin_home_dir_filetrans($1, mail_home_t, file, ".mailrc") + userdom_admin_home_dir_filetrans($1, mail_home_t, file, ".forward") ++ userdom_admin_home_dir_filetrans($1, mail_home_rw_t, file, "Maildir") +') + +######################################## @@ -105054,11 +105098,13 @@ index 343cee3..62edb77 100644 +interface(`mta_filetrans_home_content',` + gen_require(` + type mail_home_t; ++ type mail_home_rw_t; + ') + + userdom_user_home_dir_filetrans($1, mail_home_t, file, ".mailrc") + userdom_user_home_dir_filetrans($1, mail_home_t, file, "dead.letter") + userdom_user_home_dir_filetrans($1, mail_home_t, file, ".forward") ++ userdom_user_home_dir_filetrans($1, mail_home_rw_t, file, "Maildir") +') + +######################################## @@ -105084,10 +105130,10 @@ index 343cee3..62edb77 100644 + mta_filetrans_admin_home_content($1) +') diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te -index 64268e4..642d538 100644 +index 64268e4..8733cb5 100644 --- a/policy/modules/services/mta.te +++ b/policy/modules/services/mta.te -@@ -20,14 +20,16 @@ files_type(etc_aliases_t) +@@ -20,14 +20,19 @@ files_type(etc_aliases_t) type etc_mail_t; files_config_file(etc_mail_t) @@ -105095,6 +105141,9 @@ index 64268e4..642d538 100644 -files_type(mail_forward_t) +type mail_home_t alias mail_forward_t; +userdom_user_home_content(mail_home_t) ++ ++type mail_home_rw_t; ++userdom_user_home_content(mail_home_rw_t) type mqueue_spool_t; files_mountpoint(mqueue_spool_t) @@ -105106,7 +105155,7 @@ index 64268e4..642d538 100644 type sendmail_exec_t; mta_agent_executable(sendmail_exec_t) -@@ -42,6 +44,7 @@ typealias user_mail_tmp_t alias { staff_mail_tmp_t sysadm_mail_tmp_t }; +@@ -42,6 +47,7 @@ typealias user_mail_tmp_t alias { staff_mail_tmp_t sysadm_mail_tmp_t }; typealias user_mail_tmp_t alias { auditadm_mail_tmp_t secadm_mail_tmp_t }; ubac_constrained(user_mail_t) ubac_constrained(user_mail_tmp_t) @@ -105114,7 +105163,7 @@ index 64268e4..642d538 100644 ######################################## # -@@ -50,22 +53,11 @@ ubac_constrained(user_mail_tmp_t) +@@ -50,22 +56,11 @@ ubac_constrained(user_mail_tmp_t) # newalias required this, not sure if it is needed in 'if' file allow system_mail_t self:capability { dac_override fowner }; @@ -105138,7 +105187,7 @@ index 64268e4..642d538 100644 dev_read_sysfs(system_mail_t) dev_read_rand(system_mail_t) dev_read_urand(system_mail_t) -@@ -79,9 +71,18 @@ selinux_getattr_fs(system_mail_t) +@@ -79,9 +74,22 @@ selinux_getattr_fs(system_mail_t) term_dontaudit_use_unallocated_ttys(system_mail_t) init_use_script_ptys(system_mail_t) @@ -105149,16 +105198,20 @@ index 64268e4..642d538 100644 userdom_dontaudit_search_user_home_dirs(system_mail_t) +userdom_dontaudit_list_admin_dir(system_mail_t) + ++manage_dirs_pattern(system_mail_t, mail_home_rw_t, mail_home_rw_t) ++manage_files_pattern(system_mail_t, mail_home_rw_t, mail_home_rw_t) ++ +allow system_mail_t mail_home_t:file manage_file_perms; +userdom_admin_home_dir_filetrans(system_mail_t, mail_home_t, file) + ++ +logging_append_all_logs(system_mail_t) + +logging_send_syslog_msg(system_mail_t) optional_policy(` apache_read_squirrelmail_data(system_mail_t) -@@ -92,14 +93,21 @@ optional_policy(` +@@ -92,14 +100,21 @@ optional_policy(` apache_dontaudit_rw_stream_sockets(system_mail_t) apache_dontaudit_rw_tcp_sockets(system_mail_t) apache_dontaudit_rw_sys_script_stream_sockets(system_mail_t) @@ -105183,7 +105236,7 @@ index 64268e4..642d538 100644 ') optional_policy(` -@@ -108,9 +116,15 @@ optional_policy(` +@@ -108,9 +123,15 @@ optional_policy(` ') optional_policy(` @@ -105199,7 +105252,7 @@ index 64268e4..642d538 100644 ') optional_policy(` -@@ -124,12 +138,9 @@ optional_policy(` +@@ -124,12 +145,9 @@ optional_policy(` ') optional_policy(` @@ -105214,7 +105267,7 @@ index 64268e4..642d538 100644 ') optional_policy(` -@@ -146,6 +157,10 @@ optional_policy(` +@@ -146,6 +164,10 @@ optional_policy(` ') optional_policy(` @@ -105225,7 +105278,7 @@ index 64268e4..642d538 100644 nagios_read_tmp_files(system_mail_t) ') -@@ -158,22 +173,13 @@ optional_policy(` +@@ -158,22 +180,13 @@ optional_policy(` files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file }) domain_use_interactive_fds(system_mail_t) @@ -105251,7 +105304,7 @@ index 64268e4..642d538 100644 ') optional_policy(` -@@ -189,6 +195,10 @@ optional_policy(` +@@ -189,6 +202,10 @@ optional_policy(` ') optional_policy(` @@ -105262,7 +105315,7 @@ index 64268e4..642d538 100644 smartmon_read_tmp_files(system_mail_t) ') -@@ -199,15 +209,16 @@ optional_policy(` +@@ -199,15 +216,16 @@ optional_policy(` arpwatch_search_data(mailserver_delivery) arpwatch_manage_tmp_files(mta_user_agent) @@ -105283,31 +105336,34 @@ index 64268e4..642d538 100644 ######################################## # # Mailserver delivery local policy -@@ -220,28 +231,21 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) +@@ -220,21 +238,13 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) -read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t) +- +-read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t) +userdom_search_admin_dir(mailserver_delivery) +read_files_pattern(mailserver_delivery, mail_home_t, mail_home_t) - read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t) - -tunable_policy(`use_samba_home_dirs',` - fs_manage_cifs_dirs(mailserver_delivery) - fs_manage_cifs_files(mailserver_delivery) - fs_manage_cifs_symlinks(mailserver_delivery) -') -- ++manage_dirs_pattern(mailserver_deliver, mail_home_rw_t, mail_home_rw_t) ++manage_files_pattern(mailserver_deliver, mail_home_rw_t, mail_home_rw_t) + -tunable_policy(`use_nfs_home_dirs',` - fs_manage_nfs_dirs(mailserver_delivery) - fs_manage_nfs_files(mailserver_delivery) - fs_manage_nfs_symlinks(mailserver_delivery) -') -- ++read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t) + optional_policy(` dovecot_manage_spool(mailserver_delivery) - dovecot_domtrans_deliver(mailserver_delivery) +@@ -242,6 +252,10 @@ optional_policy(` ') optional_policy(` @@ -105318,7 +105374,7 @@ index 64268e4..642d538 100644 # so MTA can access /var/lib/mailman/mail/wrapper files_search_var_lib(mailserver_delivery) -@@ -249,16 +253,25 @@ optional_policy(` +@@ -249,16 +263,25 @@ optional_policy(` mailman_read_data_symlinks(mailserver_delivery) ') @@ -105346,7 +105402,7 @@ index 64268e4..642d538 100644 # Create dead.letter in user home directories. userdom_manage_user_home_content_files(user_mail_t) userdom_user_home_dir_filetrans_user_home_content(user_mail_t, file) -@@ -277,14 +290,14 @@ userdom_dontaudit_append_user_tmp_files(user_mail_t) +@@ -277,14 +300,14 @@ userdom_dontaudit_append_user_tmp_files(user_mail_t) # files in an appropriate place for mta_user_agent userdom_read_user_tmp_files(mta_user_agent) @@ -105363,7 +105419,7 @@ index 64268e4..642d538 100644 # Read user temporary files. # postfix seems to need write access if the file handle is opened read/write userdom_rw_user_tmp_files(user_mail_t) -@@ -292,3 +305,114 @@ optional_policy(` +@@ -292,3 +315,117 @@ optional_policy(` postfix_read_config(user_mail_t) postfix_list_spool(user_mail_t) ') @@ -105382,6 +105438,9 @@ index 64268e4..642d538 100644 +append_files_pattern(user_mail_domain, mail_home_t, mail_home_t) +read_files_pattern(user_mail_domain, mail_home_t, mail_home_t) + ++manage_dirs_pattern(user_mail_domain, mail_home_rw_t, mail_home_rw_t) ++manage_files_pattern(user_mail_domain, mail_home_rw_t, mail_home_rw_t) ++ +read_files_pattern(user_mail_domain, etc_aliases_t, etc_aliases_t) + +can_exec(user_mail_domain, mta_exec_type) @@ -111372,10 +111431,10 @@ index 0000000..64a6d26 +') diff --git a/policy/modules/services/polipo.te b/policy/modules/services/polipo.te new file mode 100644 -index 0000000..a18621f +index 0000000..a22fe1b --- /dev/null +++ b/policy/modules/services/polipo.te -@@ -0,0 +1,166 @@ +@@ -0,0 +1,170 @@ +policy_module(polipo, 1.0.0) + +######################################## @@ -111508,6 +111567,10 @@ index 0000000..a18621f + +logging_send_syslog_msg(polipo_t) + ++optional_policy(` ++ cron_system_entry(polipo_t, polipo_exec_t) ++') ++ +tunable_policy(`polipo_connect_all_unreserved',` + corenet_tcp_connect_all_unreserved_ports(polipo_t) +') diff --git a/selinux-policy.spec b/selinux-policy.spec index 4a437ea..bfc1ed8 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.10.0 -Release: 102%{?dist} +Release: 103%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -483,6 +483,14 @@ SELinux Reference policy mls base module. %endif %changelog +* Mon Mar 19 2012 Miroslav Grepl 3.10.0-103 +- Add a new type for /etc/firewalld and allow firewalld to write to this directory +- Add definition for ~/Maildir, and allow mail deliver domains to write there +- Allow polipo to run from a cron job +- Allow rtkit to schedule wine processes +- Allow mozilla_plugin_t to acquire a bug, and allow it to transition gnome content in the home dir to the proper label +- Allow users domains to send signals to consolehelper domains + * Fri Mar 16 2012 Miroslav Grepl 3.10.0-102 - More fixes for boinc policy - Allow polipo domain to create its own cache dir and pid file