0fdab30 * Mon Jun 09 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-167

Authored and Committed by lvrabec 9 years ago
    * Mon Jun 09 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-167
    - Allow keystone to connect to additional ports to make OpenStack
    working
    - Allow thumb_t to connect to the xserver port when you are runnin it
    via an ssh tunnel
    - Allow certmonger to manage all certs
    - rhsmcertd seems to need these accesses.
    - Add cups_execmem boolean
    - Allow cups to execute its rw_etc_t files, for brothers printers
    - Need these privs inorder to watch videon
    - Allow locate to list directories without labels
    - Allow staff_t to communicate and run docker
    - Add fixes to make munin and munin-cgi working. Allow munin-cgit to
    create files/dirs in /tmp, list munin conf dir
    - Allow bitlbee to use tcp/7778 port
    - /etc/cron.daily/logrotate to execute fail2ban-client.
    - Allow keepalives to connect to SNMP port. Support to do  SNMP stuff
    - Allow also fowner cap for varnishd
    - Allow keepalived to execute bin_t/shell_exec_t
    - Fix bitlbee policy
    - Fix rabbitmq.te
    - Fix labels on rabbitmq_var_run_t on file/dir creation
    - Allow neutron to create sock files
    - Allow postfix domains to getattr on all file systems
    - Add fixes for squid which is configured to run with more than one
    worker.
    - Allow certmonger to manage all certs
    - Fix *_ecryptfs_home_dirs booleans
    - Fix typoes in userdomain.if and libraries.te
    - Allow ldconfig_t to read/write inherited user tmp pipes
    - Use proper calling in ssh.te for userdom_home_manager attribute
    - Fix decl for cockip port
    
        
file modified
+264 -145
file modified
+217 -118
file modified
+30 -1