123cd9 * Fri Sep 06 2013 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.2

    * Fri Sep 06 2013 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.2
    - Fix lsm.fc for pid files
    - Allow init_t to transition to all inetd domains
    - Allow tgtd_t to connect to isns ports
    - Lots of new access required for sosreport
    - svirt domains neeed to create kobject_uevint_sockets
    - Use just init_domain instead of init_daemon_domain in inetd_core_service_domain
    - Cleanup related to init_domain()+inetd_domain fixes
    - Allow cvs to bind to the cvs_port
    - Allow ktalkd to bind to the ktalkd_port
    - Allow telnetd to bind to the telnetd_port
    - Allow rlogind to bind to the rlogin_port
    - Allow apache domain to connect to gssproxy socket
    - Dontaudit attempts to bind to ports < 1024 when nis is turned on
    - Allow cupsd_lpd_t to bind to the printer port
    - Allow a confined domain to executes mozilla_exec_t via dbus
    - Allow mdadm to getattr any file system
    - Allow sandbox domain to read/write mozilla_plugin_tmpfs_t so pulseaudio will work
    - Allow all domains that can read gnome_config to read kde config
    - Call the correct interface - corenet_udp_bind_ktalkd_port()
    - Fix mozilla_plugin_rw_tmpfs_files()
    - Allow systemd running as git_systemd to bind git port
    - Allow firewalld to read NM state
    - Add interface couchdb_search_pid_dirs
    - Add support for couchdb in rabbitmq policy
    - Add boolean boinc_execmem
    - Add interface netowrkmanager_initrc_domtrans
    - Dontaudit leaks into ldconfig_t
    - Dontaudit inherited lock files in ifconfig o dhcpc_t
    - Move kernel_stream_connect into all Xwindow using users
    - Dontaudit su domains getattr on /dev devices, move su domains to attribute based calls
    - Add interface to read authorization data in the users homedir
    - Allow ipsec_t to read .google authenticator data
    - Allow staff_t to read login config
    - Treat files labeld as usr_t like bin_t when it comes to transitions
    - Split out rlogin ports from inetd
    - Add interface seutil_dbus_chat_semanage
    - Fix selinuxutil.if
file modified
+422 -145
file modified
+416 -217
file modified
+40 -1