18e115 - Add label for /usr/libexec/dcc/start-dccifd and domtrans to dccifd_t

Authored and Committed by mgrepl 6 years ago
    - Add label for /usr/libexec/dcc/start-dccifd  and domtrans to dccifd_t
    - Add virt_transition_userdomain boolean decl
    - Allow httpd_t to sendto unix_dgram sockets on its children
    - Allow nova domains to execute ifconfig
    - bluetooth wants to create fifo_files in /tmp
    - exim needs to be able to manage mailman data
    - Allow sysstat to getattr on all file systems
    - Looks like bluetoothd has moved
    - Allow collectd to send ping packets
    - Allow svirt_lxc domains to getpgid
    - Remove virt-sandbox-service labeling as virsh_exec_t, since it no longer does virsh_t stuff
    - Allow frpintd_t to read /dev/urandom
    - Allow asterisk_t to create sock_file in /var/run
    - Allow usbmuxd to use netlink_kobject
    - sosreport needs to getattr on lots of devices, and needs access to netlink_kobject_uevent_s
    - More cleanup of svirt_lxc policy
    - virtd_lxc_t now talks to dbus
    - Dontaudit leaked ptmx_t
    - Allow processes to use inherited fifo files
    - Allow openvpn_t to connect to squid ports
    - Allow prelink_cron_system_t to ask systemd to reloaddd miscfiles_dontaudit_access_check_cer
    - Allow ssh_t to use /dev/ptmx
    - Make sure /run/pluto dir is created with correct labeling
    - Allow syslog to run shell and bin_t commands
    - Allow ip to relabel tun_sockets
    - Allow mount to create directories in files under /run
    - Allow processes to use inherited fifo files
    - Allow user roles to connect to the journal socket
    - xauth_t should be allowed to create xauth_home_t
    - selinux_set_enforce_mode needs to be used with type
    - Add append to the dontaudit for unix_stream_socket of xdm_t leak
    - Allow xdm_t to create symlinks in log direcotries
    - Allow login programs to read afs config
file modified
+192 -144
file modified
+484 -296
file modified
+39 -1