231f0f4 * Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-49

Authored and Committed by lvrabec 5 years ago
    * Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-49
    - Update pesign policy to allow pesign_t domain to read bind cache files/dirs
    - Add dac_override capability to mdadm_t domain
    - Create ibacm_tmpfs_t type for the ibacm policy
    - Dontaudit capability sys_admin for dhcpd_t domain
    - Makes rhsmcertd_t domain an exception to the constraint preventing changing the user identity in object contexts.
    - Allow abrt_t domain to mmap generic tmp_t files
    - Label /usr/sbin/wpa_cli as wpa_cli_exec_t
    - Allow sandbox_xserver_t domain write to user_tmp_t files
    - Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672)
    - Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766)
    - Add dac_override capability to postgrey_t domain BZ(1638954)
    - Allow thumb_t domain to execute own tmpfs files BZ(1643698)
    - Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files Dontaudit ipsec_mgmt_t domain to write to the all mountpoints
    - Add interface files_map_generic_tmp_files()
    - Add dac_override capability to the syslogd_t domain
    - Create systemd_timedated_var_run_t label
    - Update systemd_timedated_t domain to allow create own pid files/access init_var_lib_t files and read dbus files BZ(1646202)
    - Improve fs_manage_ecryptfs_files to allow caller domain also mmap ecryptfs_t files BZ(1630675)
    
        
  • Build completed
    success
    Built as selinux-policy-3.14.1-49.fc28
    5 years ago
file modified
+2 -0
file modified
+23 -3
file modified
+3 -3