3ef5b99 - Allow gdm to create /var/gdm with correct labeling

Authored and Committed by mgrepl 7 years ago
    - Allow gdm to create /var/gdm with correct labeling
    - Allow domains to append rkhunterl lib files. #1057982
    - Allow systemd_tmpfiles_t net_admin to communicate with journald
    - Add interface to getattr on an isid_type for any type of file
    - Update libs_filetrans_named_content() to have support for /usr/lib/debug directory
    - Allow initrc_t domtrans to authconfig if unconfined is enabled
    - Allow docker and mount on devpts chr_file
    - Allow docker to transition to unconfined_t if boolean set
    - init calling needs to be optional in domain.te
    - Allow uncofined domain types to handle transient unit files
    - Fix labeling for vfio devices
    - Allow net_admin capability and send system log msgs
    - Allow lldpad send dgram to NM
    - Add networkmanager_dgram_send()
    - rkhunter_var_lib_t is correct type
    - Back port pcp policy from rawhide
    - Allow openlmi-storage to read removable devices
    - Allow system cron jobs to manage rkhunter lib files
    - Add rkhunter_manage_lib_files()
    - Fix ftpd_use_fusefs boolean to allow manage also symlinks
    - Allow smbcontrob block_suspend cap2
    - Allow slpd to read network and system state info
    - Allow NM domtrans to iscsid_t if iscsiadm is executed
    - Allow slapd to send a signal itself
    - Allow sslget running as pki_ra_t to contact port 8443, the secure port of the CA.
    - Fix plymouthd_create_log() interface
    - Add rkhunter policy with files type definition for /var/lib/rkhunter until it is fixed in rkhunter package
    - Add mozilla_plugin_exec_t for /usr/lib/firefox/plugin-container
    - Allow postfix and cyrus-imapd to work out of box
    - Allow fcoemon to talk with unpriv user domain using unix_stream_socket
    - Dontaudit domains that are calling into journald to net_admin
    - Add rules to allow vmtools to do what it does
    - snapperd is D-Bus service
    - Allow OpenLMI PowerManagement to call 'systemctl --force reboot'
    - Add haproxy_connect_any boolean
    - Allow haproxy also to use http cache port by default
    - Allow haproxy to work as simple HTTP proxy. HAProxy For TCP And HTTP Based Applications
    - Allow docker to use the network and build images
    - Allow docker to read selinux files for labeling, and mount on devpts chr_file
    - Allow domains that transition to svirt_sandbox to send it signals
file modified
+222 -157
file modified
+791 -211
file modified
+43 -1