rpms / selinux-policy

Clone
Source Code
GIT

4287bdf * Mon Sep 14 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-128.13

Authored and Committed by lvrabec 8 years ago
raw patch tree parent
3 files changed. 479 lines added. 206 lines removed.
policy-f22-base.patch
file modified
+249 -108
policy-f22-contrib.patch
file modified
+195 -97
selinux-policy.spec
file modified
+35 -1 
    * Mon Sep 14 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-128.13
    - named wants to access /proc/sys/net/ipv4/ip_local_port_range to get ehphemeral range. BZ(#1260272)
    - Allow user screen domains to list directorires in HOMEDIR wit user_home_t labeling.
    - Fix for watchdog_unconfined_exec_read_lnk_files, Add also dir search perms in watchdog_unconfined_exec_t.
    - Dontaudit fenced search gnome config
    - Allow teamd running as NetworkManager_t to access netlink_generic_socket to allow multiple network interfaces to be teamed together.
    - Fix labeling for fence_scsi_check script
    - Allow openhpid to read system state Aloow openhpid to connect to tcp http port.
    - Allow openhpid to read snmp var lib files.
    - Allow openvswitch_t domains read kernel dependencies due to openvswitch run modprobe
    - Fix regexp in chronyd.fc file
    - Allow passenger to getattr filesystem xattr
    - Revert "Allow pegasus_openlmi_storage_t create mdadm.conf.anacbak file in /etc."
    - Label mdadm.conf.anackbak as mdadm_conf_t file.
    - Allow dnssec-ttrigger to relabel net_conf_t files. BZ(1251765)
    - Merge branch 'f22-contrib' of github.com:fedora-selinux/selinux-policy into f22-contrib
    - Allow dnssec-trigger to exec pidof. BZ(#1256737)
    - Allow dnssec-trigger to exec pidof. BZ(#1256737)
    - Allow blueman to create own tmp files in /tmp. (#1234647)
    - Allow watchdog execute fenced python script.
    - Added inferface watchdog_unconfined_exec_read_lnk_files()
    - Allow pmweb daemon to exec shell. BZ(1256127)
    - Allow pmweb daemon to read system state. BZ(#1256128)
    - Add new audit_read access vector in capability2 class
    - Add "binder" security class and access vectors
    - Update netlink socket classes.
    - systemd-logind needs to be able to act with /usr/lib/systemd/system/poweroff.target to allow shutdown system. BZ(#1260175)
    - Allow systemd-udevd to access netlink_route_socket to change names for network interfaces without unconfined.pp module. It affects also MLS.
    - Allow unconfined_t domains to create /var/run/xtables.lock with iptables_var_run_t
    - Remove bin_t label for /usr/share/cluster/fence_scsi_check\.pl
    - Allow getty to read network state. BZ(#1255177)
    - Remove labeling for /var/db/.*\.db as etc_t to label db files as system_db_t.
    - Allow dhcpc_t domain transition to chronyd_t
file modified
+249 -108
file modified
+195 -97
file modified
+35 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.