522998 * Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-46

Authored and Committed by lvrabec 10 months ago
    * Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-46
    - Allow sensord_t to execute own binary files
    - Allow pcp_pmlogger_t domain to getattr all filesystem BZ(1662432)
    - Allow virtd_lxc_t domains use BPF BZ(1662613)
    - Allow openvpn_t domain to read systemd state BZ(1661065)
    - Dontaudit ptrace all domains for blueman_t BZ(1653671)
    - Change label of /usr/libexec/lm_sensors/sensord-service-wrapper from lsmd_exec_t to sensord_exec_t BZ(1662922)
    - Allow hddtemp_t domain to read nvme block devices BZ(1663579)
    - Add dac_override capability to spamd_t domain BZ(1645667)
    - Allow pcp_pmlogger_t to mount tracefs_t filesystem BZ(1662983)
    - Allow pcp_pmlogger_t domain to read al sysctls BZ(1662441)
    - Allow saslauthd_t domain to mmap own pid files BZ(1653024)
    - Add dac_override capability for snapperd_t domain BZ(1619356)
    - Allow staff_t domain to read read_binfmt_misc filesystem
    - Add interface fs_read_binfmt_misc()
    - Allow init_t domain to mmap init_var_lib_t files and dontaudit leaked fd. BZ(1651008)
    - Make workin: systemd-run --system --pty bash BZ(1647162)
    - Allow ipsec_t domain dbus chat with systemd_resolved_t BZ(1662443)
    - Label /usr/lib/systemd/user as systemd_unit_file_t BZ(1652814)
    - Add rules to allow systemd to mounton systemd_timedated_var_lib_t.
  • Build completed
    Built as selinux-policy-3.14.2-46.fc29
    10 months ago
file modified
+2 -0
file modified
+24 -3
file modified
+3 -3