rpms / selinux-policy

Clone
Source Code
GIT

65bda98 - Add lvm_stream_connect() interface.

Authored and Committed by mgrepl 8 years ago
raw patch tree parent
3 files changed. 555 lines added. 341 lines removed.
policy-f22-base.patch
file modified
+244 -197
policy-f22-contrib.patch
file modified
+264 -143
selinux-policy.spec
file modified
+47 -1 
    - Add lvm_stream_connect() interface.
    - Add support for /usr/sbin/lvmpolld.BZ(1220817)
    - Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.BZ(1218137)
    - Allow login_pgm domains to access kernel keyring for nsswitch domains.
    - Add labeling for systemd-time*.service unit files and allow systemd-timedated to access these unit files.
    - This change will remove entrypoint from filesystems, should be back ported to all RHEL/Fedora systems
    - Only allow semanage_t to be able to setenforce 0, no all domains that use selinux_semanage interface
    - Allow debugfs associate to a sysfs filesystem.
    - vport is mislabeled on arm, need to be less specific
    - Add relabel_user_home_dirs for use by docker_t
    - Allow net_admin cap for dnssec-trigger to make wifi reconnect working.
    - Add support for /var/lib/ipsilon dir and label it as httpd_var_lib_t. BZ(1186046)
    - Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
    - Add glusterd_filetrans_named_pid() interface.
    - Allow antivirus_t to read system state info.BZ(1217616)
    - Dontaudit use console for chrome-sandbox. BZ(1216087)
    - Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot. BZ(1215359)
    - Clamd needs to have fsetid capability. BZ(1215308)
    - Allow cinder-backup to dbus chat with systemd-logind. BZ(1207098)
    - Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
    - Allow gssd to access kernel keyring for login_pgm domains.
    - Add more fixes related to timemaster+ntp+ptp4l.
    - Allow docker sandbox domains to search all mountpoiunts
    - update winbind_t rules to allow IPC for winbind. BZ(1210663)
    - Allow dhcpd kill capability.
    - Add support for new fence agent fence_mpath which is executed by fence_node.
    - Remove dac_override capability for setroubleshoot. We now have it running as setroubleshoot user.
    - Allow redis to create /var/run/redis/redis.sock.
    - Allow fence_mpathpersist to run mpathpersist which requires sys_admin capability.
    - Allow timemaster send a signal to ntpd.
    - Add rules for netlink_socket in iotop.
    - Allow iotop netlink socket.
    - Allow sys_ptrace cap for sblim-gatherd caused by ps.
    - Add support for /usr/libexec/mongodb-scl-helper RHSCL helper script.
    - Allow passenger to accept connection.
    - Update virt_read_pid_files() interface to allow read also symlinks with virt_var_run_t type.
    - Fix labeling for /usr/libexec/mysqld_safe-scl-helper.
    - Add support for mysqld_safe-scl-helper which is needed for RHSCL daemons.
    - Label /usr/bin/yum-deprecated as rpm_exec_t. (#1218650)
    - Don't use deprecated userdom_manage_tmpfs_role() interface calliing and use userdom_manage_tmp_role() instead.
    - Add support for iprdbg logging files in /var/log.
    - Add support for mongod/mongos systemd unit files.
    - Allow inet_gethost called by couchdb to access /proc/net/unix. BZ(1207538)
    - Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so (#1207410)
file modified
+244 -197
file modified
+264 -143
file modified
+47 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.