7a2febf - Dontaudit openshift domains trying to use rawip_sockets, th

Authored and Committed by mgrepl 7 years ago
    - Dontaudit openshift domains trying to use rawip_sockets, th
    - Allow git_system_t to read git_user_content if the git_syst
    - Add lsmd_plugin_t for lsm plugins
    - Allow dovecot-deliver to search mountpoints
    - Add labeling for /etc/mdadm.conf
    - Allow opelmi admin providers to dbus chat with init_t
    - Allow sblim domain to read /dev/urandom and /dev/random
    - Allow apmd to request the kernel load modules
    - Add glusterd_brick_t type
    - label mate-keyring-daemon with gkeyringd_exec_t
    - Add plymouthd_create_log()
    - Dontaudit leaks from openshift domains into mail domains, n
    - Allow sssd to request the kernel loads modules
    - Allow gpg_agent to use ssh-add
    - Allow gpg_agent to use ssh-add
    - Dontaudit access check on /root for myslqd_safe_t
    - Allow ctdb to getattr on al filesystems
    - Allow abrt to stream connect to syslog
    - Allow dnsmasq to list dnsmasq.d directory
    - Watchdog opens the raw socket
    - Allow watchdog to read network state info
    - Dontaudit access check on lvm lock dir
    - Allow sosreport to send signull to setroubleshootd
    - Add setroubleshoot_signull() interface
    - Fix ldap_read_certs() interface
    - Allow sosreport all signal perms
    - Allow sosreport to run systemctl
    - Allow sosreport to dbus chat with rpm
    - Add glusterd_brick_t files type
    - Allow zabbix_agentd to read all domain state
    - Clean up rtas.if
    - Allow smoltclient to execute ldconfig
    - Allow sosreport to request the kernel to load a module
    - Fix userdom_confined_admin_template()
    - Add back exec_content boolean for secadm, logadm, auditadm
    - Fix files_filetrans_system_db_named_files() interface
    - Allow sulogin to getattr on /proc/kcore
    - Add filename transition also for servicelog.db-journal
    - Add files_dontaudit_access_check_root()
    - Add lvm_dontaudit_access_check_lock() interface
file modified
+178 -163
file modified
+625 -206
file modified
+43 -1