- Dontaudit openshift domains trying to use rawip_sockets, th
- Allow git_system_t to read git_user_content if the git_syst
- Add lsmd_plugin_t for lsm plugins
- Allow dovecot-deliver to search mountpoints
- Add labeling for /etc/mdadm.conf
- Allow opelmi admin providers to dbus chat with init_t
- Allow sblim domain to read /dev/urandom and /dev/random
- Allow apmd to request the kernel load modules
- Add glusterd_brick_t type
- label mate-keyring-daemon with gkeyringd_exec_t
- Add plymouthd_create_log()
- Dontaudit leaks from openshift domains into mail domains, n
- Allow sssd to request the kernel loads modules
- Allow gpg_agent to use ssh-add
- Allow gpg_agent to use ssh-add
- Dontaudit access check on /root for myslqd_safe_t
- Allow ctdb to getattr on al filesystems
- Allow abrt to stream connect to syslog
- Allow dnsmasq to list dnsmasq.d directory
- Watchdog opens the raw socket
- Allow watchdog to read network state info
- Dontaudit access check on lvm lock dir
- Allow sosreport to send signull to setroubleshootd
- Add setroubleshoot_signull() interface
- Fix ldap_read_certs() interface
- Allow sosreport all signal perms
- Allow sosreport to run systemctl
- Allow sosreport to dbus chat with rpm
- Add glusterd_brick_t files type
- Allow zabbix_agentd to read all domain state
- Clean up rtas.if
- Allow smoltclient to execute ldconfig
- Allow sosreport to request the kernel to load a module
- Fix userdom_confined_admin_template()
- Add back exec_content boolean for secadm, logadm, auditadm
- Fix files_filetrans_system_db_named_files() interface
- Allow sulogin to getattr on /proc/kcore
- Add filename transition also for servicelog.db-journal
- Add files_dontaudit_access_check_root()
- Add lvm_dontaudit_access_check_lock() interface
mgrepl
10 years ago