844794 * Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-17

Authored and Committed by lvrabec 2 years ago
    * Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-17
    - Add dac_override capability to remote_login_t domain
    - Allow chrome_sandbox_t to mmap tmp files
    - Update ulogd SELinux security policy
    - Allow rhsmcertd_t domain send signull to apache processes
    - Allow systemd socket activation for modemmanager
    - Allow geoclue to dbus chat with systemd
    - Fix file contexts on conntrackd policy
    - Temporary fix for varnish and apache adding capability for DAC_OVERRIDE
    - Allow lsmd_plugin_t domain to getattr lsm_t unix stream sockets
    - Add label for  /usr/sbin/pacemaker-remoted to have cluster_exec_t
    - Allow nscd_t domain to be system dbusd client
    - Allow abrt_t domain to read sysctl
    - Add dac_read_search capability for tangd
    - Allow systemd socket activation for rshd domain
    - Add label for /usr/libexec/cyrus-imapd/master as cyrus_exec_t to have proper SELinux domain transition from init_t to cyrus_t
    - Allow kdump_t domain to map /boot files
    - Allow conntrackd_t domain to send msgs to syslog
    - Label /usr/sbin/nhrpd and /usr/sbin/pimd binaries as zebra_exec_t
    - Allow swnserve_t domain to stream connect to sasl domain
    - Allow smbcontrol_t to create dirs with samba_var_t label
    - Remove execstack,execmem and execheap from domains setroubleshootd_t, locate_t and podsleuth_t to increase security. BZ(1579760)
    - Allow tangd to read public sssd files BZ(1509054)
    - Allow geoclue start with nnp systemd security feature with proper SELinux Domain transition BZ(1575212)
    - Allow ctdb_t domain modify ctdb_exec_t files
    - Allow firewalld_t domain to create netlink_netfilter sockets
    - Allow radiusd_t domain to read network sysctls
    - Allow pegasus_t domain to mount tracefs_t filesystem
    - Allow create systemd to mount pid files
    - Add files_map_boot_files() interface
    - Remove execstack,execmem and execheap from domain fsadm_t to increase security. BZ(1579760)
    - Fix typo xserver SELinux module
    - Allow systemd to mmap files with var_log_t label
    - Allow x_userdomains read/write to xserver session
file modified
+2 -0
file modified
+38 -3
file modified
+3 -3