906229 * Fri Dec 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-44

Authored and Committed by lvrabec a year ago
    * Fri Dec 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-44
    - Label /usr/share/spamassassin/sa-update.cron as spamd_update_exec_t
    - Add dac_override capability to ssad_t domains
    - Allow pesign_t domain to read gnome home configs
    - Label /usr/libexec/lm_sensors/sensord-service-wrapper as lsmd_exec_t
    - Allow rngd_t domains read kernel state
    - Allow certmonger_t domains to read bind cache
    - Allow ypbind_t domain to stream connect to sssd
    - Allow rngd_t domain to setsched
    - Allow sanlock_t domain to read/write sysfs_t files
    - Add dac_override capability to postfix_local_t domain
    - Allow ypbind_t to search sssd_var_lib_t dirs
    - Allow virt_qemu_ga_t domain to write to user_tmp_t files
    - Allow systemd_logind_t to dbus chat with virt_qemu_ga_t
    - Update sssd_manage_lib_files() interface to allow also mmap sssd_var_lib_t files
    - Add new interface sssd_signal()
    - Update xserver_filetrans_home_content() and xserver_filetrans_admin_home_content() unterfaces to allow caller domain to create .vnc dir in users homedir labeled as xdm_home_t
    - Update logging_filetrans_named_content() to allow caller domains of this interface to create /var/log/journal/remote directory labeled as var_log_t
    - Add sys_resource capability to the systemd_passwd_agent_t domain
    - Allow ipsec_t domains to read bind cache
    - kernel/files.fc: Label /run/motd as etc_t
    - Allow systemd to stream connect to userdomain processes
    - Label /var/lib/private/systemd/ as init_var_lib_t
    - Allow initrc_t domain to create new socket labeled as init_T
    - Allow audisp_remote_t domain remote logging client to read local audit events from relevant socket.
    - Add tracefs_t type to mountpoint attribute
    - Allow useradd_t and groupadd_t domains to send signals to sssd_t
    - Allow systemd_logind_t domain to remove directories labeled as tmpfs_t BZ(1648636)
    - Allow useradd_t and groupadd_t domains to access sssd files because of the new feature in shadow-utils
    
        
  • Build completed
    success
    Built as selinux-policy-3.14.2-44.fc29
    a year ago
file modified
+2 -0
file modified
+33 -3
file modified
+3 -3