936415 * Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-20

Authored and Committed by lvrabec 2 years ago
    * Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-20
    - Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files
    - Allow mailman_mail_t domain to search for apache configs
    - Allow mailman_cgi_t domain to ioctl an httpd with a unix domain stream sockets.
    - Improve procmail_domtrans() to allow mmaping procmail_exec_t
    - Allow ptrace arbitrary processes
    - Allow jabberd_router_t domain read kerberos keytabs BZ(1573945)
    - Allow certmonger to geattr of filesystems BZ(1578755)
    - Update dev_map_xserver_misc interface to allo mmaping char devices instead of files
    - Allow noatsecure permission for all domain transitions from systemd.
    - Allow systemd to read tangd db files
    - Fix typo in ssh.if file
    - Allow xdm_t domain to mmap xserver_misc_device_t files
    - Allow xdm_t domain to execute systemd-coredump binary
    - Add bridge_socket, dccp_socket, ib_socket and mpls_socket to socket_class_set
    - Improve modutils_domtrans_insmod() interface to mmap insmod_exec_t binaries
    - Improve iptables_domtrans() interface to allow mmaping iptables_exec_t binary
    - Improve auth_domtrans_login_programinterface to allow also mmap login_exec_t binaries
    - Improve auth_domtrans_chk_passwd() interface to allow also mmaping chkpwd_exec_t binaries.
    - Allow mmap dhcpc_exec_t binaries in sysnet_domtrans_dhcpc interface
    - Improve running xorg with proper SELinux domain even if systemd security feature NoNewPrivileges is used
file modified
+2 -0
file modified
+26 -3
file modified
+3 -3