rpms / selinux-policy

Clone
Source Code
GIT

9d98026 * Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-25

Authored and Committed by lvrabec 5 years ago
raw patch tree parent
3 files changed. 57 lines added. 6 lines removed.
.gitignore
file modified
+2 -0
selinux-policy.spec
file modified
+52 -3
sources
file modified
+3 -3 
    * Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-25
    - Add dac_override capability to remote_login_t domain
    - Allow chrome_sandbox_t to mmap tmp files
    - Update ulogd SELinux security policy
    - Allow rhsmcertd_t domain send signull to apache processes
    - Allow systemd socket activation for modemmanager
    - Allow geoclue to dbus chat with systemd
    - Fix file contexts on conntrackd policy
    - Temporary fix for varnish and apache adding capability for DAC_OVERRIDE
    - Allow lsmd_plugin_t domain to getattr lsm_t unix stream sockets
    - Add label for  /usr/sbin/pacemaker-remoted to have cluster_exec_t
    - Allow nscd_t domain to be system dbusd client
    - Allow abrt_t domain to read sysctl
    - Add dac_read_search capability for tangd
    - Allow systemd socket activation for rshd domain
    - Add label for /usr/libexec/cyrus-imapd/master as cyrus_exec_t to have proper SELinux domain transition from init_t to cyrus_t
    - Allow kdump_t domain to map /boot files
    - Allow conntrackd_t domain to send msgs to syslog
    - Label /usr/sbin/nhrpd and /usr/sbin/pimd binaries as zebra_exec_t
    - Allow swnserve_t domain to stream connect to sasl domain
    - Allow smbcontrol_t to create dirs with samba_var_t label
    - Remove execstack,execmem and execheap from domains setroubleshootd_t, locate_t and podsleuth_t to increase security. BZ(1579760)
    - Allow tangd to read public sssd files BZ(1509054)
    - Allow geoclue start with nnp systemd security feature with proper SELinux Domain transition BZ(1575212)
    - Allow ctdb_t domain modify ctdb_exec_t files
    - Allow firewalld_t domain to create netlink_netfilter sockets
    - Allow radiusd_t domain to read network sysctls
    - Allow pegasus_t domain to mount tracefs_t filesystem
    - Allow psad_t domain to read all domains state
    - Allow tomcat_t domain to connect to mongod_t tcp port
    - Allow dovecot and postfix to connect to systemd stream sockets
    - Make nmbd_t domain dbus system client BZ(1569856)
    - Merge pull request #55 from SISheogorath/fix/tlp-policy
    - Merge pull request #54 from tmzullinger/rawhide
    - Allow also listing system_dbusd_var_run_t dirs in dbusd_read_pid_files macro BZ(1566168)
    - Allow gssproxy_t domain to read gssd_t state BZ(1572945)
    - Allow create systemd to mount pid files
    - Add files_map_boot_files() interface
    - Remove execstack,execmem and execheap from domain fsadm_t to increase security. BZ(1579760)
    - Fix typo xserver SELinux module
    - Allow systemd to mmap files with var_log_t label
    - Allow x_userdomains read/write to xserver session
    - Allow users staff and sysadm to run wireshark on own domain
    - Fix typos s/xserver/xdm/ for allow creating xserver misc devices
    - Allow systemd-bootchart to create own tmpfs files
    - Merge pull request #213 from tmzullinger/rawhide
    - Allow xdm_t domain to install Nouveau drivers BZ(1570996)
    - Allow unconfined_domain_type to create libs filetrans named content BZ(1513806)
file modified
+2 -0
file modified
+52 -3
file modified
+3 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.